On security of keyed cryptographic algorithms based on the Streebog hash function against related­-key attacks

V. A. Kiryukhin

On security of keyed cryptographic algorithms based on the Streebog hash function against related-key attacks

V. A. Kiryukhin

Abstract

The keyless hash function Streebog is a core of several keyed cryptographic algorithms that are used as pseudorandom functions (PRF) and message authentication codes (MAC). One example is Streebog-K proposed at CTCrypt 2022. The proof of its security is based on the reduction to the properties of the underlying compression function. The latter must be secure against relatedkey attacks (PRF-RKA) when keying through any of the two inputs. We prove that in both cases the compression function requirement cannot be mitigated from PRF-RKA to PRF. In addition, if both of these requirements are met, then StreebogK itself is not only secure PRF, but also resistant to relatedkey attacks (PRF-RKA). Similar results are presented for the standardized HMAC-Streebog cryptographic algorithm

Full Text:

PDF (Russian)

References

GOST R 34.112012 – National standard of the Russian Federation – Information technology – Cryptographic data security – Hash function, Moscow: Standartinform, 2012.

R. Merkle, «One way wash functions and DES», in CRYPTO 1989, ser. Lect. Notes Comput. Sci. Vol. 435, 1990, pp. 428–446.

I. Damgård, «A design principle for hash functions», in CRYPTO 1989, ser. Lect. Notes Comput. Sci. Vol. 435, 1990, pp. 416–427.

V. A. Kiryukhin, «Keyed Streebog is a secure PRF and MAC», Mat. vopr. kriptogr. [Mathematical Issues of Cryptography], vol. 14, no. 2, pp. 77–96, 2023.

J. Guo, J. Jean, G. Leurent, T. Peyrin, and L. Wang, «The usage of counter revisited: secondpreimage attack on new Russian standardized hash function», in SAC 2014, ser. Lect. Notes Comput. Sci. Vol. 8781, 2014, pp. 195–211.

R 50.1.1132016 Informacionnaya tekhnologiya. Kriptograficheskaya zashchita informacii. Kriptograficheskie algoritmy, soputstvuyushchie primeneniyu algoritmov elektronnoj cifrovoj podpisi i funkcii heshirovaniya [R 50.1.1132016 – Information technology – Cryptographic data security – Cryptographic algorithms accompanying the use of electronic digital signature algorithms and hash functions], Moscow: Standartinform, 2016.

M. Bellare, R. Canetti, and H. Krawczyk, «Keying Hash Functions for Message Authentication», in Crypto’96, ser. Lect. Notes Comput. Sci. Vol. 1109, 1996, pp. 1–15.

N. Koblitz and A. Menezes, «Another look at HMAC», J. Math. Cryptol., vol. 7:3, pp. 225–251, 2013.

M. Bellare, «New proofs for NMAC and HMAC: security without collisionresistance», in CRYPTO 2006, ser. Lect. Notes Comput. Sci. Vol. 4117, April 2014, pp. 602–619.

P. Gaži, K. Pietrzak, and M. Rybár, «The Exact PRFSecurity of NMAC and HMAC», in CRYPTO 2014, ser. Lect. Notes Comput. Sci. Vol. 8616, August 2014, pp. 113–130.

M. Nandi, «A New and Improved Reduction Proof of Cascade PRF», Cryptology ePrint Archive: Report 2021/097, 2021.

E. Alekseev, I. Oshkin, V. Popov, and S. Smyshlyaev, «On the cryptographic properties of algorithms accompanying the applications of standards GOST R 34.11 2012 and GOST R 34.102012», Mat. vopr. kriptogr. [Mathematical Issues of Cryptography], vol. 7, no. 1, pp. 5–38, 2016.

V. A. Kiryukhin, «About “kbit security” of MACs based on hash function Streebog», Cryptology ePrint Archive, Paper 2023/1305, 2023.

M. Bellare and P. Rogaway, Introduction to Modern Cryptography. 2005.

Refbacks

There are currently no refbacks.

Abava Кибербезопасность MoNeTec 2024

ISSN: 2307-8162

International Journal of Open Information Technologies