Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.

The Area-Latency Symbiosis: Towards Improved Serial Encryption Circuits

Abstract: The bit-sliding paper of Jean et al. (CHES 2017) showed that the smallestsize circuit for SPN based block ciphers such as AES, SKINNY and PRESENT can be achieved via bit-serial implementations. Their technique decreases the bit size of the datapath and naturally leads to a significant loss in latency (as well as the maximum throughput). Their designs complete a single round of the encryption in 168 (resp. 68) clock cycles for 128 (resp. 64) bit blocks. A follow-up work by Banik et al. (FSE 2020) introduced the swap-and-rotate technique that both eliminates this loss in latency and achieves even smaller footprints. In this paper, we extend these results on bit-serial implementations all the way to four authenticated encryption schemes from NIST LWC. Our first focus is to decrease latency and improve throughput with the use of the swap-and-rotate technique. Our block cipher implementations have the most efficient round operations in the sense that a round function of an n-bit block cipher is computed in exactly n clock cycles. This leads to implementations that are similar in size to the state of the art, but have much lower latency (savings up to 20 percent). We then extend our technique to 4and 8-bit implementations. Although these results are promising, block ciphers themselves are not end-user primitives, as they need to be used in conjunction with a mode of operation. Hence, in the second part of the paper, we use our serial block ciphers to bootstrap four active NIST authenticated encryption candidates: SUNDAE-GIFT, Romulus, SAEAES and SKINNY-AEAD. In the wake of this effort, we provide the smallest block-cipher-based authenticated encryption circuits known in the literature so far.

Public key authenticated encryption with multiple keywords search using Mamdani system

Abstract: The public cloud environment has attracted massive attackers to exploit insecure ports and access to data, services and other resources. Techniques, such as Public Key Encryption with Keyword Search (PEKS), could be deployed in cloud security to avoid accidents. PEKS allows users to search encrypted documents by a specific keyword without compromising the original data security. The first PEKS scheme was proposed in 2004, since then, PEKS has been experienced a great progress. Recently, Kazemian and Ma firstly incorporated with Fuzzy Logic technique to PEKS scheme, namely “Public Key Encryption with Multi-keywords Search using Mamdani System (m-PEMKS)”, in order to support Fuzzy Keyword (i.e. “latest”, “biggest”) Search. However, the m-PEMKS scheme has the ability to prevent Off-line Keyword Guessing Attack (OKGA) but it may suffer Inside Keyword Guessing Attack (IKGA). This paper will revisit the m-PEMKS scheme and propose a robust m-PEMKS mechanism. The proposed scheme has the properties of Ciphertext Indistinguishability, Trapdoor Indistinguishability and User Authentication which can prevent OKGA and IKGA. Besides, the proposed scheme supports both Fuzzy Keyword Search and Multiple Keywords Search and therefore, it is more practical and could be applied to the general public networks.

Security Analysis of a Public Key Authenticated Encryption With Keyword Search Scheme

Abstract: In order to solve the security problem that off-line keyword guessing attacks existed in PEKS or dPEKS scheme, Huang and Li introduced a new security model called PAEKS. In this paper, we show that their scheme didn’t provide “ciphertext indistinguishability” based on some assumptions.

Provably secure convertible multi-authenticated encryption scheme

Abstract: In 2009, Tsai proposed an efficient convertible multi-authenticated encryption (CMAE) scheme. However, the author shows that his scheme is distinguishable under adaptive chosen-message attack, and that the designated verifier can generate the signature of the same message for other verifiers. Since no formal model of CMAE has been presented in the literature, the author presents the first complete formal model of CMAE. Then, a new scheme is proposed. The proposed scheme is provably secure in the random oracle model.

Anonymous Symmetric-Key Communication

Abstract: We study anonymity of probabilistic encryption (pE) and probabilistic authenticated encryption (pAE). We start by providing concise game-based security definitions capturing anonymity for both pE and pAE, and then show that the commonly used notion of indistinguishability from random ciphertexts (IND$) indeed implies the anonymity notions for both pE and pAE. This is in contrast to a recent work of Chan and Rogaway (Asiacrypt 2019), where it is shown that IND$-secure nonce-based authenticated encryption can only achieve anonymity if a sophisticated transformation is applied. Moreover, we also show that the Encrypt-then-MAC paradigm is anonymity-preserving, in the sense that if both the underlying probabilistic MAC (pMAC) and pE schemes are anonymous, then also the resulting pAE scheme is. Finally, we provide a composable treatment of anonymity using the constructive cryptography framework of Maurer and Renner (ICS 2011). We introduce adequate abstractions modeling various kinds of anonymous communication channels for many senders and one receiver in the presence of an active man-in-the-middle adversary. Then we show that the game-based notions indeed are anonymity-preserving, in the sense that they imply constructions between such anonymous channels, thus generating authenticity and/or confidentiality as expected, but crucially retaining anonymity if present.