A Framework to evaluate security of same key used in cryptographic primitives

Abstract

The convention in cryptography is to use separate key for separate activities and is known as the key separation principle. However, use of same key pair for different cryptographic primitives has become an interesting topic among the challenging ideas emerging to the area of cryptography. Because, such usage of same key has significant advantages as it reduces storage requirements for certified keys, cost of key certification and time taken to verify certificates, and reduces the footprint of cryptographic code. Research activities that had been carried on this regards, had concentrated on combining available cryptographic schemes, with same or related keys to construct new combined schemes without compromising the levels of security that the schemes preserved when operating distinctively. Others had concentrated on developing single schemes that achieves both encryption and signature functionalities under same key, with the help of techniques such as padding. Apart from combining different cryptographic primitives, in order to determine the concept of agility, ability of combining multiple instantiations of same cryptographic primitive with same key were also been tested. Considering those innovative attempts in combining schemes with same key, in 2011, Paterson et al. have raised an open research problem, ‘under what general condition is it safe to use same key across multiple instantiations of same or different cryptographic primitives’. This research is carried out with the intension of providing a satisfactory answer to the above mentioned open research problem. After identifying and classifying the cryptographic primitives and their instantiations that has been constructed over the time, three primitives and their instantiations were selected for the research. Under Public Key cryptosystems, Encryption, Signature and Pseudorandom sequence were selected along with their well-known multiple instantiations. These instantiations were studied to understand their functionalities and to determine algorithmic weaknesses and already existing operational vulnerabilities. The research results a framework, which can be used to evaluate the security of multiple instantiations of different cryptographic primitives of user’s choice. Through an analysis of the framework components one can estimate the ii additional advantage caused by same key usage for adversary. Two test cases, for RSA and ElGamal encryption/signature combination, are presented in the thesis to validate the framework. As different real world applications may require different levels of security, one can decide that which schemes should be used with same key based on the analysis of the framework.