Plaintext-aware encryption

About: Plaintext-aware encryption is a research topic. Over the lifetime, 1980 publications have been published within this topic receiving 101775 citations. The topic is also known as: Plaintext awareness.

Cryptanalysis and improvement of two hyper-chaos-based image encryption schemes

Abstract: As chaos-based image encryption developed, its security relies on two operations, permutation and diffusion. Some existing schemes in the literature are broken due to the failed design of either permutation or diffusion. An image encryption scheme based on hyper-chaos, proposed by Gao and Chen has undergone the scrutiny from research community and security weaknesses found. Its improvement by Rhouma and Belghith needs to be carefully examined. This paper points out that both of them suffer from the problem of low security-sensitivity to plain-image change. Thus, attackers can predict the order of permutation and the security of the cryptosystem only relies on the diffusion operation. This implies that security level is potentially degraded. In this paper, an improvement of the hyper-chaos-based image encryption scheme is proposed to fix the weakness in not only Gao and Chen?s but also that in Rhouma and Belghith?s modified approaches. Two image encryption schemes suffer from the problem of low security-sensitivity.An improvement is proposed to fix the weakness found.Confusion and diffusion are enhanced such that attacks are turned infeasible.

Fast, Secure Encryption for Indexing in a Column-Oriented DBMS

Abstract: Networked information systems require strong security guarantees because of the new threats that they face. Various forms of encryption have been proposed to deal with this problem. In a database system, there are often two contradictory goals: security of the encryption and fast performance of queries. There have been a number of proposals of database encryption schemes to facilitate queries on encrypted columns. Order-preserving encryption techniques are well-suited for databases since they support a simple, and efficient way to build indices. However, as we will show, they are insecure under straightforward attack scenarios. We propose a new light-weight database encryption scheme (called FCE) for column stores in data warehouses with trusted servers. The low decryption overhead of FCE makes comparisons of ciphertexts and hence indexing operations very fast. Since it is hard to use classical security definitions in cryptography to prove the security of any existing symmetric encryption scheme, we propose a relaxed measure of security, called INFO-CPA-DB. INFO-CPA-DB is based on a well-established security definition in cryptography and relaxes it using information theoretic concepts. Using INFO-CPA-DB, we give strong evidence that FCE is as secure as any underlying block cipher (yet more efficient than using the block cipher itself). Using the same security measure we also show the inherent insecurity of any order preserving encryption scheme under straightforward attack scenarios. We discuss indexing techniques based on FCE as well.

A Known Plaintext Attack of FEAL-4 and FEAL-6

Abstract: We present new results on the cryptanalysis of the FEAL-N blockcipher. As a matter of fact, almost all the attacks of this cryptosystem published so far are chosen plaintext attacks [3,4,5,7], except the announcement in [7] of a non-differential known plaintext attack of FEAL-4 which requires about 100000 plaintext blocks. We describe known plaintext attacks of FEAL-4 and FEAL-6, which require about 1000 and 20000 plaintext blocks respectively and are based on correlations with linear functions. Using similar methods, we have also found more recently an improved attack on FEAL-4, which requires only 200 knwon plaintext blocks.

Securely combining public-key cryptosystems

Abstract: It is a maxim of sound computer-security practice that a cryptographic key should have only a single use For example, an RSA key pair should be used only for public-key encryption or only for digital signatures, and not for bothIn this paper we show that in many cases, the simultaneous use of related keys for two cryptosystems, eg for a public-key encryption system and for a public-key signature system, does not compromise their security We demonstrate this for a variety of public-key encryption schemes that are secure against chosen-ciphertext attacks, and for a variety of digital signature schemes that are secure against forgery under chosen-message attacks The precise form of the statement of security that we are able to prove depends on the particular cryptographic schemes in question and on the cryptographic assumptions needed for their proofs of security; but in every case, our proof of security does not require any additional cryptographic assumptionsAmong the cryptosystems that we analyze in this manner are the public-key encryption schemes of Cramer and Shoup, Naor and Yung, and Dolev, Dwork, and Naor, which are all defined in them standard model, while in the random-oracle model we analyze plaintext-aware encryption schemes (as defined by Bellare and Rogaway) and in particular the OAEP+ cryptosystem Among public-key signature schemes, we analyze those of Cramer and Shoup and of Gennaro, Halevi, and Rabin in the standard model, while in the random-oracle model we analyze the RSA PSS scheme as well as variants of the El Gamal and Schnorr schemes (See references within)