SPEAKER: David Cash IBM Research TITLE: Security Against Related-Key Attacks: Definitions, Relations & Constructions ABSTRACT: In this talk I will discuss provable security against "related key attacks" (RKAs) which allow an adversary to adaptively modify the secret key used by the honest parties. This notion models physical tampering attacks, our expectations in legacy key derivation modes, and also rigorously captures the heuristic goals in modern blockcipher design. I will first present a construction of pseurodrandom functions that resist a strong type of RKA and then turn to the more general problem of RKAs against other common primitives. A closer look at what types of RKAs are "trivial" versus "non-trivial" in the security definitions reveals a curiously complicated relationship between the notions of RKA security for various primitives. Joint work with Mihir Bellare and Rachel Miller.