Message-Recovery Attacks on Feistel-Based Format Preserving Encryption

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2016-10-24 DOI:10.1145/2976749.2978390
M. Bellare, V. Hoang, Stefano Tessaro
{"title":"Message-Recovery Attacks on Feistel-Based Format Preserving Encryption","authors":"M. Bellare, V. Hoang, Stefano Tessaro","doi":"10.1145/2976749.2978390","DOIUrl":null,"url":null,"abstract":"We give attacks on Feistel-based format-preserving encryption (FPE) schemes that succeed in message recovery (not merely distinguishing scheme outputs from random) when the message space is small. For $4$-bit messages, the attacks fully recover the target message using $2^{21}$ examples for the FF3 NIST standard and $2^{25}$ examples for the FF1 NIST standard. The examples include only three messages per tweak, which is what makes the attacks non-trivial even though the total number of examples exceeds the size of the domain. The attacks are rigorously analyzed in a new definitional framework of message-recovery security. The attacks are easily put out of reach by increasing the number of Feistel rounds in the standards.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"224 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"30","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2976749.2978390","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 30

Abstract

We give attacks on Feistel-based format-preserving encryption (FPE) schemes that succeed in message recovery (not merely distinguishing scheme outputs from random) when the message space is small. For $4$-bit messages, the attacks fully recover the target message using $2^{21}$ examples for the FF3 NIST standard and $2^{25}$ examples for the FF1 NIST standard. The examples include only three messages per tweak, which is what makes the attacks non-trivial even though the total number of examples exceeds the size of the domain. The attacks are rigorously analyzed in a new definitional framework of message-recovery security. The attacks are easily put out of reach by increasing the number of Feistel rounds in the standards.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于feistel格式保持加密的消息恢复攻击
当消息空间很小时,我们对基于feistel的格式保持加密(FPE)方案进行了攻击,这些方案在消息恢复(不仅仅是将方案输出与随机输出区分开来)方面取得了成功。对于$4$位的消息,攻击者使用FF3 NIST标准的$2^{21}$示例和FF1 NIST标准的$2^{25}$示例完全恢复目标消息。这些示例每个调整只包含三条消息,这使得攻击变得非常重要,即使示例的总数超过了域的大小。在一个新的消息恢复安全定义框架中对这些攻击进行了严格的分析。通过增加标准中的费斯特尔弹的数量,攻击很容易被排除在外。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
自引率
0.00%
发文量
0
期刊最新文献
∑oφoς: Forward Secure Searchable Encryption Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition Message-Recovery Attacks on Feistel-Based Format Preserving Encryption iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1