Showing papers on "Ciphertext published in 2004"
Posted Content•
TL;DR: In this paper, a new type of identity-based encryption called Fuzzy Identity-Based Encryption (IBE) was introduced, where an identity is viewed as set of descriptive attributes, and a private key for an identity can decrypt a ciphertext encrypted with an identity if and only if the identities are close to each other as measured by the set overlap distance metric.
Abstract: We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, ω, to decrypt a ciphertext encrypted with an identity, ω ′, if and only if the identities ω and ω ′ are close to each other as measured by the “set overlap” distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term “attribute-based encryption”.
In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.
3,128 citations
02 May 2004
TL;DR: This work proposes a simple and efficient construction of a CCA-secure public-key encryption scheme from any CPA-secure identity-based encryption (IBE) scheme, which avoids non-interactive proofs of “well-formedness” which were shown to underlie most previous constructions.
Abstract: We propose a simple and efficient construction of a CCA-secure public-key encryption scheme from any CPA-secure identity-based encryption (IBE) scheme. Our construction requires the underlying IBE scheme to satisfy only a relatively “weak” notion of security which is known to be achievable without random oracles; thus, our results provide a new approach for constructing CCA-secure encryption schemes in the standard model. Our approach is quite different from existing ones; in particular, it avoids non-interactive proofs of “well-formedness” which were shown to underlie most previous constructions. Furthermore, applying our conversion to some recently-proposed IBE schemes results in CCA-secure schemes whose efficiency makes them quite practical.
889 citations
23 Feb 2004
TL;DR: An asymmetric cryptosystem with universal re-encryption that is half as efficient as standard ElGamal in terms of computation and storage is proposed.
Abstract: We introduce a new cryptographic technique that we call universal re-encryption. A conventional cryptosystem that permits re-encryption, such as ElGamal, does so only for a player with knowledge of the public key corresponding to a given ciphertext. In contrast, universal re-encryption can be done without knowledge of public keys. We propose an asymmetric cryptosystem with universal re-encryption that is half as efficient as standard ElGamal in terms of computation and storage.
457 citations
Journal Article•
TL;DR: The first identity-based (ID-based) signcryption scheme that is forward secure, publicly verifiable as well as provably secure was proposed by Boyen and Goyal as mentioned in this paper.
Abstract: Boyen [7] gave the first identity-based (ID-based) signcryption scheme that is forward secure, publicly verifiable as well as provably secure. However, his scheme aims at providing ciphertext unlinkability and anonymity which is not a desirable property in applications such as authentication of encrypted messages by firewalls [11], where any third party should be able to verify the origin of the ciphertext without knowing the content of the message and getting any help from the intended recipient. This requirement is referred as public ciphertext authenticity. In this paper, we give another ID-based signcryption scheme that can provide public ciphertext authenticity and is forward and provably secure as well as publicly verifiable. Our scheme is modified from Libert and Quisquater's ID-based signcryption scheme [16] and the efficiency of our scheme is comparable to other previous ID-based signcryption schemes.
212 citations
Journal Article•
TL;DR: This work investigates an alternative syntax for an encryption scheme, where the encryption process e is a deterministic function that surfaces an initialization vector (IV) that is guaranteed to be a nonce-something that takes on a new value with every message one encrypts.
Abstract: Symmetric encryption schemes are usually formalized so as to make the encryption operation a probabilistic or state-dependent function e of the message M and the key K: the user supplies M and K and the encryption process does the rest, flipping coins or modifying internal state in order to produce a ciphertext C. Here we investigate an alternative syntax for an encryption scheme, where the encryption process e is a deterministic function that surfaces an initialization vector (IV). The user supplies a message M, key K, and initialization vector N, getting back the (one and only) associated ciphertext C = e N K(M). We concentrate on the case where the IV is guaranteed to be a nonce-something that takes on a new value with every message one encrypts. We explore definitions, constructions, and properties for nonce-based encryption. Symmetric encryption with a surfaced IV more directly captures real-word constructions like CBC mode, and encryption schemes constructed to be secure under nonce-based security notions may be less prone to misuse.
195 citations
15 Aug 2004
TL;DR: It is shown that the Feistel schemes are secure against all adaptive chosen plaintext attacks (CPA-2) when k≥ 3 and against all adaptations of plaintext/ciphertext and chosen ciphertext attacks(CPCA-2).
Abstract: We study cryptographic attacks on random Feistel schemes. We denote by m the number of plaintext/ciphertext pairs, and by k the number of rounds. In their famous paper [3], M. Luby and C. Rackoff have completely solved the cases m≪ 2 n/2: the schemes are secure against all adaptive chosen plaintext attacks (CPA-2) when k≥ 3 and against all adaptive chosen plaintext and chosen ciphertext attacks (CPCA-2) when k≥ 4 (for this second result a proof is given in [9]).
149 citations
Journal Article•
TL;DR: In this paper, it was shown that for the case m 2 n/2, the scheme is secure against all adaptive chosen plaintext attacks (CPA-2) when k > 3 and against all non-adaptive chosen ciphertext (CPCA-1 and CPCA-2).
Abstract: We study cryptographic attacks on random Feistel schemes. We denote by m the number of plaintext/ciphertext pairs, and by k the number of rounds. In their famous paper [3], M. Luby and C. Rackoff have completely solved the cases m 2 n/2 : the schemes are secure against all adaptive chosen plaintext attacks (CPA-2) when k > 3 and against all adaptive chosen plaintext and chosen ciphertext attacks (CPCA-2) when k > 4 (for this second result a proof is given in [9]). In this paper we study the cases m 2. We will use the coefficients H technique of proof to analyze known plaintext attacks (KPA), adaptive or non-adaptive chosen plaitext attacks (CPA-1 and CPA-2) and adaptive or non-adaptive chosen plaitext and chosen ciphertext attacks (CPCA-1 and CPCA-2). In the first part of this paper, we will show that when m 2 the schemes are secure against all KPA when k > 4, against all CPA-2 when k > 5 and against all CPCA-2 attacks when k > 6. This solves an open problem of [1], [14], and it improves the result of [14] (where more rounds were needed and m 2 n(1-e) was obtained instead of m 2). The number 5 of rounds is minimal since CPA-2 attacks on 4 rounds are known when m > O(2 n/2 ) (see [1], [10]). Furthermore, in all these cases we have always obtained an explicit majoration for the distinguishing probability. In the second part of this paper, we present some improved generic attacks. For k = 5 rounds, we present a KPA with m ≃ 2 3n/2 and a non-adaptive chosen plaintext attack (CPA-1) with m ≃ 2. For k > 7 rounds we also show some improved attacks against random Feistel generators (with more than one permutation to analyze and > 2 2n computations).
85 citations
02 May 2004
TL;DR: This work provides methods for transforming an encryption scheme susceptible to decryption errors into one that is immune to these errors and may help defend against certain cryptanalytic techniques.
Abstract: We provide methods for transforming an encryption scheme susceptible to decryption errors into one that is immune to these errors. Immunity to decryption errors is vital when constructing non-malleable and chosen ciphertext secure encryption schemes via current techniques; in addition, it may help defend against certain cryptanalytic techniques, such as the attack of Proos [33] on the NTRU scheme.
75 citations
Journal Article•
TL;DR: In this article, the authors provide methods for transforming an encryption scheme susceptible to decryption errors into one that is immune to these errors, using amplification techniques translated from a related information theoretic setting.
Abstract: We provide methods for transforming an encryption scheme susceptible to decryption errors into one that is immune to these errors. Immunity to decryption errors is vital when constructing non-malleable and chosen ciphertext secure encryption schemes via current techniques; in addition, it may help defend against certain cryptanalytic techniques, such as the attack of Proos [33] on the NTRU scheme. When decryption errors are very infrequent, our transformation is extremely simple and efficient, almost free. To deal with significant error probabilities, we apply amplification techniques translated from a related information theoretic setting. These techniques allow us to correct even very weak encryption schemes where in addition to decryption errors, an adversary has substantial probability of breaking the scheme by decrypting random messages (without knowledge of the secret key). In other words, under these weak encryption schemes, the only guaranteed difference between the legitimate recipient and the adversary is in the frequency of decryption errors. All the above transformations work in a standard cryptographic model; specifically, they do not rely on a random oracle. We also consider the random oracle model, where we give a simple transformation from a one-way encryption scheme which is error-prone into one that is immune to errors. We conclude that error-prone cryptosystems can be used in order to create more secure cryptosystems.
74 citations
Posted Content•
TL;DR: XCB as discussed by the authors is a block cipher mode of operation that implements a "tweakable" (super) pseudorandom permutation with an arbitrary block length, which can be used to provide the best possible security in systems that cannot allow data expansion.
Abstract: We describe a block cipher mode of operation that implements a ‘tweakable’ (super) pseudorandom permutation with an arbitrary block length. This mode can be used to provide the best possible security in systems that cannot allow data expansion, such as disk-block encryption and some network protocols. The mode accepts an additional input, which can be used to protect against attacks that manipulate the ciphertext by rearranging the ciphertext blocks. Our mode is similar to a five-round Luby-Rackoff cipher in which the first and last rounds do not use the conventional Feistel structure, but instead use a single block cipher invocation. The third round is a Feistel structure using counter mode as a PRF. The second and fourth rounds are Feistel structures using a universal hash function; we re-use the polynomial hash over a binary field defined in the Galois/Counter Mode (GCM) of operation for block ciphers. This choice provides efficiency in both hardware and software and allows for re-use of implementation effort. XCB also has several useful properties: it accepts arbitrarily-sized plaintexts and associated data, including any plaintexts with lengths that are no smaller than the width of the block cipher. This document is a pre-publication draft manuscript.
72 citations
19 Feb 2004
TL;DR: A cryptosystem that is RCCA secure has full CCA2 security except for the little detail that it may be possible to modify a ciphertext into another ciphertext containing the same plaintext.
Abstract: Recently Canetti, Krawczyk and Nielsen defined the notion of replayable adaptive chosen ciphertext attack (RCCA) secure encryption. Essentially a cryptosystem that is RCCA secure has full CCA2 security except for the little detail that it may be possible to modify a ciphertext into another ciphertext containing the same plaintext.
13 Sep 2004
TL;DR: This work presents a practical public-key encryption scheme that offers security under adaptive chosen-ciphertext attack (CCA) and has pseudo-random ciphertexts, i.e. ciphertext's indistinguishable from random bit strings, which has applications in steganography.
Abstract: This work presents a practical public-key encryption scheme that offers security under adaptive chosen-ciphertext attack (CCA) and has pseudo-random ciphertexts, i.e. ciphertexts indistinguishable from random bit strings. Ciphertext pseudo-randomness has applications in steganography. The new scheme features short ciphertexts due to the use of elliptic curve cryptography, with ciphertext pseudo-randomness achieved through a new key encapsulation mechanism (KEM) based on elliptic curve Diffie-Hellman with a pair of elliptic curves where each curve is a twist of the other. The public-key encryption scheme resembles the hybrid DHIES construction; besides by using the new KEM, it differs from DHIES in that it uses an authenticate-then-encrypt (AtE) rather than encrypt-then-authenticate (EtA) approach for symmetric cryptography.
Patent•
25 May 2004
TL;DR: Daniel (alternatively written as DNL) is a cryptographic paradigm, featuring ease of matching: many plaintexts of choice to any give cipher (the deniability property) as discussed by the authors.
Abstract: Daniel (alternatively written as DNL) is a cryptographic paradigm, featuring ease of matching: many plaintexts of choice to any give cipher (the deniability property). Consequently, the cipher itself cannot betray the specific plaintext that generated it, as it is “lost” in the large list of candidate plaintexts, all of which are decryption-generated from the ciphertext.
Patent•
PARC1
TL;DR: In this paper, a query homomorphically encrypts indices identifying one record and attribute, and a secret key is generated at a certain query count and is divided into randomly generated key shares.
Abstract: Records in a secure database include attributes. A query homomorphically encrypts indices identifying one record and attribute. A secret key is generated at a certain query count and is divided into randomly generated key shares. A key share sequence is homomorphically encrypted. A table is formed by encrypting the indices, secret key and attributes. The key shares are decrypted sufficient to recover the secret key subject to a non-inference enabling query. In a further embodiment, a query count is maintained. Records in a secure database include attributes, with an attributes set forming inference channels. A data structure includes ciphertext keys. A pseudorandom function seed and non-malleable encryption secret key are chosen. A query provides indices identifying one record and attribute. A secure function evaluation is executed. A table combines the attributes with the pseudorandom function applied to the seed and indices. A table entry for the indices is provided.
23 Feb 2004
TL;DR: This work presents and analyze an adaptive chosen ciphertext secure (IND-CCA) identity-based encryption scheme (IBE) based on the well studied Decisional Diffie-Hellman (DDH) assumption that is provably secure in the standard model assuming the adversary can corrupt up to a maximum of k users adaptively.
Abstract: We present and analyze an adaptive chosen ciphertext secure (IND-CCA) identity-based encryption scheme (IBE) based on the well studied Decisional Diffie-Hellman (DDH) assumption. The scheme is provably secure in the standard model assuming the adversary can corrupt up to a maximum of k users adaptively. This is contrary to the Boneh-Franklin scheme which holds in the random-oracle model.
23 Feb 2004
TL;DR: This paper shows that, for several of the padding methods referred to by this standard, it can exploit an oracle returning padding correctness information to efficiently extract plaintext bits.
Abstract: In [8] Vaudenay presented an attack on block cipher CBC-mode encryption when a particular padding method is used. In this paper, we employ a similar approach to analyse the padding methods of the ISO CBC-mode encryption standard. We show that, for several of the padding methods referred to by this standard, we can exploit an oracle returning padding correctness information to efficiently extract plaintext bits. In particular, for one padding scheme, we can extract all plaintext bits with a near-optimal number of oracle queries. For a second scheme, we can efficiently extract plaintext bits from the last (or last-but-one) ciphertext block, and obtain plaintext bits from other blocks faster than exhaustive search.
08 Sep 2004
TL;DR: This paper proposes a new public key authenticated encryption (signcryption) scheme based on the hardness of q-Diffie-Hellman problems in Gap Diffie- Hellman groups that is quite efficient and provides detachable signatures that are unlinkable to the original anonymous ciphertext.
Abstract: This paper proposes a new public key authenticated encryption (signcryption) scheme based on the hardness of q-Diffie-Hellman problems in Gap Diffie-Hellman groups. This new scheme is quite efficient: the signcryption operation has almost the same cost as an El Gamal encryption while the reverse operation only requires one pairing evaluation and three exponentiations. The scheme's chosen-ciphertext security is shown to be related to the hardness of the q-Diffie-Hellman Inversion (q–DHI) problem in the random oracle model while its unforgeability is proved under the q-Strong Diffie-Hellman assumption (q-SDH). It also provides detachable signatures that are unlinkable to the original anonymous ciphertext. We also show that most of the sender's workload can be computed offline. Our construction is based on a signature scheme independently studied by Boneh-Boyen and Zhang et al. in 2004.
TL;DR: It is shown that the system parameters directly determine the cipher text waveform, hence it can be readily broken by system parameter estimation from the ciphertext signal.
Abstract: A security analysis of a recently proposed secure communication scheme based on the phase synchronization of chaotic systems is presented. It is shown that the system parameters directly determine the cipher text waveform, hence it can be readily broken by system parameter estimation from the cipher text signal.
Journal Article•
01 Mar 2004
TL;DR: This paper defines an extended model of (standard) CCA called chosen ciphertext attack for multiple encryption (ME-CCA) emulating partial breaking of assumptions, and gives constructions of multiple encryption satisfying ME- CCA-security, proving ME-wCCA- security can be acquired by combining IND-ccA-secure component ciphers together.
Abstract: In a practical system, a message is often encrypted more than once by different encryptions, here called multiple encryption, to enhance its security. Additionally, new features may be achieved by multiple encrypting a message, such as the key-insulated cryptosystems and anonymous channels. Intuitively, a multiple encryption should remain “secure”, whenever there is one component cipher unbreakable in it. In NESSIE’s latest Portfolio of recommended cryptographic primitives (Feb. 2003), it is suggested to use multiple encryption with component ciphers based on different assumptions to acquire long term security. However, in this paper we show this needs careful discussion, especially, this may not be true according to adaptive chosen ciphertext attack (CCA), even with all component ciphers CCA-secure. We define an extended model of (standard) CCA called chosen ciphertext attack for multiple encryption (ME-CCA) emulating partial breaking of assumptions, and give constructions of multiple encryption satisfying ME-CCA-security. We further relax CCA by introducing weak ME-CCA (ME-wCCA) and study the relations among these definitions, proving ME-wCCA-security can be acquired by combining IND-CCA-secure component ciphers together. We then apply these results to key-insulated cryptosystem.
04 Jul 2004
TL;DR: In this article, the authors provide a machine-checked account of the Generic Model and the Random Oracle Model using the proof assistant Coq, and show that they can be used to reason about the computational cost of breaking a cryptographic scheme.
Abstract: Most approaches to the formal analyses of cryptographic protocols make the perfect cryptography assumption, i.e. the hypothese that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing the key. Ideally, one would prefer to rely on a weaker hypothesis on the computational cost of gaining information about the plaintext pertaining to a ciphertext without knowing the key. Such a view is permitted by the Generic Model and the Random Oracle Model which provide non-standard computational models in which one may reason about the computational cost of breaking a cryptographic scheme. Using the proof assistant Coq, we provide a machine-checked account of the Generic Model and the Random Oracle Model.
Journal Article•
TL;DR: In this paper, the authors show that the OAEP 3-round construction is not optimal in the random-oracle model, since the security relies on the partial-domain one-wayness of the permutation.
Abstract: The OAEP construction is already 10 years old and well-established in many practical applications. But after some doubts about its actual security level, four years ago, the first efficient and provably IND-CCA1 secure encryption padding was formally and fully proven to achieve the expected IND-CCA2 security level, when used with any trapdoor permutation. Even if it requires the partial-domain one-wayness of the permutation, for the main application (with the RSA permutation family) this intractability assumption is equivalent to the classical (full-domain) one-wayness, but at the cost of an extra quadratic-time reduction. The security proof which was already not very tight to the RSA problem is thus much worse. However, the practical optimality of the OAEP construction is two-fold, hence its attractivity: from the efficiency point of view because of two extra hashings only, and from the length point of view since the ciphertext has a minimal bit-length (the encoding of an image by the permutation.) But the bandwidth (or the ratio ciphertext/plaintext) is not optimal because of the randomness (required by the semantic security) and the redundancy (required by the plaintext-awareness, the sole way known to provide efficient CCA2 schemes.) At last Asiacrypt '03, the latter intuition had been broken by exhibiting the first IND-CCA2 secure encryption schemes without redundancy, and namely without achieving plaintext-awareness, while in the random-oracle model: the OAEP 3-round construction. But this result achieved only similar practical properties as the original OAEP construction: the security relies on the partial-domain one-wayness, and needs a trapdoor permutation, which limits the application to RSA, with still a quite bad reduction. This paper improves this result: first we show the OAEP 3-round actually relies on the (full-domain) one-wayness of the permutation (which improves the reduction), then we extend the application to a larger class of encryption primitives (including ElGamal, Paillier, etc.) The extended security result is still in the random-oracle model, and in a relaxed CCA2 model (which lies between the original one and the replayable CCA scenario).
06 Jan 2004
TL;DR: Two new building blocks employed—a distributed blinding protocol and verifiable dual encryption proofs—could have uses beyond re-encryption protocols.
Abstract: A protocol is given that allows a set of n servers to cooperate and produce an ElGamal ciphertext encrypted under one key from an ElGamal ciphertext encrypted under another, but without plaintext ever becoming available. The protocol is resilient to (n−1)/3 of the servers being compromised and requires no assumptions about execution speeds or message delivery delays. Two new building blocks employed—a distributed blinding protocol and verifiable dual encryption proofs—could have uses beyond re-encryption protocols. ∗Supported in part by AFOSR grant F49620-00-1-0198 and F49620-03-1-0156, Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Material Command, USAF, under agreement number F30602-99-1-0533, National Science Foundation Grant 9703470, and a grant from Intel Corporation. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of these organizations or the U.S. Government. †Microsoft Research Silicon Valley, 1065 La Avenida, Mountain View, CA 94043; email: lidongz@microsoft.com. ‡UMIACS, University of Maryland, College Park, Maryland 20742; email: mmarsh@umiacs.umd.edu. §Department of Computer Science, Upson Hall, Cornell University, Ithaca, New York 14853; email: fbs@cs.cornell.edu. ¶Department of Numerical Analysis and Computer Science, Royal Institute of Technology, Sweden; email: anna@nada.kth.se.
Journal Article•
TL;DR: In this article, the authors investigate the authenticated encryption paradigm and its security against blockwise adaptive adversaries, mounting chosen ciphertext attacks on on-the-fly cryptographic devices and propose a generic construction called Decrypt-Then-Mask, and prove its security in the blockwise adversarial model.
Abstract: In this paper, we investigate the authenticated encryption paradigm, and its security against blockwise adaptive adversaries, mounting chosen ciphertext attacks on on-the-fly cryptographic devices. We remark that most of the existing solutions are insecure in this context, since they provide a decryption oracle for any ciphertext. We then propose a generic construction called Decrypt-Then-Mask, and prove its security in the blockwise adversarial model. The advantage of this proposal is to apply minimal changes to the encryption protocol. In fact, in our solution, only the decryption protocol is modified, while the encryption part is left unchanged. Finally, we propose an instantiation of this scheme, using the encrypted CBC-MAC algorithm, a secure pseudorandom number generator and the Delayed variant of the CBC encryption scheme.
Patent•
09 Feb 2004
TL;DR: In this paper, a system and methods for performing digital signing and encryption using identity-based techniques are described, where a message may be signed and encrypted in a single operation and may be decrypted and verified in two separate operations.
Abstract: Systems and methods are provided for performing digital signing and encryption using identity-based techniques. A message may be signed and encrypted in a single operation and may be decrypted and verified in two separate operations. Messages may be sent anonymously and confidentially. The systems and methods support message confidentiality, signature non-repudiation, and ciphertext authentication, ciphertext unlinkability, and anonymity.
Patent•
27 Aug 2004TL;DR: A computing environment maintains the integrity of data stored in system memory as mentioned in this paper, where the value of at least a portion of the address line is determined by a real page number stored in a page table.
Abstract: A computing environment maintains the integrity of data stored in system memory. The system has an address bus that comprises a plurality of address lines. The value of at least a portion of the address line is determined by a real page number stored in a page table. The system also comprises an encryption circuit that converts data from plaintext to ciphertext as a function of a key value. A circuit derives the key value as a function of at least a portion of the address line that is set by the real page number.
Patent•
20 Jan 2004
TL;DR: In this paper, a method for preparing enciphered message transmission over a network architecture is described, which involves receiving plain text data corresponding to the message, passing the plaintext data to a multi-tiered encryption engine, encrypting the ciphertext message data according to a first encryption scheme to generate first ciphertext data, and then encrypting first cipher text message data under a second encryption scheme for transmission.
Abstract: A method for preparing enciphered message transmission over a network architecture entails receiving plain text data corresponding to the message, passing the plaintext data to a multi-tiered encryption engine, encrypting the plaintext data according to a first encryption scheme to generate first ciphertext message data, and encrypting the first ciphertext message data according to a second encryption scheme to generate second ciphertext message data intended for transmission. Also provided is a cryptographic system, multi-tiered encryption/decryption engine(s) and a computerized method for enciphered message transmission.
Posted Content•
TL;DR: A variation of the standard definition of chosen-ciphertext security is introduced, which is called IND-CCA3, and it is proved that IND- CCA3 is equivalent to authenticated-encryption.
Abstract: In this note we introduce a variation of the standard definition of chosen-ciphertext security, which we call IND-CCA3, and prove that IND-CCA3 is equivalent to authenticated-encryption.
08 Dec 2004
TL;DR: This paper proposes and develops an application for symmetric key cryptography using enterprise grid middleware called Alchemi, and an analysis and comparison of its performance is presented along with pointers to future work.
Abstract: Today’s cryptanalysis on symmetric key cryptography is encouraging the use of larger key sizes and complex algorithms to achieve an unbreakable state. However, this leads an increase in computational complexity. This has promoted many researchers to develop high-performance symmetric key cryptography schemes using approaches such as the use of high-end computing hardware. Peer-to-peer (P2P) or enterprise grids are proven as one of the approaches for developing cost-effective high-end computing systems. By utilizing them, one can improve the performance of symmetric key cryptography through parallel execution. This approach makes it attractive for adoption by businesses to secure their documents. In this paper we propose and develop an application for symmetric key cryptography using enterprise grid middleware called Alchemi. An analysis and comparison of its performance is presented along with pointers to future work.
Patent•
04 Jun 2004TL;DR: In this paper, a system adapted to encrypt one or more packets of plaintext data in cipher-block chaining (CBC) mode is presented, where a plurality of N bit registers are respectively coupled to the plurality of digital logic components and a circuit component is operative to selectively pass blocks of ciphertext data fed back from an output of a final logic component to the XOR component.
Abstract: One embodiment is a system adapted to encrypt one or more packets of plaintext data in cipher-block chaining (CBC) mode. The system includes a plurality of digital logic components connected in series, where respective components are operative to process one or more rounds of a block cipher algorithm. A plurality of N bit registers are respectively coupled to the plurality of digital logic components. An XOR component receives blocks of plaintext data and blocks of ciphertext data, and XORs blocks of plaintext data for respective plaintext packets with previously encrypted blocks of ciphertext data for those plaintext packets. The XOR component iteratively feeds the XOR'd blocks of data into a first of the plurality of the digital logic components. In addition, a circuit component is operative to selectively pass blocks of ciphertext data fed back from an output of a final logic component to the XOR component.