Post-quantum Security of the CBC, CFB, OFB, Modes of Operation. - - PowerPoint PPT Presentation

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation.

Mayuresh Anand, Ehsan Ebrahimi Targhi, Gelo Noel Tabia, Dominique Unruh University of Tartu February 4, 2016

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Table of contents

1

Motivation

2

Results

3

Tools

4

Proof sketch: Quantum security of CBC mode using qPRF Insecurity of CBC using standard secure PRF under quantum attack

5

Bibliography

6

Thank You

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Motivation

Being optimistic about the emergence of Quantum computer we want to evaluate the security of classical crypto-systems under attack by quantum adversaries. We analyze the security of cipher modes of operation CBC, CFB, OFB, CTR, and XTS. These modes are chosen as per the recommendations in 2013 ENISA[2]1 report on encryption algorithms.

1European Union Agency for Network and Information Security 2013.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Results

Mode of Classical Standard (quantum) IND-qCPA?

• peration

IND-CPA? IND-CPA? (with PRF) (with qPRF) ECB no no no no CBC yes yes no yes CFB yes yes no yes OFB yes yes yes yes CTR yes yes yes yes XTS unknown unknown “no in spirit” unknown

Table: Summary of our results.“No in spirit” means that there is an attack using superposition queries that does not formally violate IND-qCPA.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Standard Security [4]2

2Mark Zhandry, FOCS 2012.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Quantum Security [4] 3

3Mark Zhandry, FOCS 2012.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

IND-CPA Model

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

IND-qCPA Model[1]4

4Dan Boneh and Mark Zhandry, CRYPTO 2013.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Quantum security of CBC mode using qPRF

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Quantum security of CBC mode using qPRF

We need to show that output of CBC mode using a qPRF is indistinguishable from truly random string. Define Enci,H

CBC(M).

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Quantum security of CBC mode using qPRF

Use O2H lemma to show that the distinguishing probability by any quantum adversary is negligible.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

One way to hiding (O2H)[3]5

5Dominique Unruh, eprint 2013.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Construction of Block cipher for CBC

BC is a standard secure PRF for any quantum adversary given classical access to it and quantum access to H. BC has a collision such that ∀ x ∃ x′ : x ⊕ (k1) = x′.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Proof Idea:Standard security of BC

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Proof Idea:Standard security of BC

Idea: to replace E in BC by a random function. if we replace key H(k) of E by a random key k, we can use O2H lemma. we define adversary AO2H and block cipher BC′k

w with E

using random key.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Proof Idea:Standard security of BC

We have the games as in O2H lemma

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Proof Idea:Standard security of BC

Game G0 is replaced by G2.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Proof Idea:Standard security of BC

We now replace E by a random function ˜ E

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Proof Idea:Standard security of BC

The only difference between the two games is when same query is queried again. By fundamental lemma of games we get the probability to be negligible.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Quantum attack on CBC mode using standard secure PRF

BC has similar structure as function f and hence this weakness can be exploited to get key k.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

Dan Boneh and Mark Zhandry. Secure signatures and chosen ciphertext security in a quantum computing world. https://eprint.iacr.org/2013/088, 2013. The definition of IND-qCPA only appear in this eprint, not in the conference version. (ENISA). Algorithms, key sizes and parameters report - 2013 recommendations. https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report, October 2013. Dominique Unruh. Revocable quantum timed-release encryption. IACR Cryptology ePrint Archive, 2013:606, 2013. Mark Zhandry. How to construct quantum random functions. In 53rd Annual IEEE Symposium on Foundations of Computer Science, FOCS 2012, New Brunswick, NJ, USA, October 20-23, 2012, pages 679–687. IEEE Computer Society, 2012.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Results Tools Proof sketch: Quantum security of CBC mode using qPRF

Insecurity of CBC using standard secure PRF under quantum attack

Bibliography Thank You

THANK YOU!!!