Showing papers on "Plaintext-aware encryption published in 1997"

All-or-Nothing Encryption and the Package Transform

Abstract: We present a new mode of encryption for block ciphers, which we call all-or-nothing encryption This mode has the interesting defining property that one must decrypt the entire ciphertext before one can determine even one message block This means that brute-force searches against all-or-nothing encryption are slowed down by a factor equal to the number of blocks in the ciphertext We give a specific way of implementing all-or-nothing encryption using a “package transform≓ as a pre-processing step to an ordinary encryption mode A package transform followed by ordinary codebook encryption also has the interesting property that it is very efficiently implemented in parallel All-or-nothing encryption can also provide protection against chosen-plaintext and related-message attacks

A new public-key cryptosystem

Abstract: This paper describes a new public-key cryptosystem where the ciphertext is obtained by multiplying the public-keys indexed by the message bits and the cleartext is recovered by factoring the ciphertext raised to a secret power. Encryption requires four multiplications/byte and decryption is roughly equivalent to the generation of an RSA signature.

Method of establishing secure, digitally signed communications using an encryption key based on a blocking set cryptosystem

Abstract: The encryption key based on a blocking set cryptosystem includes knowledge of the blocking set, and ciphers (usually independent) on the blocking set and its complement. In order to decipher, a legitimate receiver needs to know only the blocking set and the cipher used on it. Thus it is not necessary for the sender to transmit to anyone the cipher on the complement of the blocking set. The fact that part of the encryption key need not be transmitted is the fundamental difference between the proposed cryptosystem and the so-called private key system, where both the sender and receiver know, but keep secret, the encryption and decryption keys. Particularly useful applications of this scheme are two situations where a central person, institution or computer send out confidential information to several parties, but where none of the parties has the authority to transmit information to the group. This might apply to the main branch of a company, or to a certification authority in a cryptographic protocol. It can also be used to establish an access hierarchy in a computer or security network.

Private-key cryptosystem based on burst-error-correcting codes

Abstract: The author proposes a new private-key cryptosystem based on burst-error-correcting codes which is secure against chosen-plaintext attacks.

ATM cell encryption and key update synchronization

Abstract: This paper presents a data compaction/randomization based approach as a mode of block encryption for ATM (Asynchronous Transfer Mode) cells. The presented approach converts a plaintext into pseudo?random plaintext before ciphering to conceal patterns in the plaintext. The underlying idea behind this scheme is the Shannon's principles of "confusion" and "diffusion" which involve breaking dependencies and introducing as much randomness as possible into the ciphertext. In this scheme, confusion and diffusion are introduced into the system by first compressing the ATM cell payload and then spreading a continuously changing random data over the entire content of the cell. As a mode of operation for block ciphering, this scheme offers the following attractive features:(i) plaintext patterns are pseudo?randomized and chained with ciphertext (thereby, preventing against "dictionary", "known plaintext", and "statistical analysis" attacks), (ii) it is self?synchronizing, (iii) cell loss has no additional negative effect, (iv) no IV (Initialization Vector) storage is required, (v) it is encryption?algorithm independent, (vi) there is no cell?to?cell dependency (no feedback from previous cells), and (vii) it is highly scalable (i.e., cells from the same stream can be ciphered and deciphered in parallel). This paper also presents a secure mechanism for in?band synchronization of encryption/decryption key updates using a "marker?cell" that is carried within the data channel. An important aspect of both the above mechanisms is that they do not require any changes to the ATM cell header or ATM infrastructure.

Eliminating Decryption Errors in the Ajtai-Dwork Cryptosystem.

Abstract: Following Ajtai's lead, Ajtai and Dwork have recently introduced a public-key encryption scheme which is secure under the assumption that a certain computational problem on lattices is hard on the worst-case. Their encryption method may cause decryption errors, though with small probability (i.e., inversely proportional to the security parameter). In this paper we modify the encryption method of Ajtai and Dwork so that the legitimate receiver always recovers the message sent. That is, we make the Ajtai-Dwork Cryptosystem error-free.

A Key Escrow System of the RSA Cryptosystem

Abstract: This paper focuses a key escrow system of the RSA cryptosystem that protects user privacy with the following properties; (1) neither investigation agency nor key escrow agent accesses private key of user directly, (2) investigation agency can decrypt user data of restricted time period and communication entities, and (3) split private keys of user are deposited correctly in multiple key escrow agents without any information leakage of the private key with help of a zero-knowledge interactive protocol. The security of the whole system is discussed as well as the performance of the zero-knowledge interactive protocol.

Protection of Data and Delegated Keys in Digital Distribution

Abstract: A cryptography is quite effective in protecting digital information from unauthorized access. But if a receiver of information is determined after the encryption of the information, e.g. a posted encrypted news is withdrawn by an arbitrary user in open networks, we need an additional mechanism for converting the encrypted information into a form accessible only to an admissible user. Even though such a transformation is done by the consecutive execution of decryption of a ciphertext and re-encryption of a recovered plaintext, an intermediary plaintext may be stolen during the re-encryption. In this paper we examine secure digital distribution systems, information storage system and information provider system, in which encrypted information is directly transformed into a ciphertext of an admissible user. We show that the technique of a proxy cryptosystem is useful for establishing these distribution systems. Proposed protocols can be constructed base on the ElGamal cryptosystem or the RSA cryptosystem. Meanwhile, a blind decryption protocol provides privacy protection with respect to the selection of a ciphertext to be decrypted. In terms of digital distribution it also provides a secure information delivery. An information provider system using a blind decryption protocol possesses a problem such that a decrypting person computes exponentiation for a message freely selected by a requesting person. For such an oracle problem, a solution is known with use of a transformable signature. In this paper we show another measure prohibiting the abuse of the blind decryption protocol.