Skip to Main content Skip to Navigation
Reports

Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers

Emmanuel Bresson 1 Anne Canteaut 2 Benoit Chevallier-Mames 1 Christophe Clavier 3 Thomas Fuhr 1 Aline Gouget 3 Thomas Icart 4 Jean-Francois Misarsky 5 Maria Naya-Plasencia 2 Pascal Paillier 3 Thomas Pornin 6 Jean-Rene Reinhard 1 Celine Thuillet 7 Marion Videau 1, 8
1 DCSSI/SDS/LTI - Laboratoire des Technologies de l'Information
2 SECRET - Security, Cryptology and Transmissions
Inria Paris-Rocquencourt
3 Gemalto [Meudon]
4 SAGEM Défense Sécurité [Massy]
5 Orange Labs [Caen]
6 Cryptolog - Cryptolog International
7 Astrium [Toulouse]
8 CACAO - Curves, Algebra, Computer Arithmetic, and so On
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Shabal is based on a new provably secure mode of operation. Some related-key distinguishers for the underlying keyed permutation have been exhibited recently by Aumasson et al. and Knudsen et al., but with no visible impact on the security of Shabal. This paper then aims at extensively studying such distinguishers for the keyed permutation used in Shabal, and at clarifying the impact that they exert on the security of the full hash function. Most interestingly, a new security proof for Shabal's mode of operation is provided where the keyed permutation is not assumed to be an ideal cipher anymore, but observes a distinguishing property i.e., an explicit relation verified by all its inputs and outputs. As a consequence of this extended proof, all known distinguishers for the keyed permutation are proven not to weaken the security of Shabal. In our study, we provide the foundation of a generalization of the indifferentiability framework to biased random primitives, this part being of independent interest.
Document type :
Reports
Complete list of metadatas
https://hal.inria.fr/hal-00771272
Contributor : Marion Videau <>
Submitted on : Tuesday, January 8, 2013 - 12:23:50 PM
Last modification on : Tuesday, December 29, 2020 - 12:02:02 PM

Identifiers

  • HAL Id : hal-00771272, version 1

Collections

CNRS | INRIA | LARA | LORIA | UNIV-LORRAINE

Citation

Emmanuel Bresson, Anne Canteaut, Benoit Chevallier-Mames, Christophe Clavier, Thomas Fuhr, et al.. Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers. [Research Report] 2009/299, IACR Cryptology ePrint Archive. 2009. ⟨hal-00771272⟩

Export

BibTeX TEI DC DCterms EndNote

Share

Metrics

Record views

546

 

Contact                    Legal Notice                    Personal Data