基于feistel格式保持加密的消息恢复攻击

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2016-10-24 DOI:10.1145/2976749.2978390

M. Bellare, V. Hoang, Stefano Tessaro

{"title":"基于feistel格式保持加密的消息恢复攻击","authors":"M. Bellare, V. Hoang, Stefano Tessaro","doi":"10.1145/2976749.2978390","DOIUrl":null,"url":null,"abstract":"We give attacks on Feistel-based format-preserving encryption (FPE) schemes that succeed in message recovery (not merely distinguishing scheme outputs from random) when the message space is small. For $4$-bit messages, the attacks fully recover the target message using $2^{21}$ examples for the FF3 NIST standard and $2^{25}$ examples for the FF1 NIST standard. The examples include only three messages per tweak, which is what makes the attacks non-trivial even though the total number of examples exceeds the size of the domain. The attacks are rigorously analyzed in a new definitional framework of message-recovery security. The attacks are easily put out of reach by increasing the number of Feistel rounds in the standards.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"224 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"30","resultStr":"{\"title\":\"Message-Recovery Attacks on Feistel-Based Format Preserving Encryption\",\"authors\":\"M. Bellare, V. Hoang, Stefano Tessaro\",\"doi\":\"10.1145/2976749.2978390\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We give attacks on Feistel-based format-preserving encryption (FPE) schemes that succeed in message recovery (not merely distinguishing scheme outputs from random) when the message space is small. For $4$-bit messages, the attacks fully recover the target message using $2^{21}$ examples for the FF3 NIST standard and $2^{25}$ examples for the FF1 NIST standard. The examples include only three messages per tweak, which is what makes the attacks non-trivial even though the total number of examples exceeds the size of the domain. The attacks are rigorously analyzed in a new definitional framework of message-recovery security. The attacks are easily put out of reach by increasing the number of Feistel rounds in the standards.\",\"PeriodicalId\":432261,\"journal\":{\"name\":\"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security\",\"volume\":\"224 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"30\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2976749.2978390\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2976749.2978390","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 30

摘要

当消息空间很小时，我们对基于feistel的格式保持加密(FPE)方案进行了攻击，这些方案在消息恢复(不仅仅是将方案输出与随机输出区分开来)方面取得了成功。对于$4$位的消息，攻击者使用FF3 NIST标准的$2^{21}$示例和FF1 NIST标准的$2^{25}$示例完全恢复目标消息。这些示例每个调整只包含三条消息，这使得攻击变得非常重要，即使示例的总数超过了域的大小。在一个新的消息恢复安全定义框架中对这些攻击进行了严格的分析。通过增加标准中的费斯特尔弹的数量，攻击很容易被排除在外。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Message-Recovery Attacks on Feistel-Based Format Preserving Encryption

We give attacks on Feistel-based format-preserving encryption (FPE) schemes that succeed in message recovery (not merely distinguishing scheme outputs from random) when the message space is small. For $4$-bit messages, the attacks fully recover the target message using $2^{21}$ examples for the FF3 NIST standard and $2^{25}$ examples for the FF1 NIST standard. The examples include only three messages per tweak, which is what makes the attacks non-trivial even though the total number of examples exceeds the size of the domain. The attacks are rigorously analyzed in a new definitional framework of message-recovery security. The attacks are easily put out of reach by increasing the number of Feistel rounds in the standards.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

自引率

0.00%

发文量

期刊最新文献

∑oφoς: Forward Secure Searchable Encryption Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition Message-Recovery Attacks on Feistel-Based Format Preserving Encryption iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR