Geodesic
On the security aspects of protocol CRISP
Matematičeskie voprosy kriptografii, Tome 15 (2024) no. 1, pp. 57-81 Cet article a éte moissonné depuis la source Math-Net.Ru

Voir la notice de l'article

Using the provable security approach, we analyze CRISP – a standardized Russian cryptographic protocol that aims to ensure confidentiality, integrity of transmitted messages, as well as protection against replay attacks. The main features of the protocol are non-interactivity, multicasting, and dynamic selection of a cipher suite. The protocol is considered as a specific mode of authenticated encryption with associated data (AEAD). We take into account that one key can be used by many protocol's participants and in different cipher suites. We impose requirements for the set of the cipher suites used in the protocol and show that the existing ones meet them. The security of the protocol is reduced to the PRF-security of KDF and to the security of AEAD-algorithms in all cipher suites. For the protocol with existing cipher suites, only the PRP-security of the «Magma» cipher is required. We obtain heuristic estimates for this computational problem using existing attacks on «Magma». Estimates of the maximum allowable amount of data processed using a single key are also given for existing cipher suites. 
@article{MVK_2024_15_1_a3,
     author = {V. A. Kiryukhin},
     title = {On the security aspects of protocol {CRISP}},
     journal = {Matemati\v{c}eskie voprosy kriptografii},
     pages = {57--81},
     year = {2024},
     volume = {15},
     number = {1},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/MVK_2024_15_1_a3/}
}
TY  - JOUR
AU  - V. A. Kiryukhin
TI  - On the security aspects of protocol CRISP
JO  - Matematičeskie voprosy kriptografii
PY  - 2024
SP  - 57
EP  - 81
VL  - 15
IS  - 1
UR  - http://geodesic.mathdoc.fr/item/MVK_2024_15_1_a3/
LA  - ru
ID  - MVK_2024_15_1_a3
ER  - 
%0 Journal Article
%A V. A. Kiryukhin
%T On the security aspects of protocol CRISP
%J Matematičeskie voprosy kriptografii
%D 2024
%P 57-81
%V 15
%N 1
%U http://geodesic.mathdoc.fr/item/MVK_2024_15_1_a3/
%G ru
%F MVK_2024_15_1_a3
V. A. Kiryukhin. On the security aspects of protocol CRISP. Matematičeskie voprosy kriptografii, Tome 15 (2024) no. 1, pp. 57-81. http://geodesic.mathdoc.fr/item/MVK_2024_15_1_a3/

[1] GOST R 34.12-2015. Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Blochnye shifry, Standartinform, M., 2015

[2] GOST R 34.13-2015. Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Rezhimy raboty blochnykh shifrov, Standartinform, M., 2015

[3] R 1323565.1.005-2017. Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Dopustimye ob'emy materiala dlya obrabotki na odnom klyuche pri ispolzovanii nekotorykh variantov rezhimov raboty blochnykh shifrov v sootvetstvii s GOST R 34.13-2015, Standartinform, M., 2017

[4] R 1323565.1.029-2019. Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Protokol zaschischennogo obmena dlya industrialnykh sistem, Standartinform, M., 2020

[5] GOST R. Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Protokol zaschischennogo obmena dlya industrialnykh sistem, Rossiiskii institut standartizatsii, M., 2024

[6] Izmenenie No 1 GOST 34.13-2018. Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Rezhimy raboty blochnykh shifrov, FGBU «RST», M., 2023

[7] Wegman M., Carter L., “New hash functions and their use in authentication and set equality”, J. Comput. System Sci., 22 (1981), 265–279 | DOI | MR | Zbl

[8] Black J., Halevi S., Krawczyk H., Krovetz T., Rogaway P., “UMAC: fast and secure message authentication”, CRYPTO '99, Lect. Notes Comput. Sci., 1666, 1999, 216–233 | DOI | MR | Zbl

[9] Bellare M., Rogaway P., Introduction to Modern Cryptography, Univ. of California at Davis, Davis, 2005

[10] Rogaway P., CRYPTREC 2011, Unpublished manuscript

[11] McGrew D. A., Viega J., “The security and performance of the Galois/Counter Mode (GCM) of operation”, INDOCRYPT 2004, Lect. Notes Comput. Sci., 3348, 2004, 343–355 | DOI | MR | Zbl

[12] Armando A. et al., “The AVISPA tool for the automated validation of internet security protocols and applications”, CAV 2005, Lect. Notes Comput. Sci., 3576, 2005, 281–285 | DOI | Zbl

[13] Canetti R., Krawczyk H., “Analysis of key-exchange protocols and their use for building secure channels”, EUROCRYPT 2001, Lect. Notes Comput. Sci., 2045, 2001, 453–474 | DOI | MR | Zbl

[14] LaMacchia B., Lauter K., Mityagin A., “Stronger security of authenticated key exchange”, ProvSec 2007, Lect. Notes Comput. Sci., 4784, 2007, 1–16 | DOI | Zbl

[15] Krawczyk H., “The order of encryption and authentication for protecting communications (or: how secure is SSL?)”, CRYPTO 2001, Lect. Notes Comput. Sci., 2139, 2001, 310–331 | DOI | MR | Zbl

[16] Canvel B., Hiltgen A., Vaudenay S., Vuagnoux M., “Password interception in a SSL/TLS channel”, CRYPTO 2003, Lect. Notes Comput. Sci., 2729, 2003, 583–599 | DOI | MR | Zbl

[17] Chang D., Nandi M., A short proof of the PRP/PRF Switching Lemma, Cryptology ePrint Archive, Report 2008/078, 2008 | MR

[18] Iwata T., Kurosawa K., “OMAC: one-key CBC MAC”, FSE 2003, Lect. Notes Comput. Sci., 2887, 2003, 129–153 | DOI | MR | Zbl

[19] Iwata T., Kurosawa K., “Stronger security bounds for OMAC, TMAC and XCBC”, INDOCRYPT 2003, Lect. Notes Comput. Sci., 2904, 2003, 402–415 | DOI | MR | Zbl

[20] Nandi M., “Improved security analysis for OMAC as a pseudorandom function”, J. Math. Cryptology, 3:2 (2009), 133–148 | DOI | MR | Zbl

[21] Chattopadhyay S., Jha A., Nandi M., “Towards tight security bounds for OMAC, XCBC and TMAC”, ASIACRYPT 2022, Lect. Notes Comput. Sci., 13791, 2022 | MR

[22] Shrimpron T., A characterization of authenticated-encryption as a form of chosen-ciphertext security, Cryptology ePrint Archive, Report 2004/272, 2004

[23] Kohno T., Palacio A., Black J., Building secure cryptographic transforms, or how to encrypt and MAC, Cryptology ePrint Archive, Report 2003/177, 2003

[24] Bellare M., Kohno T., Namprempre C., “Breaking and provably repairing the SSH authenticated encryption scheme: a case study of the encode-then-encrypt-and-MAC paradigm”, ACM Trans. Inf. Syst. Security, 7:2 (2004), 206–241 | DOI | Zbl

[25] Boyd C., Hale B., Mjølsnes S. F., Stebila D., “From stateless to stateful: generic authentication and authenticated encryption constructions with application to TLS”, Cryptographers Track at the RSA Conference 2016, Lect. Notes Comput. Sci., 9610, 2016, 55–71 | DOI | MR | Zbl

[26] Rogaway P., Zhang Y., “Simplifying game-based definitions indistinguishability up to correctness and its application to stateful AE”, CRYPTO 2018, Lect. Notes Comput. Sci., 10992, 2018, 3–32 | DOI | MR | Zbl

[27] Biham, E., Shamir, A., “Differential cryptanalysis of DES-like cryptosystems”, J. Cryptology, 1991, 3–72 | DOI | MR | Zbl

[28] Matsui M., “Linear cryptanalysis method for DES cipher”, EUROCRYPT'93, Lect. Notes Comput. Sci., 765, 1994, 386–397 | DOI | Zbl

[29] Isobe T., “A single-key attack on the full GOST block cipher”, FSE 2011, Lect. Notes Comput. Sci., 6733, 2011, 290–305 | DOI | MR | Zbl

[30] Dinur I., Dunkelman O., Shamir A., “Improved attacks on full GOST”, FSE 2012, Lect. Notes Comput. Sci., 7549, 2012, 9–28 | DOI | Zbl

[31] Kara O., Karakoc F., “Fixed points of special type and cryptanalysis of full GOST”, CANS 2012, Lect. Notes Comput. Sci., 7712, 2012, 86–97 | DOI

[32] Dmukh A. A., Dygin D. M., Marshalko G. B., “A lightweight-friendly modification of GOST block cipher”, Matematicheskie voprosy kroptografii, 5:2 (2014), 47–55 | DOI | Zbl

[33] Kiryukhin V., On security aspects of CRISP, Cryptology ePrint Archive, Report 2023/1303, 2023