7 results sorted by ID
Efficient Adaptively-Secure IB-KEMs and VRFs via Near-Collision Resistance
Tibor Jager, Rafael Kurek, David Niehues
Public-key cryptography
We construct more efficient cryptosystems with provable security against adaptive attacks, based on simple and natural hardness assumptions in the standard model. Concretely, we describe:
- An adaptively-secure variant of the efficient, selectively-secure LWE-based identity-based encryption (IBE) scheme of Agrawal, Boneh, and Boyen (EUROCRYPT 2010).
In comparison to the previously most efficient such scheme by Yamada (CRYPTO 2017) we achieve smaller lattice parameters and shorter public...
OAE-RUP: A Strong Online AEAD Security Notion and its Application to SAEF
Amit Singh Bhati, Elena Andreeva, Damian Vizar
Secret-key cryptography
Release of unverified plaintexts (RUP) security is an important target for robustness in AE schemes. It is also highly crucial for lightweight (LW) implementations of online AE schemes on memory-constrained devices. Surprisingly, very few online AEAD schemes come with provable guarantees against RUP integrity and not one with any well-defined RUP confidentiality.
In this work, we first propose a new strong security notion for online AE schemes called OAE-RUP that captures security under...
Symbolic Security Criteria for Blockwise Adaptive Secure Modes of Encryption
Catherine Meadows
Foundations
Symbolic methods for reasoning about the security of cryptographic systems have for some time concentrated mainly on protocols. More recently, however, we see a rising interest in the use of symbolic methods to reason about the security of algorithms as well, especially algorithms that are built by combining well-defined primitives. For this kind of application two things are generally required: the ability to reason about term algebras obeying equational theories at the symbolic level,...
Linking Online Misuse-Resistant Authenticated Encryption and Blockwise Attack Models
Guillaume Endignoux, Damian Vizár
Secret-key cryptography
Real-world applications of authenticated encryption often require the encryption to be computable {online}, e.g. to compute the $i^{\textrm{th}}$ block of ciphertext after having processed the first $i$ blocks of plaintext. A significant line of research was dedicated to identifying security notions for online authenticated encryption schemes, that capture various security goals related to real-life scenarios. Fouque, Joux, Martinet and Valette proposed definitions of privacy and integrity...
Multi-key Analysis of Tweakable Even-Mansour with Applications to Minalpher and OPP
Zhiyuan Guo, Wenling Wu, Renzhang Liu, Liting Zhang
The tweakable Even-Mansour construction generalizes the conventional Even-Mansour scheme through
replacing round keys by strings derived from a master key and a tweak. Besides providing plenty
of inherent variability, such a design builds a tweakable block cipher from some lower level
primitive. In the present paper, we evaluate the multi-key security of TEM-1, one of the most
commonly used one-round tweakable Even-Mansour schemes (introduced at CRYPTO 2015), which is
constructed from a...
Modes of Encryption Secure against Blockwise-Adaptive Chosen-Plaintext Attack
Gregory V. Bard
Foundations
Blockwise-adaptive chosen-plaintext and chosen-ciphertext attack are new models for cryptanalytic
adversaries, first discovered by Joux, et al [JMV02], and describe a vulnerability in
SSH discovered by Bellare, et al [BKN02]. Unlike traditional chosen-plaintext (CPA) or chosen-ciphertext
(CCA) adversaries, the blockwise adversary can submit individual blocks for encryption
or decryption rather than entire messages. This paper focuses on the search for on-line
encryption schemes which are...
A Challenging but Feasible Blockwise-Adaptive Chosen-Plaintext Attack on SSL
Gregory V. Bard
Implementation
This paper introduces a chosen-plaintext vulnerability in the Secure
Sockets Layer (SSL) and Trasport Layer Security (TLS) protocols which
enables recovery of low entropy strings such as can be guessed from a
likely set of 2--1000 options. SSL and TLS are widely used for
securing communication over the Internet. When utilizing block ciphers
for encryption, the SSL and TLS standards mandate the use of the
cipher block chaining (CBC) mode of encryption which requires an
initialization vector...
We construct more efficient cryptosystems with provable security against adaptive attacks, based on simple and natural hardness assumptions in the standard model. Concretely, we describe: - An adaptively-secure variant of the efficient, selectively-secure LWE-based identity-based encryption (IBE) scheme of Agrawal, Boneh, and Boyen (EUROCRYPT 2010). In comparison to the previously most efficient such scheme by Yamada (CRYPTO 2017) we achieve smaller lattice parameters and shorter public...
Release of unverified plaintexts (RUP) security is an important target for robustness in AE schemes. It is also highly crucial for lightweight (LW) implementations of online AE schemes on memory-constrained devices. Surprisingly, very few online AEAD schemes come with provable guarantees against RUP integrity and not one with any well-defined RUP confidentiality. In this work, we first propose a new strong security notion for online AE schemes called OAE-RUP that captures security under...
Symbolic methods for reasoning about the security of cryptographic systems have for some time concentrated mainly on protocols. More recently, however, we see a rising interest in the use of symbolic methods to reason about the security of algorithms as well, especially algorithms that are built by combining well-defined primitives. For this kind of application two things are generally required: the ability to reason about term algebras obeying equational theories at the symbolic level,...
Real-world applications of authenticated encryption often require the encryption to be computable {online}, e.g. to compute the $i^{\textrm{th}}$ block of ciphertext after having processed the first $i$ blocks of plaintext. A significant line of research was dedicated to identifying security notions for online authenticated encryption schemes, that capture various security goals related to real-life scenarios. Fouque, Joux, Martinet and Valette proposed definitions of privacy and integrity...
The tweakable Even-Mansour construction generalizes the conventional Even-Mansour scheme through replacing round keys by strings derived from a master key and a tweak. Besides providing plenty of inherent variability, such a design builds a tweakable block cipher from some lower level primitive. In the present paper, we evaluate the multi-key security of TEM-1, one of the most commonly used one-round tweakable Even-Mansour schemes (introduced at CRYPTO 2015), which is constructed from a...
Blockwise-adaptive chosen-plaintext and chosen-ciphertext attack are new models for cryptanalytic adversaries, first discovered by Joux, et al [JMV02], and describe a vulnerability in SSH discovered by Bellare, et al [BKN02]. Unlike traditional chosen-plaintext (CPA) or chosen-ciphertext (CCA) adversaries, the blockwise adversary can submit individual blocks for encryption or decryption rather than entire messages. This paper focuses on the search for on-line encryption schemes which are...
This paper introduces a chosen-plaintext vulnerability in the Secure Sockets Layer (SSL) and Trasport Layer Security (TLS) protocols which enables recovery of low entropy strings such as can be guessed from a likely set of 2--1000 options. SSL and TLS are widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL and TLS standards mandate the use of the cipher block chaining (CBC) mode of encryption which requires an initialization vector...