Open AccessPosted Content
Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm.
Reads0
Chats0
TLDR
This work considers two possible notions of authenticity for authenticated encryption schemes, namely integrity of plaintexts and integrity of ciphertexts, and relates them to the standard notions of privacy IND-CCA and NM-CPA by presenting implications and separations between all notions considered.Abstract:
An authenticated encryption scheme is a symmetric encryption scheme whose goal is to provide both privacy and integrity. We consider two possible notions of authenticity for such schemes, namely integrity of plaintexts and integrity of ciphertexts, and relate them (when coupled with IND-CPA) to the standard notions of privacy (IND-CCA,NM-CPA) by presenting implications and separations between all notions considered. We then analyze the security of authenticated encryption schemes designed by “generic composition,” meaning making blackbox use of a given symmetric encryption scheme and a given MAC. Three composition methods are considered, namely Encrypt-and-MAC, MAC-then-encrypt, and Encrypt-then-MAC. For each of these, and for each notion of security, we indicate whether or not the resulting scheme meets the notion in question assuming the given symmetric encryption scheme is secure against chosen-plaintext attack and the given MAC is unforgeable under chosen-message attack. We provide proofs for the cases where the answer is “yes” and counter-examples for the cases where the answer is “no.”read more
Citations
More filters
Book ChapterDOI
FPGA Intrinsic PUFs and Their Use for IP Protection
TL;DR: New protocols for the IP protection problem on FPGAs are proposed and the first construction of a PUF intrinsic to current FPGA based on SRAM memory randomness present on current FFPAs is provided.
Proceedings ArticleDOI
VC3: Trustworthy Data Analytics in the Cloud Using SGX
Felix Schuster,Manuel Costa,Cédric Fournet,Christos Gkantsidis,Marcus Peinado,Gloria Mainar-Ruiz,Mark Russinovich +6 more
TL;DR: VC3 is the first system that allows users to run distributed MapReduce computations in the cloud while keeping their code and data secret, and ensuring the correctness and completeness of their results.
Posted Content
Practical Secure Aggregation for Privacy Preserving Machine Learning.
Keith Bonawitz,Vladimir Ivanov,Ben Kreuter,Antonio Marcedone,H. Brendan McMahan,Sarvar Patel,Daniel Ramage,Aaron Segal,Karn Seth +8 more
TL;DR: This protocol allows a server to compute the sum of large, user-held data vectors from mobile devices in a secure manner, and can be used, for example, in a federated learning setting, to aggregate user-provided model updates for a deep neural network.
Proceedings Article
DupLESS: server-aided encryption for deduplicated storage
TL;DR: In this article, the authors propose an architecture that provides secure deduplicated storage resisting brute-force attacks, and realize it in a system called DupLESS, where clients encrypt under message-based keys obtained from a key-server via an oblivious PRF protocol.
Journal ArticleDOI
VerifyNet: Secure and Verifiable Federated Learning
TL;DR: VerifyNet is proposed, the first privacy-preserving and verifiable federated learning framework that claims that it is impossible that an adversary can deceive users by forging Proof, unless it can solve the NP-hard problem adopted in the model.
References
More filters
Journal ArticleDOI
A digital signature scheme secure against adaptive chosen-message attacks
TL;DR: A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.
Book ChapterDOI
Keying Hash Functions for Message Authentication
TL;DR: Two new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.
Book ChapterDOI
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
Ran Canetti,Hugo Krawczyk +1 more
TL;DR: In this article, the authors present a formalism for the analysis of key exchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any key exchange protocol that satisfies the security definition can be composed with symmetric encryption and authentication functions to provide provably secure communication channels.
IP Encapsulating Security Payload (ESP)
S. Kent,R. Atkinson +1 more
TL;DR: This document describes an updated version of the Encapsulating Security Payload (ESP) protocol, which is designed to provide a mix of security services in IPv4 and IPv6.
Book ChapterDOI
Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption)
TL;DR: Signcryption as discussed by the authors is a new cryptographic primitive which simultaneously fulfills both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly lower than that required by signature-then-encryption.