How to Securely Release Unverified Plaintext in Authenticated Encryption
作者: Elena Andreeva , Andrey Bogdanov , Atul Luykx , Bart Mennink , Nicky Mouha
DOI: 10.1007/978-3-662-45611-8_6
关键词:
摘要: Scenarios in which authenticated encryption schemes output decrypted plaintext before successful verification raise many security issues. These situations are sometimes unavoidable practice, such as when devices have insufficient memory to store an entire plaintext, or a needs early processing due real-time requirements. We introduce the first formalization of releasing unverified (RUP) setting. To achieve privacy, we propose using awareness (PA) along with IND-CPA. An scheme is PA if it has extractor, tries fool adversaries by mimicking decryption oracle, without secret key. Releasing attacker then becomes harmless infeasible distinguish oracle from extractor. two notions symmetric-key setting, PA1 and PA2, show that they expose new layer between IND-CPA IND-CCA. integrity, INT-CTXT RUP setting required, refer INT-RUP. compared conventional definitions, used make classification Furthermore, re-analyze existing schemes, provide solutions fix insecure schemes.
springer.com
core.ac.uk
yp.to 
kuleuven.be 参考文章(49)
Thomas Shrimpton, R. Seth Terashima, A Modular Framework for Building Variable-Input-Length Tweakable Ciphers international cryptology conference. pp. 405- 423 ,(2013) , 10.1007/978-3-642-42033-7_21
Ted Krovetz, Phillip Rogaway, The OCB Authenticated-Encryption Algorithm RFC. ,vol. 7253, pp. 1- 19 ,(2014)
Nadhem J. AlFardan, Kenneth G. Paterson, Plaintext-Recovery Attacks Against Datagram TLS. network and distributed system security symposium. ,(2012)
Mihir Bellare, Phillip Rogaway, The security of triple encryption and a framework for code-based game-playing proofs Lecture Notes in Computer Science. pp. 409- 426 ,(2006)
Frédéric Valette, Gwenaëlle Martineti, Antoine Joux, Blockwise-adaptive attackers: Revisiting the (in)security of some provably secure encryption modes: CBC, GEM, IACBC Lecture Notes in Computer Science. pp. 17- 30 ,(2002)
M. Bellare, D. Pointcheval, D. Pointcheval, P. Rogaway, A. Desai, Relations among notions of security for public-key encryption schemes Lecture Notes in Computer Science. pp. 26- 45 ,(1998)
Danny Dolev, Cynthia Dwork, Moni Naor, Nonmalleable Cryptography SIAM Journal on Computing. ,vol. 30, pp. 391- 437 ,(2000) , 10.1137/S0097539795291562
Sebastiaan Indesteege, Bart Preneel, Practical Preimages for Maraca Proceedings of the 30th Symposium on Information Theory in the Benelux. pp. 119- 126 ,(2009)
Elena Andreeva, Begül Bilgin, Andrey Bogdanov, Atul Luykx, Bart Mennink, Nicky Mouha, Kan Yasuda, APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography Fast Software Encryption. pp. 168- 186 ,(2015) , 10.1007/978-3-662-46706-0_9
Rouslan V. Solomakhin, Sean W. Smith, Patrick P. Tsang, Authenticated Streamwise On-line Encryption ,(2009)