David Cash
IBM Research

Security Against Related-Key Attacks:  Definitions, Relations & Constructions

In this talk I will discuss provable security against "related key
attacks" (RKAs) which allow an adversary to adaptively modify the
secret key used by the honest parties.  This notion models physical
tampering attacks, our expectations in legacy key derivation modes,
and also rigorously captures the heuristic goals in modern blockcipher

I will first present a construction of pseurodrandom functions that
resist a strong type of RKA and then turn to the more general problem
of RKAs against other common primitives.  A closer look at what types
of RKAs are "trivial" versus "non-trivial" in the security definitions
reveals a curiously complicated relationship between the notions of
RKA security for various primitives.

Joint work with Mihir Bellare and Rachel Miller.