Authenticated and Misuse-Resistant Encryption of Key-Dependent Data

被引:0
|
作者
Bellare, Mihir [1 ]
Keelveedhi, Sriram [1 ]
机构
[1] Univ Calif San Diego, Dept Comp Sci & Engn, 9500 Gilman Dr, La Jolla, CA 92093 USA
来源
ADVANCES IN CRYPTOLOGY - CRYPTO 2011 | 2011年 / 6841卷
关键词
CIRCULAR-SECURE ENCRYPTION; MESSAGE SECURITY; PLAINTEXT; ATTACKS; MODE; OAEP;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
This paper provides a comprehensive treatment of the security of authenticated encryption (AE) in the presence of key-dependent data, considering the four variants of the goal arising from the choice of universal nonce or random nonce security and presence or absence of a header. We present attacks showing that universal-nonce security for key-dependent messages is impossible, as is security for key-dependent headers, not only ruling out security for three of the four variants but showing that currently standarized and used schemes (all these target universal nonce security in the presence of headers) fail to provide security for key-dependent data. To complete the picture we show that the final variant (random-nonce security in the presence of key-dependent messages but key-independent headers) is efficiently achievable. Rather than a single dedicated scheme, we present a RO-based transform RHtE that endows any AE scheme with this security, so that existing implementations may be easily upgraded to have the best possible seurity in the presence of key-dependent data. RHtE is cheap, software-friendly, and continues to provide security when the key is a password, a setting in which key-dependent data is particularly likely. We go on to give a key-dependent data treatment of the goal of misuse resistant AE. Implementations are provided and show that RHtE has small overhead.
引用
收藏
页码:610 / 629
页数:20
相关论文
共 50 条
  • [31] Key Assignment Schemes with Authenticated Encryption, revisited
    Pijnenburg, Jeroen
    Poettering, Bertram
    IACR TRANSACTIONS ON SYMMETRIC CRYPTOLOGY, 2020, 2020 (02) : 40 - 67
  • [32] Key-dependent Compressed Domain Audio Hashing
    Jiao, Yuhua
    Li, Mingyu
    Li, Qiong
    Niu, Xiamu
    ISDA 2008: EIGHTH INTERNATIONAL CONFERENCE ON INTELLIGENT SYSTEMS DESIGN AND APPLICATIONS, VOL 3, PROCEEDINGS, 2008, : 29 - 32
  • [33] The Key-Dependent Capacity in Multidimensional Linear Cryptanalysis
    Cao, Wenqin
    Zhang, Wentao
    Zhao, Xuefeng
    COMPUTER JOURNAL, 2023, 66 (02): : 269 - 279
  • [34] OAEP Is Secure under Key-Dependent Messages
    Backes, Michael
    Duermuth, Markus
    Unruh, Dominique
    ADVANCES IN CRYPTOLOGY - ASIACRYPT 2008, 2008, 5350 : 506 - 523
  • [35] Key-dependent s-box manipulations
    Harris, S
    Adams, C
    SELECTED AREAS IN CRYPTOGRAPHY, 1999, 1556 : 15 - 26
  • [36] Symmetric key-based authenticated encryption protocol
    Bhuva, Milap J.
    Singh, Sanjay
    INFORMATION SECURITY JOURNAL, 2019, 28 (1-2): : 35 - 45
  • [37] Identity-Concealed Authenticated Encryption and Key Exchange
    Zhao, Yunlei
    CCS'16: PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2016, : 1464 - 1479
  • [38] Public key authenticated encryption with keyword search: revisited
    Noroozi, Mahnaz
    Eslami, Ziba
    IET INFORMATION SECURITY, 2019, 13 (04) : 336 - 342
  • [39] Authenticated public key broadcast encryption with short ciphertexts
    Dianli Guo
    Qiaoyan Wen
    Zhengping Jin
    Hua Zhang
    Wenmin Li
    Multimedia Tools and Applications, 2019, 78 : 23399 - 23414
  • [40] Password-Authenticated Public-Key Encryption
    Bradley, Tatiana
    Camenisch, Jan
    Jarecki, Stanislaw
    Lehmann, Anja
    Neven, Gregory
    Xu, Jiayu
    APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, ACNS 2019, 2019, 11464 : 442 - 462