Analyzing Multi-key Security Degradation. / Luykx, Atul; Mennink, Bart; Paterson, Kenneth G.

Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings. Vol. 10625 LNCS Springer-Verlag, 2017. p. 575-605 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10625 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Analyzing Multi-key Security Degradation. / Luykx, Atul; Mennink, Bart; Paterson, Kenneth G.

Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings. Vol. 10625 LNCS Springer-Verlag, 2017. p. 575-605 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10625 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Luykx, A, Mennink, B & Paterson, KG 2017, Analyzing Multi-key Security Degradation. in Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings. vol. 10625 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10625 LNCS, Springer-Verlag, pp. 575-605, 23rd Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2017, Hong Kong, Hong Kong, 3/12/17. https://doi.org/10.1007/978-3-319-70697-9_20

APA

Luykx, A., Mennink, B., & Paterson, K. G. (2017). Analyzing Multi-key Security Degradation. In Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings (Vol. 10625 LNCS, pp. 575-605). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10625 LNCS). Springer-Verlag. https://doi.org/10.1007/978-3-319-70697-9_20

Vancouver

Luykx A, Mennink B, Paterson KG. Analyzing Multi-key Security Degradation. In Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings. Vol. 10625 LNCS. Springer-Verlag. 2017. p. 575-605. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-70697-9_20

Author

Luykx, Atul ; Mennink, Bart ; Paterson, Kenneth G. / Analyzing Multi-key Security Degradation. Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings. Vol. 10625 LNCS Springer-Verlag, 2017. pp. 575-605 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

BibTeX

@inproceedings{00d08122ada8439f885653abd902fa90,
title = "Analyzing Multi-key Security Degradation",
abstract = "The multi-key, or multi-user, setting challenges cryptographic algorithms to maintain high levels of security when used with many different keys, by many different users. Its significance lies in the fact that in the real world, cryptography is rarely used with a single key in isolation. A folklore result, proved by Bellare, Boldyreva, and Micali for public-key encryption in EUROCRYPT 2000, states that the success probability in attacking any one of many independently keyed algorithms can be bounded by the success probability of attacking a single instance of the algorithm, multiplied by the number of keys present. Although sufficient for settings in which not many keys are used, once cryptographic algorithms are used on an internet-wide scale, as is the case with TLS, the effect of multiplying by the number of keys can drastically erode security claims. We establish a sufficient condition on cryptographic schemes and security games under which multi-key degradation is avoided. As illustrative examples, we discuss how AES and GCM behave in the multi-key setting, and prove that GCM, as a mode, does not have multi-key degradation. Our analysis allows limits on the amount of data that can be processed per key by GCM to be significantly increased. This leads directly to improved security for GCM as deployed in TLS on the Internet today.",
keywords = "AES, GCM, Multi-key, Multi-oracle, Multi-user, TLS, Weak keys",
author = "Atul Luykx and Bart Mennink and Paterson, {Kenneth G.}",
year = "2017",
doi = "10.1007/978-3-319-70697-9_20",
language = "English",
isbn = "978-3-319-70696-2",
volume = "10625 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer-Verlag",
pages = "575--605",
booktitle = "Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings",
note = "23rd Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2017 ; Conference date: 03-12-2017 Through 07-12-2017",

}

RIS

TY - GEN

T1 - Analyzing Multi-key Security Degradation

AU - Luykx, Atul

AU - Mennink, Bart

AU - Paterson, Kenneth G.

PY - 2017

Y1 - 2017

N2 - The multi-key, or multi-user, setting challenges cryptographic algorithms to maintain high levels of security when used with many different keys, by many different users. Its significance lies in the fact that in the real world, cryptography is rarely used with a single key in isolation. A folklore result, proved by Bellare, Boldyreva, and Micali for public-key encryption in EUROCRYPT 2000, states that the success probability in attacking any one of many independently keyed algorithms can be bounded by the success probability of attacking a single instance of the algorithm, multiplied by the number of keys present. Although sufficient for settings in which not many keys are used, once cryptographic algorithms are used on an internet-wide scale, as is the case with TLS, the effect of multiplying by the number of keys can drastically erode security claims. We establish a sufficient condition on cryptographic schemes and security games under which multi-key degradation is avoided. As illustrative examples, we discuss how AES and GCM behave in the multi-key setting, and prove that GCM, as a mode, does not have multi-key degradation. Our analysis allows limits on the amount of data that can be processed per key by GCM to be significantly increased. This leads directly to improved security for GCM as deployed in TLS on the Internet today.

AB - The multi-key, or multi-user, setting challenges cryptographic algorithms to maintain high levels of security when used with many different keys, by many different users. Its significance lies in the fact that in the real world, cryptography is rarely used with a single key in isolation. A folklore result, proved by Bellare, Boldyreva, and Micali for public-key encryption in EUROCRYPT 2000, states that the success probability in attacking any one of many independently keyed algorithms can be bounded by the success probability of attacking a single instance of the algorithm, multiplied by the number of keys present. Although sufficient for settings in which not many keys are used, once cryptographic algorithms are used on an internet-wide scale, as is the case with TLS, the effect of multiplying by the number of keys can drastically erode security claims. We establish a sufficient condition on cryptographic schemes and security games under which multi-key degradation is avoided. As illustrative examples, we discuss how AES and GCM behave in the multi-key setting, and prove that GCM, as a mode, does not have multi-key degradation. Our analysis allows limits on the amount of data that can be processed per key by GCM to be significantly increased. This leads directly to improved security for GCM as deployed in TLS on the Internet today.

KW - AES

KW - GCM

KW - Multi-key

KW - Multi-oracle

KW - Multi-user

KW - TLS

KW - Weak keys

UR - https://eprint.iacr.org/2017/435

U2 - 10.1007/978-3-319-70697-9_20

DO - 10.1007/978-3-319-70697-9_20

M3 - Conference contribution

AN - SCOPUS:85037848552

SN - 978-3-319-70696-2

VL - 10625 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 575

EP - 605

BT - Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings

PB - Springer-Verlag

T2 - 23rd Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2017

Y2 - 3 December 2017 through 7 December 2017

ER -