Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Buchtitelbild

2017 | OriginalPaper | Buchkapitel

Boosting Authenticated Encryption Robustness with Minimal Modifications

verfasst von : Tomer Ashur, Orr Dunkelman, Atul Luykx

Erschienen in: Advances in Cryptology – CRYPTO 2017

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Secure and highly efficient authenticated encryption (AE) algorithms which achieve data confidentiality and authenticity in the symmetric-key setting have existed for well over a decade. By all conventional measures, AES-OCB seems to be the AE algorithm of choice on any platform with AES-NI: it has a proof showing it is secure assuming AES is, and it is one of the fastest out of all such algorithms. However, algorithms such as AES-GCM and ChaCha20+Poly1305 have seen more widespread adoption, even though they will likely never outperform AES-OCB on platforms with AES-NI. Given the fact that changing algorithms is a long and costly process, some have set out to maximize the security that can be achieved with the already deployed algorithms, without sacrificing efficiency: ChaCha20+Poly1305 already improves over GCM in how it authenticates, GCM-SIV uses GCM’s underlying components to provide nonce misuse resistance, and TLS1.3 introduces a randomized nonce in order to improve GCM’s multi-user security. We continue this line of work by looking more closely at GCM and ChaCha20+Poly1305 to see what robustness they already provide over algorithms such as OCB, and whether minor variants of the algorithms can be used for applications where defense in depth is critical. We formalize and illustrate how GCM and ChaCha20+Poly1305 offer varying degrees of resilience to nonce misuse, as they can recover quickly from repeated nonces, as opposed to OCB, which loses all security. More surprisingly, by introducing minor tweaks such as an additional XOR, we can create a GCM variant which provides security even when unverified plaintext is released.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Nächstes Kapitel ZMAC: A Fast Tweakable Block Cipher Mode for Highly Secure Message Authentication
Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
Tagging can be done in several ways. We mention here only one: the entry node XORs an identifing string to the message they are passing. Untagging is done by XORing the same identifier by the exit node.
 
Literatur
1.
ISO/IEC JTC 1/SC 27 19772:2009 Information technology – Security techniques – Authenticated encryption. International Organization for Standardization, Geneva, Switzerland
2.
3.
Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda K.: How to securely release unverified plaintext in authenticated encryption. In: Sarkar, P., Iwata, T. (eds.) [70], pp. 105–125
4.
Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Parallelizable and authenticated online ciphers. In: Sako, K., Sarkar, P. (eds.) [69], pp. 424–443
5.
Barwell, G., Page, D., Stam, M.: Rogue decryption failures: reconciling AE robustness notions. In: Groth, J. (ed.) [29], pp. 94–111
6.
Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) [60], pp. 531–545
7.
Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. J. Cryptol. 21(4), 469–491 (2008)MathSciNetCrossRefMATH
8.
9.
Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) [60], pp. 317–330
10.
Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) [74], pp. 409–426
11.
Bellare, M., Tackmann, B.: The multi-user security of authenticated encryption: AES-GCM in TLS 1.3. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 247–276. Springer, Heidelberg (2016). doi:10.​1007/​978-3-662-53018-4_​10 CrossRef
12.
Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32–49. Springer, Heidelberg (2005). doi:10.​1007/​11502760_​3 CrossRef
13.
14.
15.
16.
Biham, E.: How to decrypt or even substitute des-encrypted messages in \(2^{28}\) steps. Inf. Process. Lett. 84(3), 117–124 (2002)MathSciNetCrossRefMATH
17.
Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved time-memory trade-offs with multiple data. In: Preneel, B., Tavares, S.E. (eds.) SAC 2005. LNCS, vol. 3897, pp. 110–127. Springer, Heidelberg (2006). doi:10.​1007/​11693383_​8 CrossRef
18.
Böck, H., Zauner, A., Devlin, S., Somorovsky, J., Jovanovic, P.: Nonce-disrespecting adversaries: practical forgery attacks on GCM in TLS. In: 10th USENIX Workshop on Offensive Technologies, WOOT 16, Austin, TX, 8–9 August 2016. USENIX Association (2016)
19.
Boldyreva, A., Degabriele, J.P., Paterson, K.G., Stam, M.: On symmetric encryption with distinguishable decryption failures. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 367–390. Springer, Heidelberg (2014). doi:10.​1007/​978-3-662-43933-3_​19
20.
21.
22.
23.
Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: the second-generation onion router. In: Blaze, M. (ed.) Proceedings of the 13th USENIX Security Symposium, 9–13 August 2004, San Diego, CA, USA, pp. 303–320. USENIX (2004)
24.
Dworkin, M.J.: Sp 800–38d. recommendation for block cipher modes of operation: galois/counter mode (gcm) and gmac (2007)
25.
26.
27.
Fleischmann, E., Forler, C., Lucks, S.: McOE: a family of almost foolproof on-line authenticated encryption schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196–215. Springer, Heidelberg (2012). doi:10.​1007/​978-3-642-34047-5_​12 CrossRef
28.
Fouque, P., Joux, A., Mavromati, C.: Multi-user collisions: applications to discrete logarithm, even-mansour and PRINCE. In: Sarkar, P., Iwata, T. (eds.) [70], pp. 420–438
29.
Groth, J. (ed.): IMACC 2015. LNCS, vol. 9496. Springer, Cham (2015)MATH
30.
Gueron, S.: AES-GCM software performance on the current high end CPUs as a performance baseline for CAESAR competition. Directions in Authenticated Ciphers (DIAC) (2013)
31.
Gueron, S., Lindell, Y.: GCM-SIV: full nonce misuse-resistant authenticated encryption at under one cycle per byte. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October 2015, pp. 109–119. ACM (2015)
32.
33.
Hirose, S., Sasaki, Y., Yasuda, K.: Iv-fv authenticated encryption and triplet-robust decryption. In: Early Symmetric Crypto, ESC 2015, Clervaux, Luxembourg, 12–16 January 2015
34.
Hirose, S., Sasaki, Y., Yasuda, K.: Message-recovery macs and verification-unskippable AE. IACR Cryptol. ePrint Arch. 2017, 260 (2017)
35.
Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption AEZ and the problem that it solves. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 15–44. Springer, Heidelberg (2015). doi:10.​1007/​978-3-662-46800-5_​2
36.
Hoang, V.T., Reyhanitabar, R., Rogaway, P., Vizár, D.: Online authenticated-encryption and its nonce-reuse misuse-resistance. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 493–517. Springer, Heidelberg (2015). doi:10.​1007/​978-3-662-47989-6_​24 CrossRef
37.
Imamura, K., Minematsu, K., Iwata, T.: Integrity analysis of authenticated encryption based on stream ciphers. In: Chen, L., Han, J. (eds.) ProvSec 2016. LNCS, vol. 10005, pp. 257–276. Springer, Cham (2016). doi:10.​1007/​978-3-319-47422-9_​15
38.
Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. In: Safavi-Naini, R., Canetti, R. (eds.) [68], pp. 31–49
39.
Jean, J., Nikolić, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 274–288. Springer, Heidelberg (2014). doi:10.​1007/​978-3-662-45608-8_​15
40.
41.
42.
43.
44.
Krovetz, T., Rogaway, P.: The OCB authenticated-encryption algorithm. RFC 7253, May 2014
45.
Landecker, W., Shrimpton, T., Terashima, R.S.: Tweakable blockciphers with beyond birthday-bound security. In: Safavi-Naini, R., Canetti, R. (ed.) [68], pp. 14–30
46.
Leander, G. (ed.): FSE 2015. LNCS, vol. 9054. Springer, Heidelberg (2015)MATH
47.
48.
Mathewson, N.: Cryptographic directions in Tor: past and future. In: Real World Cryptography Conference (2016)
49.
McGrew, D.A., Viega, J.: The security and performance of the galois/counter mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004). doi:10.​1007/​978-3-540-30556-9_​27 CrossRef
50.
McGrew, D.A., Viega, J.: The security and performance of the galois/counter mode of operation (full version). IACR Cryptol. ePrint Arch. 2004, 193 (2004)MATH
51.
Mennink, B.: Optimally secure tweakable blockciphers. In: Leander, G. (ed.) [46], pp. 428–448
52.
53.
Minematsu, K., Iwata, T.: More on generic composition. In: Early Symmetric Crypto (ESC) 2015, pp. 69–71 (2015)
54.
Minematsu, K., Iwata, T.: Tweak-length extension for tweakable blockciphers. In: Groth, J. (ed.) [29], pp. 77–93
55.
National Institute of Standards and Technology: DES Modes of Operation. FIPS 81, December 1980
56.
Nir, Y., Langley, A.: ChaCha20 and Poly1305 for IETF protocols. RFC 7539, May 2015
57.
NIST Special Publication 800–38A: Recommendation for block cipher modes of operation - Modes and techniques. National Institute of Standards and Technology (2001)
58.
Niwa, Y., Ohashi, K., Minematsu, K., Iwata, T.: GCM security bounds reconsidered. In: Leander, G. (ed.) [46], pp. 385–407
59.
Niwa, Y., Ohashi, K., Minematsu, K., Iwata, T.: GCM security bounds reconsidered. IACR Cryptol. ePrint Arch. 2015, 214 (2015)
60.
Okamoto, T. (ed.): ASIACRYPT 2000. LNCS, vol. 1976. Springer, Heidelberg (2000)MATH
61.
Procter, G.: A security analysis of the composition of chacha20 and poly1305. IACR Cryptol. ePrint Arch. 2014, 613 (2014)
62.
Procter, G.: The design and analysis of symmetric cryptosystems. Ph.D. thesis (2015)
63.
Reyhanitabar, R., Vaudenay, S., Vizár, D.: Authenticated encryption with variable stretch. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 396–425. Springer, Heidelberg (2016). doi:10.​1007/​978-3-662-53887-6_​15 CrossRef
64.
Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004). doi:10.​1007/​978-3-540-30539-2_​2 CrossRef
65.
Rogaway, P., Bellare, M., Black, J.: OCB: a block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. 6(3), 365–403 (2003)CrossRef
66.
Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) [74], pp. 373–390
67.
Rogaway, P., Shrimpton, T.: Deterministic authenticated-encryption: a provable-security treatment of the key-wrap problem. IACR Cryptol. ePrint Arch. 2006, 221 (2006)MATH
68.
Safavi-Naini, R., Canetti, R. (eds.): CRYPTO 2012. LNCS, vol. 7417. Springer, Heidelberg (2012)MATH
69.
Sako, K., Sarkar, P. (eds.): ASIACRYPT 2013. LNCS, vol. 8269. Springer, Heidelberg (2013)MATH
70.
Sarkar, P., Iwata, T. (eds.): ASIACRYPT 2014. LNCS, vol. 8873. Springer, Heidelberg (2014)MATH
71.
Shrimpton, T., Terashima, R.S.: A modular framework for building variable-input-length tweakable ciphers. In: Sako, K., Sarkar,P. (eds.) [69], pp. 405–423
72.
Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: 1997 IEEE Symposium on Security and Privacy, 4–7 May 1997, Oakland, CA, USA, pp. 44–54. IEEE Computer Society (1997)
73.
74.
Vaudenay, S. (ed.): EUROCRYPT 2006. LNCS, vol. 4004. Springer, Heidelberg (2006)MATH
Metadaten
Titel
Boosting Authenticated Encryption Robustness with Minimal Modifications
verfasst von
Tomer Ashur
Orr Dunkelman
Atul Luykx
Copyright-Jahr
2017
Buch
Advances in Cryptology – CRYPTO 2017

Print ISBN: 978-3-319-63696-2

Electronic ISBN: 978-3-319-63697-9

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-63697-9_1

Premium Partner

    Bildnachweise