BRW-polynomial function is suggested as a preferred alternative of polynomial function, owing to its high efficiency and seemingly non-existent weak keys. In this paper we investigate the weak-key issue of BRW-polynomial function as well as BRW-instantiated cryptographic schemes. Though, in BRW-polynomial evaluation, the relationship between coefficients and input blocks is indistinct, we give out a recursive algorithm to compute another (2v+1 1) -block message, for any given (2v+1 1) -block message, such that their output-differential through BRW-polynomial evaluation, equals any given s-degree polynomial, where v≥ ⌊ log 2(s+ 1) ⌋. With such algorithm, we illustrate that any non-empty key subset is a weak-key class in BRW-polynomial function. Moreover any key subset of BRW-polynomial function, consisting of at least 2 keys, is a weak-key class in BRW-instantiated cryptographic schemes like the Wegman-Carter scheme, the UHF-then-PRF scheme, DCT, etc. Especially in the AE scheme DCT, its confidentiality, as well as its integrity, collapses totally, when using weak keys of BRW-polynomial function, which are ubiquitous.
CITATION STYLE
Zheng, K., Wang, P., & Ye, D. (2018). Ubiquitous weak-key classes of BRW-polynomial function. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10831 LNCS, pp. 33–50). Springer Verlag. https://doi.org/10.1007/978-3-319-89339-6_3
Mendeley helps you to discover research relevant for your work.