Top

Published in:

2010 | OriginalPaper | Chapter

8. Concealment and Its Applications to Authenticated Encryption

Author : Yevgeniy Dodis

Published in: Practical Signcryption

Publisher: Springer Berlin Heidelberg

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In this chapter we will study a recent cryptographic primitive called concealment, which was introduced by Dodis and An [75, 76] because of its natural applications to authenticated encryption.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Hybrid Signcryption

next chapter Parallel Signcryption

We note that authenticated encryption in the public-key setting is typically called signcryption [203, 204]. However, since all our applications of concealments will work, with minor adjustments, in both in the symmetric- and in the public-key settings, we will use the term authenticated encryption throughout.

In this chapter, though, we will concentrate on the more popular symmetric-key setting, only briefly mentioning the simple extension to the public-key setting.

Except that both [107] and [40] insist on achieving some kind of pseudorandomness of the output. Even though our constructions achieve it as well, we feel this requirement is not crucial for any application of RKAE and was mainly put to make the definition look similar to RK-PRPs.

Unfortunately, the shortest length of the binder b which we can currently achieve is roughly 300 bits. This means that most popular block ciphers, such as AES, cannot be used in this setting. However, any block cipher with a 512-bit block seems to be more than sufficient.

We could have allowed \({\mathcal{A}}\) to find \(h\neq h'\) as long as \((h,b)\), \((h',b)\) do not open to distinct messages \(m\neq m'\). However, we will find the stronger notion more convenient.

Meaning that the maximal probability that two unequal messages collide under a random H is at most \(\frac{n}{{\it v}2^{\it v}}\).

Meaning “strong unforgeability against chosen message attack.”

Meaning “indistinguishability against chosen ciphertext attack.”

Of course, since S and R share the same key and use the same algorithms, there is no need to allow for “another” chosen message attack on R or a chosen ciphertext attack on S.

A slightly weaker notion of UF-CMA requires C to correspond to “new” message m not submitted to \({\texttt{AuthEnc}}_K(\cdot)\).

Note that the definition does not prevent so-called reflection attacks, where a message produced by S is returned back to S as a valid message from R. Such attacks can (and should) be easily prevented by a higher level application.

Meaning “indistinguishability against chosen plaintext attack.”

The formalization of this claim is somewhat subtle; see [6].

Clearly, this also means that this is a secure way to build a “long” authenticated encryption from a single call to a block cipher. In fact, preimage resistance of H and key-one-wayness of \({\texttt{Enc}}\) are not needed in this case.

S. Alt. Authenticated hybrid encryption for multiple recipients. Available from http:// eprint.iacr.org/2006/029, 2006.

J. H. An and M. Bellare. Constructing VIL-MACs from FIL-MACs: Message authentication under weakened assumptions. In M. Wiener, editor, Advances in Cryptology – Crypto ’99, volume 1666 of Lecture Notes in Computer Science, pages 252–269. Springer, 1999.

10.

J. H. An, Y. Dodis, and T. Rabin. On the security of joint signatures and encryption. In L. Knudsen, editor, Advances in Cryptology – Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pages 83–107. Springer, 2002.

24.

M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. In N. Koblitz, editor, Advances in Cryptology – Crypto ’96, volume 1109 of Lecture Notes in Computer Science, pages 1–15. Springer, 1996.

25.

M. Bellare, J. Killian, and P. Rogaway. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, 61(3):362–399, 2000.MATHCrossRefMathSciNet

26.

M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In T. Okamoto, editor, Advances in Cryptology – Asiacrypt 2000, volume 1976 of Lecture Notes in Computer Science, pages 531–545. Springer, 2000.

30.

M. Bellare and P. Rogaway. Optimal asymmetric encryption. In A. De Santis, editor, Advances in Cryptology – Eurocrypt ’94, volume 950 of Lecture Notes in Computer Science, pages 92–111. Springer, 1994.

32.

M. Bellare and P. Rogaway. Collision-resistant hashing: Towards making UOWHFs practical. In B. S. Kaliski Jr., editor, Advances in Cryptology – Crypto ’97, volume 1294 of Lecture Notes in Computer Science, pages 470–484. Springer, 1997.

33.

M. Bellare and P. Rogaway. Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography. In T. Okamoto, editor, Advances in Cryptology – Asiacrypt 2000, volume 1976 of Lecture Notes in Computer Science, pages 317–330. Springer, 2000.

35.

D. J. Bernstein. The Poly1305-AES message-authentication code. In H. Gilbert and H. Handschuh, editors, Fast Software Encryption – FSE 2005, volume 3557 of Lecture Notes in Computer Science, pages 32–49. Springer, 2005.

38.

J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and secure message authentication. In M. Wiener, editor, Advances in Cryptology – Crypto ’99, volume 1666 of Lecture Notes in Computer Science, pages 216–233. Springer, 1999.

39.

M. Blaze. High-bandwidth encryption with low-bandwidth smartcards. In D. Gollmann, editor, Fast Software Encryption – FSE ’96, volume 1039 of Lecture Notes in Computer Science, pages 33–40. Springer, 1996.

40.

M. Blaze, J. Feigenbaum, and M. Naor. A formal treatment of remotely keyed encryption. In K. Nyberg, editor, Advances in Cryptology – Eurocrypt ’98, volume 1403 of Lecture Notes in Computer Science, pages 251–265. Springer, 1998.

69.

I. B. Damgård. Collision free hash functions and public key signature schemes. In D. Chaum and W. L. Price, editors, Advances in Cryptology – Eurocrypt ’87, volume 304 of Lecture Notes in Computer Science, pages 203–216. Springer, 1987.

75.

Y. Dodis and J. H. An. Concealment and its application to authenticated encryption. In E. Biham, editor, Advances in Cryptology – Eurocrypt 2003, volume 2656 of Lecture Notes in Computer Science, pages 312–329. Springer, 2003.

76.

Y. Dodis and J. H. An. Concealment and its application to authenticated encryption. Full version. Available from http://people.csail.mit.edu/∼dodis/academic.html, 2003.

94.

S. Halevi and H. Krawczyk. Strengthening digital signatures via randomized hashing. In C. Dwork, editor, Advances in Cryptology – Crypto 2006, volume 4117 of Lecture Notes in Computer Science, pages 41–59. Springer, 2006.

98.

R. Impagliazzo and M. Luby. One-way functions are essential for complexity based cryptography. In Proceedings of the 30th Symposium on Foundations of Computer Science – FOCS ’89, pages 230–235. IEEE Computer Society, 1989.

107.

M. Jakobsson, J. P. Stern, and M. Yung. Scramble all, encrypt small. In L. Knudsen, editor, Fast Software Encryption – FSE ’99, volume 1636 of Lecture Notes in Computer Science, pages 95–111. Springer, 1999.

110.

A. Joux, G. Martinet, and F. Valette. Blockwise-adaptive attackers: Revisiting the (in)security of some provably secure encryption models: CBC, GEM, IACBC. In M. Yung, editor, Advances in Cryptology – Crypto 2002, volume 2442 of Lecture Notes in Computer Science, pages 17–30. Springer, 2002.

112.

C. S. Jutla. Encryption modes with almost free message integrity. In B. Pfitzmann, editor, Advances in Cryptology – Eurocrypt 2001, volume 2045 of Lecture Notes in Computer Science, pages 529–544. Springer, 2001.

114.

J. Katz and M. Yung. Unforgeable encryption and chosen ciphertext secure modes of operation. In B. Schneier, editor, Fast Software Encryption – FSE 2000, volume 1978 of Lecture Notes in Computer Science, pages 284–299. Springer, 2000.

125.

S. Lucks. On the security of remotely keyed encryption. In E. Biham, editor, Fast Software Encryption – FSE ’97, volume 1267 of Lecture Notes in Computer Science, pages 219–229. Springer, 1997.

126.

S. Lucks. Accelerated remotely keyed encryption. In L. Knudsen, editor, Fast Software Encryption – FSE ’99, volume 1636 of Lecture Notes in Computer Science, pages 112–123. Springer, 1999.

139.

A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.

146.

M. Naor. Bit commitment using pseudorandomness. Journal of Cryptology, 4(2):151–158, 1991.MATHCrossRef

147.

M. Naor and M. Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the 21st Symposium on the Theory of Computing – STOC 1989, pages 33–43. ACM Press, 1989.

167.

P. Rogaway. Authenticated-encryption with associated-data. In Proceedings of the 9th ACM Conference on Computer and Communications Security – ACM CCS 2002, pages 98–107. ACM Press, 2002.

168.

P. Rogaway, M. Bellare, J. Black, and T. Krovetz. OCB: A block-cipher mode of operation for efficient authenticated encryption. In Proceedings of the 8th ACM Conference on Computer and Communications Security – ACM CCS 2001, pages 196–205. ACM Press, 2001.

169.

J. Rompel. One-way functions are necessary and sufficient for secure signatures. In Proceedings of the 22nd Symposium on the Theory of Computing – STOC 1990, pages 387 – 394. ACM Press, 1990.

179.

V. Shoup. A composition theorem for universal one-way hash functions. In B. Preneel, editor, Advances in Cryptology – Eurocrypt 2000, volume 1807 of Lecture Notes in Computer Science, pages 445–452. Springer, 2000.

182.

D. R. Simon. Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In K. Nyberg, editor, Advances in Cryptology – Eurocrypt ’98, volume 1403 of Lecture Notes in Computer Science, pages 334–345. Springer, 1998.

185.

D. R. Stinson. Universal hashing and authentication codes. Designs, Codes and Cryptography, 4(4):369–380, 1994.MATHCrossRefMathSciNet

203.

Y. Zheng. Digital signcryption or how to achieve cost(signature & encryption) « cost (signature) + cost(encryption). In B. S. Kaliski Jr., editor, Advances in Cryptology – Crypto ’97, volume 1294 of Lecture Notes in Computer Science, pages 165–179. Springer, 1997.

204.

Y. Zheng. Digital signcryption or how to achieve cost(signature & encryption) « cost (signature) + cost(encryption). Full version. Available from http://www.sis.uncc.edu/∼yzheng/papers/, 1997.

Title: Concealment and Its Applications to Authenticated Encryption
Author: Yevgeniy Dodis
Publisher: Springer Berlin Heidelberg
Book: Practical Signcryption
Print ISBN: 978-3-540-89409-4

Electronic ISBN: 978-3-540-89411-7

Copyright Year: 2010
DOI: https://doi.org/10.1007/978-3-540-89411-7_8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner