International Association
for Cryptologic Research

Qin, Liu, Yuen, Deng, and Chen (PKC 2015) gave a new security notion of key-derivation function (KDF), continuous non-malleability with respect to $\\Phi$-related-key attacks ($\\Phi$-CNM), and its application to RKA-secure public-key cryptographic primitives. They constructed a KDF from cryptographic primitives and showed that the obtained KDF is $\\Phi_{hoe\\&iocr}$-CNM, where $\\Phi_{hoe\\&iocr}$ contains the identity function, the constant functions, and functions that have high output-entropy (HOE) and input-output collision-resistance (IOCR) simultaneously.

This short note disproves the security of their KDF by giving $\\Phi_{hoe\\&iocr}$-RKAs by exploiting the components of their KDF. We note that their proof is still correct for $\\Phi$-CNM for a subset of $\\Phi_{hoe\\&iocr}$; for example the KDF satisfies $\\Phi_{poly(d)}$-CNM, in which an adversary can tamper with a secret by using polynomials of degree at most $d$.