Open AccessJournal Article
Authenticated on-line encryption
TLDR
In this article, the authors investigate the authenticated encryption paradigm and its security against blockwise adaptive adversaries, mounting chosen ciphertext attacks on on-the-fly cryptographic devices and propose a generic construction called Decrypt-Then-Mask, and prove its security in the blockwise adversarial model.Abstract:
In this paper, we investigate the authenticated encryption paradigm, and its security against blockwise adaptive adversaries, mounting chosen ciphertext attacks on on-the-fly cryptographic devices. We remark that most of the existing solutions are insecure in this context, since they provide a decryption oracle for any ciphertext. We then propose a generic construction called Decrypt-Then-Mask, and prove its security in the blockwise adversarial model. The advantage of this proposal is to apply minimal changes to the encryption protocol. In fact, in our solution, only the decryption protocol is modified, while the encryption part is left unchanged. Finally, we propose an instantiation of this scheme, using the encrypted CBC-MAC algorithm, a secure pseudorandom number generator and the Delayed variant of the CBC encryption scheme.read more
Citations
More filters
Book ChapterDOI
Security of symmetric encryption in the presence of ciphertext fragmentation
TL;DR: In this paper, Paterson et al. extend the SSH-specific work of Paterson and Watson (Eurocrypt 2010) to develop security models for the fragmented setting of symmetric encryption.
Book
The Block Cipher Companion
Lars R. Knudsen,Matthew Robshaw +1 more
TL;DR: This book provides a technically detailed, yet readable, account of the state of the art of block cipher analysis, design, and deployment and provides an overview of some of the most important cryptanalytic methods.
Posted Content
Robust Authenticated-Encryption: AEZ and the Problem that it Solves.
TL;DR: AEZ as mentioned in this paper is a robust authenticated-encryption scheme from the AES round function, which can achieve a peak speed of about 0.7 cpb on the Haswell standard.
Book ChapterDOI
Robust Authenticated-Encryption AEZ and the Problem That It Solves
TL;DR: AEZ as mentioned in this paper is a robust authenticated-encryption scheme from the AES round function, which can achieve a peak speed of about 0.7 cpb on the Haswell standard.
Book ChapterDOI
Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance
TL;DR: It is argued that no OAE definition can meaningfully tolerate nonce-reuse, but OAE security ought never have been understood to turn on this question, and a radically different formulation is provided, OAE2.
References
More filters
Proceedings ArticleDOI
A concrete security treatment of symmetric encryption
TL;DR: This work studies notions and schemes for symmetric (ie. private key) encryption in a concrete security framework and gives four different notions of security against chosen plaintext attack, providing both upper and lower bounds, and obtaining tight relations.
Journal ArticleDOI
The Security of the Cipher Block Chaining Message Authentication Code
TL;DR: A technical lemma of independent interest is bounding the success probability of a computationally unbounded adversary in distinguishing between a random ml-bit to l-bit function and the CBC MAC of a random l- bit to l -bit function.
Proceedings ArticleDOI
OCB: a block-cipher mode of operation for efficient authenticated encryption
TL;DR: It is proved OCB secure, quantifying the adversary's ability to violate the mode's privacy or authenticity in terms of the quality of its block cipher as a pseudorandom permutation (PRP) or as a strong PRP, respectively.
BookDOI
Advances in Cryptology — CRYPTO’ 92
TL;DR: A new signature scheme is introduced that combines the strength of the strongest schemes with the efficiency of RSA, and uses the same amount of computation and memory as the widely applied RSA scheme.
Book ChapterDOI
The Security of Cipher Block Chaining
TL;DR: This work provides its first formal justification, showing the following general lemma: that cipher block chaining a pseudorandom function gives a Pseudo-Cipher Block Chaining function.