2006 | OriginalPaper | Buchkapitel
A Provable-Security Treatment of the Key-Wrap Problem
verfasst von : Phillip Rogaway, Thomas Shrimpton
Erschienen in: Advances in Cryptology - EUROCRYPT 2006
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
We give a provable-security treatment for the
key-wrap problem
, providing definitions, constructions, and proofs. We suggest that key-wrap’s goal is security in the sense of
deterministic authenticated-encryption
(DAE), a notion that we put forward. We also provide an alternative notion, a
pseudorandom injection
(PRI), which we prove to be equivalent. We provide a DAE construction, SIV, analyze its concrete security, develop a blockcipher-based instantiation of it, and suggest that the method makes a desirable alternative to the schemes of the X9.102 draft standard. The construction incorporates a method to turn a PRF that operates on a string into an equally efficient PRF that operates on a vector of strings, a problem of independent interest. Finally, we consider IV-based authenticated-encryption (AE) schemes that are maximally forgiving of repeated IVs, a goal we formalize as
misuse-resistant AE
. We show that a DAE scheme with a vector-valued header, such as SIV, directly realizes this goal.