Plaintext-aware encryption

About: Plaintext-aware encryption is a research topic. Over the lifetime, 1980 publications have been published within this topic receiving 101775 citations. The topic is also known as: Plaintext awareness.

Analysis of the E0 Encryption System

Abstract: The encryption system E0, which is the encryption system used in the Bluetooth specification, is examined. In the current paper, a method of deriving the cipher key from a set of known keystream bits is given. The running time for this method depends on the amount of known keystream available, varying from O(284) if 132 bits are available to O(273), given 243 bits of known keystream. Although the attacks are of no advantage if E0 is used with the recommended security parameters (64 bit encryption key), they provide an upper bound on the amount of security that would be made available by enlarging the encryption key, as discussed in the Bluetooth specification.

Why Chosen Ciphertext Security Matters

Abstract: This article motivates the importance of public-key cryptosystems that are secure against chosen ciphertext attack, and of rigorous security proofs. It also discusses the new cryptosystem developed by Cramer and Shoup, and its relevance in this regard.

A Public-Key Cryptosystem with Worst-Case/Average-Case Equivalence

Abstract: We present a probabilistic public key cryptosystem which is secure unless the worst case of the following lattice problem can be solved in polynomial time: “Find the shortest nonzero vector in an n dimensional lattice L where the shortest vector v is unique in the sense that any other vector whose length is at most n’ [lull is parallel to v.”

Plaintext Awareness via Key Registration

Abstract: In this paper, we reconsider the notion of plaintext awareness. We present a new model for plaintext-aware encryption that is both natural and useful. We achieve plaintext-aware encryption without random oracles by using a third party. However, we do not need to trust the third party: even when the third party is dishonest, we still guarantee security against adaptive chosen ciphertext attacks. We show a construction that achieves this definition under general assumptions. We further motivate this achievement by showing an important and natural application: giving additional real-world meaningfulness to the Dolev-Yao model.

Tag-KEM/DEM: A New Framework for Hybrid Encryption

Abstract: This paper presents a novel framework for the generic construction of hybrid encryption schemes which produces more efficient schemes than the ones known before. A previous framework introduced by Shoup combines a key encapsulation mechanism (KEM) and a data encryption mechanism (DEM). While it is sufficient to require both components to be secure against chosen ciphertext attacks (CCA-secure), Kurosawa and Desmedt showed a particular example of KEM that is not CCA-secure but can be securely combined with a specific type of CCA-secure DEM to obtain a more efficient, CCA-secure hybrid encryption scheme. There are also many other efficient hybrid encryption schemes in the literature that do not fit into Shoup’s framework. These facts serve as motivation to seek another framework. The framework we propose yields more efficient hybrid scheme, and in addition provides insightful explanation about existing schemes that do not fit into the previous framework. Moreover, it allows immediate conversion from a class of threshold public-key encryption to a threshold hybrid one without considerable overhead, which may not be possible in the previous approach.