Attacking the IETF/ISO Standard for Internal Re-keying CTR-ACPKM

Orr Dunkelman, Shibam Ghosh, Eran Lambooij

Research output: Contribution to journalArticlepeer-review


Encrypting too much data using the same key is a bad practice from a security perspective. Hence, it is customary to perform re-keying after a given amount of data is transmitted. While in many cases, the re-keying is done using a fresh execution of some key exchange protocol (e.g., in IKE or TLS), there are scenarios where internal re-keying, i.e., without exchange of information, is performed, mostly due to performance reasons. Originally suggested by Abdalla and Bellare, there are several proposals on how to perform this internal re-keying mechanism. For example, Liliya et al. offered the CryptoPro Key Meshing (CPKM) to be used together with GOST 28147-89 (known as the GOST block cipher). Later, ISO and the IETF adopted the Advanced CryptoPro Key Meshing (ACKPM) in ISO 10116 and RFC 8645, respectively. In this paper, we study the security of ACPKM and CPKM. We show that the internal re-keying suffers from an entropy loss in successive repetitions of the re-keying mechanism. We show some attacks based on this issue. The most prominent one has time and data complexities of O(2κ/2) and success rate of O(2−κ/4) for a κ-bit key. Furthermore, we show that a malicious block cipher designer or a faulty implemen-tation can exploit the ACPKM (or the original CPKM) mechanism to significantly hinder the security of a protocol employing ACPKM (or CPKM). Namely, we show that in such cases, the entropy of the re-keyed key can be greatly reduced.

Original languageEnglish
Pages (from-to)41-66
Number of pages26
JournalIACR Transactions on Symmetric Cryptology
Issue number1
StatePublished - 10 Mar 2023

Bibliographical note

Publisher Copyright:
© 2023, Ruhr-University of Bochum. All rights reserved.


  • Entropy Loss
  • Key Collision
  • Multi-user Attack

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Computational Mathematics
  • Applied Mathematics


Dive into the research topics of 'Attacking the IETF/ISO Standard for Internal Re-keying CTR-ACPKM'. Together they form a unique fingerprint.

Cite this