Best Effort and Practice Activation Codes

Activation Codes are used in many different digital services and known by many different names including voucher, e-coupon and discount code. In this paper we focus on a specific class of ACs that are short, human-readable, fixed-length and represent value. Even though this class of codes is extensively used there are no general guidelines for the design of Activation Code schemes. We discuss different methods that are used in practice and propose BEPAC, a new Activation Code scheme that provides both authenticity and confidentiality. The small message space of activation codes introduces some problems that are illustrated by an adaptive chosen-plaintext attack (CPA-2) on a general 3-round Feis- tel network of size 2^(2n) . This attack recovers the complete permutation from at most 2^(n+2) plaintext-ciphertext pairs. For this reason, BEPAC is designed in such a way that authenticity and confidentiality are in- dependent properties, i.e. loss of confidentiality does not imply loss of authenticity.Comment: 15 pages, 3 figures, TrustBus 201

Using Simon's Algorithm to Attack Symmetric-Key Cryptographic Primitives

We present new connections between quantum information and the field of classical cryptography. In particular, we provide examples where Simon's algorithm can be used to show insecurity of commonly used cryptographic symmetric-key primitives. Specifically, these examples consist of a quantum distinguisher for the 3-round Feistel network and a forgery attack on CBC-MAC which forges a tag for a chosen-prefix message querying only other messages (of the same length). We assume that an adversary has quantum-oracle access to the respective classical primitives. Similar results have been achieved recently in independent work by Kaplan et al. Our findings shed new light on the post-quantum security of cryptographic schemes and underline that classical security proofs of cryptographic constructions need to be revisited in light of quantum attackers.Comment: 14 pages, 2 figures. v3: final polished version, more formal definitions adde