Skip to main content

2010 | OriginalPaper | Buchkapitel

8. Concealment and Its Applications to Authenticated Encryption

verfasst von : Yevgeniy Dodis

Erschienen in: Practical Signcryption

Verlag: Springer Berlin Heidelberg

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

In this chapter we will study a recent cryptographic primitive called concealment, which was introduced by Dodis and An [75, 76] because of its natural applications to authenticated encryption.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Fußnoten
1
We note that authenticated encryption in the public-key setting is typically called signcryption [203, 204]. However, since all our applications of concealments will work, with minor adjustments, in both in the symmetric- and in the public-key settings, we will use the term authenticated encryption throughout.
 
2
In this chapter, though, we will concentrate on the more popular symmetric-key setting, only briefly mentioning the simple extension to the public-key setting.
 
3
Except that both [107] and [40] insist on achieving some kind of pseudorandomness of the output. Even though our constructions achieve it as well, we feel this requirement is not crucial for any application of RKAE and was mainly put to make the definition look similar to RK-PRPs.
 
4
Unfortunately, the shortest length of the binder b which we can currently achieve is roughly 300 bits. This means that most popular block ciphers, such as AES, cannot be used in this setting. However, any block cipher with a 512-bit block seems to be more than sufficient.
 
5
We could have allowed \({\mathcal{A}}\) to find \(h\neq h'\) as long as \((h,b)\), \((h',b)\) do not open to distinct messages \(m\neq m'\). However, we will find the stronger notion more convenient.
 
6
Meaning that the maximal probability that two unequal messages collide under a random H is at most \(\frac{n}{{\it v}2^{\it v}}\).
 
7
Meaning “strong unforgeability against chosen message attack.”
 
8
Meaning “indistinguishability against chosen ciphertext attack.”
 
9
Of course, since S and R share the same key and use the same algorithms, there is no need to allow for “another” chosen message attack on R or a chosen ciphertext attack on S.
 
10
A slightly weaker notion of UF-CMA requires C to correspond to “new” message m not submitted to \({\texttt{AuthEnc}}_K(\cdot)\).
 
11
Note that the definition does not prevent so-called reflection attacks, where a message produced by S is returned back to S as a valid message from R. Such attacks can (and should) be easily prevented by a higher level application.
 
12
Meaning “indistinguishability against chosen plaintext attack.”
 
13
The formalization of this claim is somewhat subtle; see [6].
 
14
Clearly, this also means that this is a secure way to build a “long” authenticated encryption from a single call to a block cipher. In fact, preimage resistance of H and key-one-wayness of \({\texttt{Enc}}\) are not needed in this case.
 
Literatur
6.
Zurück zum Zitat S. Alt. Authenticated hybrid encryption for multiple recipients. Available from http:// eprint.iacr.org/2006/029, 2006. S. Alt. Authenticated hybrid encryption for multiple recipients. Available from http://​ eprint.iacr.org/2006/029, 2006.
8.
Zurück zum Zitat J. H. An and M. Bellare. Constructing VIL-MACs from FIL-MACs: Message authentication under weakened assumptions. In M. Wiener, editor, Advances in Cryptology – Crypto ’99, volume 1666 of Lecture Notes in Computer Science, pages 252–269. Springer, 1999. J. H. An and M. Bellare. Constructing VIL-MACs from FIL-MACs: Message authentication under weakened assumptions. In M. Wiener, editor, Advances in Cryptology – Crypto ’99, volume 1666 of Lecture Notes in Computer Science, pages 252–269. Springer, 1999.
10.
Zurück zum Zitat J. H. An, Y. Dodis, and T. Rabin. On the security of joint signatures and encryption. In L. Knudsen, editor, Advances in Cryptology – Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pages 83–107. Springer, 2002. J. H. An, Y. Dodis, and T. Rabin. On the security of joint signatures and encryption. In L. Knudsen, editor, Advances in Cryptology – Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pages 83–107. Springer, 2002.
24.
Zurück zum Zitat M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. In N. Koblitz, editor, Advances in Cryptology – Crypto ’96, volume 1109 of Lecture Notes in Computer Science, pages 1–15. Springer, 1996. M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. In N. Koblitz, editor, Advances in Cryptology – Crypto ’96, volume 1109 of Lecture Notes in Computer Science, pages 1–15. Springer, 1996.
25.
Zurück zum Zitat M. Bellare, J. Killian, and P. Rogaway. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, 61(3):362–399, 2000.MATHCrossRefMathSciNet M. Bellare, J. Killian, and P. Rogaway. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, 61(3):362–399, 2000.MATHCrossRefMathSciNet
26.
Zurück zum Zitat M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In T. Okamoto, editor, Advances in Cryptology – Asiacrypt 2000, volume 1976 of Lecture Notes in Computer Science, pages 531–545. Springer, 2000. M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In T. Okamoto, editor, Advances in Cryptology – Asiacrypt 2000, volume 1976 of Lecture Notes in Computer Science, pages 531–545. Springer, 2000.
30.
Zurück zum Zitat M. Bellare and P. Rogaway. Optimal asymmetric encryption. In A. De Santis, editor, Advances in Cryptology – Eurocrypt ’94, volume 950 of Lecture Notes in Computer Science, pages 92–111. Springer, 1994. M. Bellare and P. Rogaway. Optimal asymmetric encryption. In A. De Santis, editor, Advances in Cryptology – Eurocrypt ’94, volume 950 of Lecture Notes in Computer Science, pages 92–111. Springer, 1994.
32.
Zurück zum Zitat M. Bellare and P. Rogaway. Collision-resistant hashing: Towards making UOWHFs practical. In B. S. Kaliski Jr., editor, Advances in Cryptology – Crypto ’97, volume 1294 of Lecture Notes in Computer Science, pages 470–484. Springer, 1997. M. Bellare and P. Rogaway. Collision-resistant hashing: Towards making UOWHFs practical. In B. S. Kaliski Jr., editor, Advances in Cryptology – Crypto ’97, volume 1294 of Lecture Notes in Computer Science, pages 470–484. Springer, 1997.
33.
Zurück zum Zitat M. Bellare and P. Rogaway. Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography. In T. Okamoto, editor, Advances in Cryptology – Asiacrypt 2000, volume 1976 of Lecture Notes in Computer Science, pages 317–330. Springer, 2000. M. Bellare and P. Rogaway. Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography. In T. Okamoto, editor, Advances in Cryptology – Asiacrypt 2000, volume 1976 of Lecture Notes in Computer Science, pages 317–330. Springer, 2000.
35.
Zurück zum Zitat D. J. Bernstein. The Poly1305-AES message-authentication code. In H. Gilbert and H. Handschuh, editors, Fast Software Encryption – FSE 2005, volume 3557 of Lecture Notes in Computer Science, pages 32–49. Springer, 2005. D. J. Bernstein. The Poly1305-AES message-authentication code. In H. Gilbert and H. Handschuh, editors, Fast Software Encryption – FSE 2005, volume 3557 of Lecture Notes in Computer Science, pages 32–49. Springer, 2005.
38.
Zurück zum Zitat J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and secure message authentication. In M. Wiener, editor, Advances in Cryptology – Crypto ’99, volume 1666 of Lecture Notes in Computer Science, pages 216–233. Springer, 1999. J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and secure message authentication. In M. Wiener, editor, Advances in Cryptology – Crypto ’99, volume 1666 of Lecture Notes in Computer Science, pages 216–233. Springer, 1999.
39.
Zurück zum Zitat M. Blaze. High-bandwidth encryption with low-bandwidth smartcards. In D. Gollmann, editor, Fast Software Encryption – FSE ’96, volume 1039 of Lecture Notes in Computer Science, pages 33–40. Springer, 1996. M. Blaze. High-bandwidth encryption with low-bandwidth smartcards. In D. Gollmann, editor, Fast Software Encryption – FSE ’96, volume 1039 of Lecture Notes in Computer Science, pages 33–40. Springer, 1996.
40.
Zurück zum Zitat M. Blaze, J. Feigenbaum, and M. Naor. A formal treatment of remotely keyed encryption. In K. Nyberg, editor, Advances in Cryptology – Eurocrypt ’98, volume 1403 of Lecture Notes in Computer Science, pages 251–265. Springer, 1998. M. Blaze, J. Feigenbaum, and M. Naor. A formal treatment of remotely keyed encryption. In K. Nyberg, editor, Advances in Cryptology – Eurocrypt ’98, volume 1403 of Lecture Notes in Computer Science, pages 251–265. Springer, 1998.
69.
Zurück zum Zitat I. B. Damgård. Collision free hash functions and public key signature schemes. In D. Chaum and W. L. Price, editors, Advances in Cryptology – Eurocrypt ’87, volume 304 of Lecture Notes in Computer Science, pages 203–216. Springer, 1987. I. B. Damgård. Collision free hash functions and public key signature schemes. In D. Chaum and W. L. Price, editors, Advances in Cryptology – Eurocrypt ’87, volume 304 of Lecture Notes in Computer Science, pages 203–216. Springer, 1987.
75.
Zurück zum Zitat Y. Dodis and J. H. An. Concealment and its application to authenticated encryption. In E. Biham, editor, Advances in Cryptology – Eurocrypt 2003, volume 2656 of Lecture Notes in Computer Science, pages 312–329. Springer, 2003. Y. Dodis and J. H. An. Concealment and its application to authenticated encryption. In E. Biham, editor, Advances in Cryptology – Eurocrypt 2003, volume 2656 of Lecture Notes in Computer Science, pages 312–329. Springer, 2003.
94.
Zurück zum Zitat S. Halevi and H. Krawczyk. Strengthening digital signatures via randomized hashing. In C. Dwork, editor, Advances in Cryptology – Crypto 2006, volume 4117 of Lecture Notes in Computer Science, pages 41–59. Springer, 2006. S. Halevi and H. Krawczyk. Strengthening digital signatures via randomized hashing. In C. Dwork, editor, Advances in Cryptology – Crypto 2006, volume 4117 of Lecture Notes in Computer Science, pages 41–59. Springer, 2006.
98.
Zurück zum Zitat R. Impagliazzo and M. Luby. One-way functions are essential for complexity based cryptography. In Proceedings of the 30th Symposium on Foundations of Computer Science – FOCS ’89, pages 230–235. IEEE Computer Society, 1989. R. Impagliazzo and M. Luby. One-way functions are essential for complexity based cryptography. In Proceedings of the 30th Symposium on Foundations of Computer Science – FOCS ’89, pages 230–235. IEEE Computer Society, 1989.
107.
Zurück zum Zitat M. Jakobsson, J. P. Stern, and M. Yung. Scramble all, encrypt small. In L. Knudsen, editor, Fast Software Encryption – FSE ’99, volume 1636 of Lecture Notes in Computer Science, pages 95–111. Springer, 1999. M. Jakobsson, J. P. Stern, and M. Yung. Scramble all, encrypt small. In L. Knudsen, editor, Fast Software Encryption – FSE ’99, volume 1636 of Lecture Notes in Computer Science, pages 95–111. Springer, 1999.
110.
Zurück zum Zitat A. Joux, G. Martinet, and F. Valette. Blockwise-adaptive attackers: Revisiting the (in)security of some provably secure encryption models: CBC, GEM, IACBC. In M. Yung, editor, Advances in Cryptology – Crypto 2002, volume 2442 of Lecture Notes in Computer Science, pages 17–30. Springer, 2002. A. Joux, G. Martinet, and F. Valette. Blockwise-adaptive attackers: Revisiting the (in)security of some provably secure encryption models: CBC, GEM, IACBC. In M. Yung, editor, Advances in Cryptology – Crypto 2002, volume 2442 of Lecture Notes in Computer Science, pages 17–30. Springer, 2002.
112.
Zurück zum Zitat C. S. Jutla. Encryption modes with almost free message integrity. In B. Pfitzmann, editor, Advances in Cryptology – Eurocrypt 2001, volume 2045 of Lecture Notes in Computer Science, pages 529–544. Springer, 2001. C. S. Jutla. Encryption modes with almost free message integrity. In B. Pfitzmann, editor, Advances in Cryptology – Eurocrypt 2001, volume 2045 of Lecture Notes in Computer Science, pages 529–544. Springer, 2001.
114.
Zurück zum Zitat J. Katz and M. Yung. Unforgeable encryption and chosen ciphertext secure modes of operation. In B. Schneier, editor, Fast Software Encryption – FSE 2000, volume 1978 of Lecture Notes in Computer Science, pages 284–299. Springer, 2000. J. Katz and M. Yung. Unforgeable encryption and chosen ciphertext secure modes of operation. In B. Schneier, editor, Fast Software Encryption – FSE 2000, volume 1978 of Lecture Notes in Computer Science, pages 284–299. Springer, 2000.
125.
Zurück zum Zitat S. Lucks. On the security of remotely keyed encryption. In E. Biham, editor, Fast Software Encryption – FSE ’97, volume 1267 of Lecture Notes in Computer Science, pages 219–229. Springer, 1997. S. Lucks. On the security of remotely keyed encryption. In E. Biham, editor, Fast Software Encryption – FSE ’97, volume 1267 of Lecture Notes in Computer Science, pages 219–229. Springer, 1997.
126.
Zurück zum Zitat S. Lucks. Accelerated remotely keyed encryption. In L. Knudsen, editor, Fast Software Encryption – FSE ’99, volume 1636 of Lecture Notes in Computer Science, pages 112–123. Springer, 1999. S. Lucks. Accelerated remotely keyed encryption. In L. Knudsen, editor, Fast Software Encryption – FSE ’99, volume 1636 of Lecture Notes in Computer Science, pages 112–123. Springer, 1999.
139.
Zurück zum Zitat A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.
146.
Zurück zum Zitat M. Naor. Bit commitment using pseudorandomness. Journal of Cryptology, 4(2):151–158, 1991.MATHCrossRef M. Naor. Bit commitment using pseudorandomness. Journal of Cryptology, 4(2):151–158, 1991.MATHCrossRef
147.
Zurück zum Zitat M. Naor and M. Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the 21st Symposium on the Theory of Computing – STOC 1989, pages 33–43. ACM Press, 1989. M. Naor and M. Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the 21st Symposium on the Theory of Computing – STOC 1989, pages 33–43. ACM Press, 1989.
167.
Zurück zum Zitat P. Rogaway. Authenticated-encryption with associated-data. In Proceedings of the 9th ACM Conference on Computer and Communications Security – ACM CCS 2002, pages 98–107. ACM Press, 2002. P. Rogaway. Authenticated-encryption with associated-data. In Proceedings of the 9th ACM Conference on Computer and Communications Security – ACM CCS 2002, pages 98–107. ACM Press, 2002.
168.
Zurück zum Zitat P. Rogaway, M. Bellare, J. Black, and T. Krovetz. OCB: A block-cipher mode of operation for efficient authenticated encryption. In Proceedings of the 8th ACM Conference on Computer and Communications Security – ACM CCS 2001, pages 196–205. ACM Press, 2001. P. Rogaway, M. Bellare, J. Black, and T. Krovetz. OCB: A block-cipher mode of operation for efficient authenticated encryption. In Proceedings of the 8th ACM Conference on Computer and Communications Security – ACM CCS 2001, pages 196–205. ACM Press, 2001.
169.
Zurück zum Zitat J. Rompel. One-way functions are necessary and sufficient for secure signatures. In Proceedings of the 22nd Symposium on the Theory of Computing – STOC 1990, pages 387 – 394. ACM Press, 1990. J. Rompel. One-way functions are necessary and sufficient for secure signatures. In Proceedings of the 22nd Symposium on the Theory of Computing – STOC 1990, pages 387 – 394. ACM Press, 1990.
179.
Zurück zum Zitat V. Shoup. A composition theorem for universal one-way hash functions. In B. Preneel, editor, Advances in Cryptology – Eurocrypt 2000, volume 1807 of Lecture Notes in Computer Science, pages 445–452. Springer, 2000. V. Shoup. A composition theorem for universal one-way hash functions. In B. Preneel, editor, Advances in Cryptology – Eurocrypt 2000, volume 1807 of Lecture Notes in Computer Science, pages 445–452. Springer, 2000.
182.
Zurück zum Zitat D. R. Simon. Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In K. Nyberg, editor, Advances in Cryptology – Eurocrypt ’98, volume 1403 of Lecture Notes in Computer Science, pages 334–345. Springer, 1998. D. R. Simon. Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In K. Nyberg, editor, Advances in Cryptology – Eurocrypt ’98, volume 1403 of Lecture Notes in Computer Science, pages 334–345. Springer, 1998.
185.
203.
Zurück zum Zitat Y. Zheng. Digital signcryption or how to achieve cost(signature & encryption) « cost (signature) + cost(encryption). In B. S. Kaliski Jr., editor, Advances in Cryptology – Crypto ’97, volume 1294 of Lecture Notes in Computer Science, pages 165–179. Springer, 1997. Y. Zheng. Digital signcryption or how to achieve cost(signature & encryption) « cost (signature) + cost(encryption). In B. S. Kaliski Jr., editor, Advances in Cryptology – Crypto ’97, volume 1294 of Lecture Notes in Computer Science, pages 165–179. Springer, 1997.
Metadaten
Titel
Concealment and Its Applications to Authenticated Encryption
verfasst von
Yevgeniy Dodis
Copyright-Jahr
2010
Verlag
Springer Berlin Heidelberg
DOI
https://doi.org/10.1007/978-3-540-89411-7_8