AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
The reader may have noticed that there is no distinction in the RAE security definition between the nonce N and associated data A

Robust Authenticated-Encryption AEZ and the Problem That It Solves.

ADVANCES IN CRYPTOLOGY - EUROCRYPT 2015, PT I, (2015): 15-44

Cited by: 136|Views286
EI

Abstract

With a scheme for robust authenticated-encryption a user can select an arbitrary value lambda >= 0 and then encrypt a plaintext of any length into a ciphertext that's lambda characters longer. The scheme must provide all the privacy and authenticity possible for the requested lambda. We formalize and investigate this idea, and construct a...More

Code:

Data:

Introduction
  • The authors expose the low cost and high benefit of building authenticated-encryption (AE) schemes that achieve the unprecedentedly strong goal the authors call robust AE.
  • AEZ’s efficiency—nearly that of AES-based OCB [32] or CTR mode—flies in the face of a community’s collective work [4,11,12,13,22,23,24,25,35,38,39,40,52,53,54,60] in which wide-block enciphering schemes—a special case of RAE—were always far more expensive than conventional blockciphers
  • Achieving this efficiency has entailed using a design paradigm, the prove--prune approach, with implications beyond AE.
Highlights
  • We expose the low cost and high benefit of building authenticated-encryption (AE) schemes that achieve the unprecedentedly strong goal we call robust AE ( RAE)
  • Recall that in a nonce-based AE scheme, a plaintext M is mapped to a ciphertext C = ENK,A(M ) under the control of a key K, nonce N , and associated data (AD) A
  • Online schemes are never misuse-resistant in the sense originally defined [51].4
  • We disagree with the presumption that two-pass AE schemes are routinely problematic; our work suggests that, on capable platforms, there isn’t even a performance penalty
  • The reader may have noticed that there is no distinction in the RAE security definition between the nonce N and associated data (AD) A
  • We show how to build a strong pseudorandom permutation on {0, 1}≥2n from a tweakable blockcipher on {0, 1}n
Conclusion
  • AEZ’s name is meant to simultaneously suggest AE, AES, and EZ, the last in the sense of ease of correct use.
  • Online schemes are never misuse-resistant in the sense originally defined [51].4
  • They never support automatic exploitation of novelty or verified redundancy [5] and are always vulnerable to a simple message-recovery attack [47].
  • The reader may have noticed that there is no distinction in the RAE security definition between the nonce N and associated data (AD) A
  • For this reason, either could be dropped—say the nonce—leaving them a signature EAK,λ(M ) and DAK,λ(C).
Funding
  • Hoang was supported by NSF grants CNS-0904380, CCF-0915675, CNS-1116800 and CNS-1228890; Krovetz was supported by NSF grant CNS-1314592; and Rogaway was supported by NSF grants CNS-1228828 and CNS-1314885
Reference
  • Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: How to securely release unverified plaintext in authenticated encryption. Cryptology ePrint report 2014/144, February 25, 2014
    Google ScholarFindings
  • Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Parallelizable and authenticated online ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 424–443. Springer, Heidelberg (2013)
    Google ScholarLocate open access versionFindings
  • Bellare, M., Boldyreva, A., Knudsen, L.R., Namprempre, C.: Online ciphers and the hash-CBC construction. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 292–309. Springer, Heidelberg (2001)
    Google ScholarLocate open access versionFindings
  • Bellare, M., Rogaway, P.: On the construction of variable-input-length ciphers. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 231–244. Springer, Heidelberg (1999)
    Google ScholarLocate open access versionFindings
  • Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000)
    Google ScholarLocate open access versionFindings
  • Bellare, M., Rogaway, P., Spies, T.: The FFX mode of operation for formatpreserving encryption. Draft 1.1. Submission to NIST, February 20, 2010
    Google ScholarFindings
  • Bernstein, D.: Cryptographic competitions: CAESAR call for submissions, final, January 27, 2014. http://competitions.cr.yp.to/caesar-call.html
    Findings
  • Black, J., Cochran, M.: MAC reforgeability. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 345–362. Springer, Heidelberg (2009)
    Google ScholarLocate open access versionFindings
  • Black, J.A., Rogaway, P.: Ciphers with arbitrary finite domains. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 114–130. Springer, Heidelberg (2002)
    Google ScholarLocate open access versionFindings
  • Boldyreva, A., Degabriele, J., Paterson, K., Stam, M.: On symmetric encryption with distinguishable decryption failures. Cryptology ePrint Report 2013/433 (2013)
    Google ScholarLocate open access versionFindings
  • Chakraborty, D., Nandi, M.: An improved security bound for HCTR. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 289–302. Springer, Heidelberg (2008)
    Google ScholarFindings
  • Chakraborty, D., Sarkar, P.: HCH: A new tweakable enciphering scheme using the hash-encrypt-hash approach. IEEE Transactions on Information Theory 54(4), 1683–1699 (2008)
    Google ScholarLocate open access versionFindings
  • Chakraborty, D., Sarkar, P.: A new mode of encryption providing a tweakable strong pseudo-random permutation. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 293–309. Springer, Heidelberg (2006)
    Google ScholarLocate open access versionFindings
  • Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer-Verlag, Heidelberg (2002)
    Google ScholarFindings
  • Daemen, J., Rijmen, V.: A new MAC construction ALRED and a specific instance ALPHA-MAC. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 1–17. Springer, Heidelberg (2005)
    Google ScholarLocate open access versionFindings
  • Daemen, J., Rijmen, V.: The Pelican MAC function. Cryptology ePrint report 2005/088 (2005)
    Google ScholarFindings
  • Dworkin, M.: Recommendation for block cipher modes of operation: methods for format-preserving encryption. NIST Special Publication 800–38G: Draft, July 2013
    Google ScholarFindings
  • Ferguson, N.: Authentication weaknesses in GCM. Manuscript, May 20, 2005 19. Fisher, R., Yates, F.: Statistical tables for biological, agricultural and medical research. Oliver & Boyd, London (1938)
    Google ScholarFindings
  • 20. Fleischmann, E., Forler, C., Lucks, S.: McOE: a family of almost foolproof on-line authenticated encryption schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196–215. Springer, Heidelberg (2012)
    Google ScholarLocate open access versionFindings
  • 21. Fouque, P., Joux, A., Martinet, G., Valette, F.: Authenticated on-line encryption. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 145–159. Springer, Heidelberg (2004)
    Google ScholarLocate open access versionFindings
  • 22. Halevi, S.: EME*: extending EME to handle arbitrary-length messages with associated data. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 315–327. Springer, Heidelberg (2004)
    Google ScholarLocate open access versionFindings
  • 23. Halevi, S.: Invertible universal hashing and the TET encryption mode. Cryptology ePrint report 2007/014 24. Halevi, S., Rogaway, P.: A parallelizable enciphering mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292–304.
    Google ScholarLocate open access versionFindings
  • 25. Halevi, S., Rogaway, P.: A tweakable enciphering mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482–499. Springer, Heidelberg (2003)
    Google ScholarLocate open access versionFindings
  • 26. Hoang, V.T., Krovetz, T., Rogaway, P.: AEZ v3: authenticated encryption by enciphering. CAESAR submission (2014)
    Google ScholarFindings
  • 27. Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001)
    Google ScholarLocate open access versionFindings
  • 28. Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption: AEZ and the problem that it solves. Cryptology ePrint report 2014/793, January 2015 (Full version of this paper)
    Google ScholarFindings
  • 29. IEEE. 1619.2-2010 - IEEE standard for wide-block encryption for shared storage media. IEEE press (2010)
    Google ScholarFindings
  • 30. Kaliski Jr., B.S., Rivest, R.L., Sherman, A.T.: Is DES a Pure Cipher? (Results of more cycling experiments on DES). In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 212–226. Springer, Heidelberg (1986)
    Google ScholarLocate open access versionFindings
  • 31. Keliher, L., Sui, J.: Exact maximum expected differential and linear probability for two-round Advanced Encryption Standard. IET Information Security 1(2), 53–57 (2007)
    Google ScholarLocate open access versionFindings
  • 32. Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011)
    Google ScholarLocate open access versionFindings
  • 33. Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010)
    Google ScholarLocate open access versionFindings
  • 34. Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)
    Google ScholarLocate open access versionFindings
  • 35. McGrew, D.A., Fluhrer, S.R.: The security of the extended codebook (XCB) mode of operation. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 311–327. Springer, Heidelberg (2007)
    Google ScholarLocate open access versionFindings
  • 36. Minematsu, K.: Parallelizable rate-1 authenticated encryption from pseudorandom functions. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 275–292. Springer, Heidelberg (2014)
    Google ScholarLocate open access versionFindings
  • 37. Minematsu, K., Tsunoo, Y.: Provably secure MACs from differentially-uniform permutations and AES-based implementations. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 226–241. Springer, Heidelberg (2006)
    Google ScholarLocate open access versionFindings
  • 38. Nandi, M.: Improving upon HCTR and matching attacks for Hash-Counter-Hash approach. Cryptology ePrint report 2008/090, February 28, 2008
    Google ScholarFindings
  • 39. Naor, M., Reingold, O.: On the construction of pseudo-random permutations: Luby-Rackoff revisited. Journal of Cryptology 12(1), 29–66 (1999)
    Google ScholarLocate open access versionFindings
  • 40. Naor, M., Reingold, O.: The NR mode of operation. Undated manuscript realizing the mechanism of [39]
    Google ScholarFindings
  • 41. Patarin, J.: Generic attacks on feistel schemes. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 222–238. Springer, Heidelberg (2001)
    Google ScholarLocate open access versionFindings
  • 42. Patel, S., Ramzan, Z., Sundaram, G.S.: Efficient constructions of variable-inputlength block ciphers. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 326–340.
    Google ScholarLocate open access versionFindings
  • 43. Patarin, J.: Security of balanced and unbalanced Feistel schemes with linear non equalities. Cryptology ePrint report 2010/293, May 2010
    Google ScholarFindings
  • 44. Patarin, J.: Security of random feistel schemes with 5 or more rounds. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 106–122.
    Google ScholarLocate open access versionFindings
  • 45. Patarin, J., Gittins, B., Treger, J.: Increasing block sizes using feistel networks: the example of the AES. In: Naccache, D. (ed.) Cryphtography and Security: From Theory to Applications. LNCS, vol. 6805, pp. 67–82. Springer, Heidelberg (2012)
    Google ScholarLocate open access versionFindings
  • 46. Percival, C.: Stronger key derivation via sequential memory-hard functions. The BSD Conference (BSDCan), May 2009
    Google ScholarFindings
  • 47. Reyhanitabar, R., Vizar, D.: Careful with misuse resistance of online AEAD. Unpublished manuscript distributed on the crypto-competitions mailing list. August 24, 2014
    Google ScholarFindings
  • 48. Rogaway, P.: Authenticated-encryption with associated-data. In: ACM CCS 2002, pp. 98–107. ACM Press (2002)
    Google ScholarLocate open access versionFindings
  • 49. Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31.
    Google ScholarLocate open access versionFindings
  • 50. Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: A block-cipher mode of operation for efficient authenticated encryption. In: ACM CCS, pp. 196–205 (2001)
    Google ScholarLocate open access versionFindings
  • 51. Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)
    Google ScholarLocate open access versionFindings
  • 52. Sarkar, P.: Efficient tweakable enciphering schemes from (block-wise) universal hash functions. Cryptology ePrint report 2008/004
    Google ScholarFindings
  • 53. Sarkar, P.: Improving upon the TET mode of operation. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 180–192. Springer, Heidelberg (2007)
    Google ScholarLocate open access versionFindings
  • 54. Sarkar, P.: Tweakable enciphering schemes using only the encryption function of a block cipher. Cryptology ePrint report 2009/216
    Google ScholarFindings
  • 55. Schroeppel, R.: Hasty Pudding Cipher Specification. AES candidate submitted to NIST, June 1998. http://richard.schroeppel.name/hpc/hpc-spec (revised May 1999)
    Findings
  • 56. Shrimpton, T., Terashima, R.S.: A modular framework for building variable-inputlength tweakable ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 405–423. Springer, Heidelberg (2013)
    Google ScholarLocate open access versionFindings
  • 57. Simplıcio, M., Barbuda, P., Barreto, P., Carvalho, T., Margi, C.: The MARVIN message authentication code and the LETTERSOUP authenticated encryption scheme. Security and Communications Networks 2(2), 165–180 (2009)
    Google ScholarLocate open access versionFindings
  • 58. Struik, R.: AEAD ciphers for highly constrained networks. DIAC 2013 presentation, August 13, 2013
    Google ScholarLocate open access versionFindings
  • 59. Wang, P., Feng, D., Lin, C., Wu, W.: Security of truncated MACs. In: Yung, M., Liu, P., Lin, D. (eds.) Inscrypt 2008. LNCS, vol. 5487, pp. 96–114. Springer, Heidelberg (2009)
    Google ScholarLocate open access versionFindings
  • 60. Wang, P., Feng, D., Wu, W.: HCTR: a variable-input-length enciphering mode. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 175–188. Springer, Heidelberg (2005)
    Google ScholarLocate open access versionFindings
  • 61. Yao, F., Yin, Y.L.: Design and analysis of password-based key derivation functions. IEEE Trans. on Information Theory 51(9), 3292–3297 (2005)
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科