Open Access
Comments to NIST concerning AES Modes of Operations: CTR-Mode Encryption
TLDR
It is suggested that NIST, in standardizing AES modes of operation, should include CTR-mode encryption as one possibility for the next reasons, because it has significant efficiency advantages over the standard encryption modes without weakening the security.Abstract:
Counter-mode encryption (“CTR mode”) was introduced by Diffie and Hellman already in 1979 [5] and is already standardized by, for example, [1, Section 6.4]. It is indeed one of the best known modes that are not standardized in [10]. We suggest that NIST, in standardizing AES modes of operation, should include CTR-mode encryption as one possibility for the next reasons. First, CTR mode has significant efficiency advantages over the standard encryption modes without weakening the security. In particular its tight security has been proven. Second, most of the perceived disadvantages of CTR mode are not valid criticisms, but rather caused by the lack of knowledge.read more
Citations
More filters
Book
Architectural support for copy and tamper-resistant software
David Lie Chandramohan Thekkath,Mark Mitchell,Patrick Lincoln,Dan Boneh,John C. Mitchell,Mark Horowitz +5 more
TL;DR: The hardware implementation of a form of execute-only memory (XOM) that allows instructions stored in memory to be executed but not otherwise manipulated is studied, indicating that it is possible to create a normal multi-tasking machine where nearly all applications can be run in XOM mode.
The Secure Real-time Transport Protocol (SRTP)
TL;DR: This document describes the Secure Real-time Transport Protocol (SRTP), a profile of the real-time transport protocol which can provide confidentiality, message authentication, and replay protection to the RTP traffic and to the control traffic for RTP, the Real- time Transport Control Protocol (RTCP).
Proceedings ArticleDOI
Efficient memory integrity verification and encryption for secure processors
TL;DR: New hardware mechanisms for memory integrity verification and encryption, which are two key primitives required in single-chip secure processors, are proposed.
Journal ArticleDOI
Improving Cost, Performance, and Security of Memory Encryption and Authentication
TL;DR: The new split counters for counter-mode encryption simultaneously eliminate counter overflow problems and reduce per-block counter size and dramatically improve authentication performance and security by using the Galois/counter mode of operation (GCM), which leverages counter- mode encryption to reduce authentication latency and overlap it with memory accesses.
Proceedings ArticleDOI
Tahoe: the least-authority filesystem
TL;DR: Tahoe as mentioned in this paper is a system for secure, distributed storage that uses capabilities for access control, cryptography for confidentiality and integrity, and erasure coding for fault-tolerance.
References
More filters
Journal ArticleDOI
How to construct pseudorandom permutations from pseudorandom functions
Michael Luby,Charles Rackoff +1 more
TL;DR: Any pseudorandom bit generator can be used to construct a block private key cryptos system which is secure against chosen plaintext attack, which is one of the strongest known attacks against a cryptosystem.
Journal ArticleDOI
Privacy and authentication: An introduction to cryptography
TL;DR: The basic information theoretic and computational properties of classical and modern cryptographic systems are presented, followed by cryptanalytic examination of several important systems and an examination of the application of cryptography to the security of timesharing systems and computer networks.
Book ChapterDOI
Fast Implementation and Fair Comparison of the Final Candidates for Advanced Encryption Standard Using Field Programmable Gate Arrays
Kris Gaj,Pawel Chodowiec +1 more
TL;DR: A new methodology for a fair comparison of the hardware performance of secret-key block ciphers has been developed and contrasted with methodology used by the NSA team.
Book ChapterDOI
Luby-Rackoff backwards: Increasing security by making block ciphers non-invertible
TL;DR: Strong quantitative bounds on the value of data-dependent re-keying in the Shannon model of an ideal cipher are proved, and some initial steps towards an analysis in the standard model are taken.
Posted Content
A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion.
TL;DR: A simple, new construction of a PRF from a PRP that makes only two invocations of the PRP and has insecurity linear in the number of queries made by the adversary, and improves the analysis of the truncation construction.