Open AccessJournal Article
A provable-security treatment of the key-wrap problem
Phillip Rogaway,Thomas Shrimpton +1 more
Reads0
Chats0
TLDR
It is suggested that key-wrap's goal is security in the sense of deterministic authenticated-encryption (DAE), and it is shown that a DAE scheme with a vector-valued header, such as SIV, directly realizes this goal.Abstract:
We give a provable-security treatment for the key-wrap problem, providing definitions, constructions, and proofs. We suggest that key-wrap's goal is security in the sense of deterministic authenticated-encryption (DAE), a notion that we put forward. We also provide an alternative notion, a pseudorandom injection (PRI), which we prove to be equivalent. We provide a DAE construction, SIV, analyze its concrete security, develop a blockcipher-based instantiation of it, and suggest that the method makes a desirable alternative to the schemes of the X9.102 draft standard. The construction incorporates a method to turn a PRF that operates on a string into an equally efficient PRF that operates on a vector of strings, a problem of independent interest. Finally, we consider IV-based authenticated-encryption (AE) schemes that are maximally forgiving of repeated IVs, a goal we formalize as misuse-resistant AE. We show that a DAE scheme with a vector-valued header, such as SIV, directly realizes this goal.read more
Citations
More filters
Book ChapterDOI
Order-Preserving Symmetric Encryption
TL;DR: The notion of order-preserving symmetric encryption (OPE) was introduced by Agrawal et al. as mentioned in this paper, who showed that a straightforward relaxation of standard security notions for encryption such as indistinguishability against chosen-plaintext attack (IND-CPA) is unachievable by a practical OPE scheme.
Posted Content
Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm.
TL;DR: This work considers two possible notions of authenticity for authenticated encryption schemes, namely integrity of plaintexts and integrity of ciphertexts, and relates them to the standard notions of privacy IND-CCA and NM-CPA by presenting implications and separations between all notions considered.
Proceedings Article
DupLESS: server-aided encryption for deduplicated storage
TL;DR: In this article, the authors propose an architecture that provides secure deduplicated storage resisting brute-force attacks, and realize it in a system called DupLESS, where clients encrypt under message-based keys obtained from a key-server via an oblivious PRF protocol.
Book ChapterDOI
Duplexing the sponge: single-pass authenticated encryption and other applications
TL;DR: In this paper, the authors proposed a duplex construction, which is closely related to the sponge construction, that accepts message blocks to be hashed and provides digests on the input blocks received so far.
Book ChapterDOI
The software performance of authenticated-encryption modes
Ted Krovetz,Phillip Rogaway +1 more
TL;DR: OCB is found to be substantially faster than either GCM or GCM across a variety of platforms, and there is room for algorithmic improvements to OCB, showing how to trim one blockcipher call and reduce latency.
References
More filters
Journal ArticleDOI
How to construct random functions
TL;DR: In this paper, a constructive theory of randomness for functions, based on computational complexity, is developed, and a pseudorandom function generator is presented, which is a deterministic polynomial-time algorithm that transforms pairs (g, r), where g is any one-way function and r is a random k-bit string, to computable functions.
Book ChapterDOI
How to construct random functions
TL;DR: A constructive theory of randomness for functions, based on computational complexity, is developed, and a pseudorandom function generator is presented that has applications in cryptography, random constructions, and complexity theory.
Proceedings ArticleDOI
A concrete security treatment of symmetric encryption
TL;DR: This work studies notions and schemes for symmetric (ie. private key) encryption in a concrete security framework and gives four different notions of security against chosen plaintext attack, providing both upper and lower bounds, and obtaining tight relations.
Journal ArticleDOI
How to construct pseudorandom permutations from pseudorandom functions
Michael Luby,Charles Rackoff +1 more
TL;DR: Any pseudorandom bit generator can be used to construct a block private key cryptos system which is secure against chosen plaintext attack, which is one of the strongest known attacks against a cryptosystem.
Journal Article
Relations among notions of security for public-key encryption schemes
TL;DR: In this article, the relative strengths of popular notions of security for public key encryption schemes are compared under chosen plaintext attack and two kinds of chosen ciphertext attack, and the goals of privacy and non-malleability are considered.