Abstract
In this chapter we will study a recent cryptographic primitive called concealment , which was introduced by Dodis and An [75, 76] because of its natural applications to authenticated encryption .
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We note that authenticated encryption in the public-key setting is typically called signcryption [203, 204]. However, since all our applications of concealments will work, with minor adjustments, in both in the symmetric- and in the public-key settings, we will use the term authenticated encryption throughout.
- 2.
In this chapter, though, we will concentrate on the more popular symmetric-key setting, only briefly mentioning the simple extension to the public-key setting.
- 3.
- 4.
Unfortunately, the shortest length of the binder b which we can currently achieve is roughly 300 bits. This means that most popular block ciphers , such as AES, cannot be used in this setting. However, any block cipher with a 512-bit block seems to be more than sufficient.
- 5.
We could have allowed \({\mathcal{A}}\) to find \(h\neq h'\) as long as \((h,b)\), \((h',b)\) do not open to distinct messages \(m\neq m'\). However, we will find the stronger notion more convenient.
- 6.
Meaning that the maximal probability that two unequal messages collide under a random H is at most \(\frac{n}{{\it v}2^{\it v}}\).
- 7.
Meaning “strong unforgeability against chosen message attack.”
- 8.
Meaning “indistinguishability against chosen ciphertext attack.”
- 9.
Of course, since S and R share the same key and use the same algorithms, there is no need to allow for “another” chosen message attack on R or a chosen ciphertext attack on S.
- 10.
A slightly weaker notion of UF-CMA requires C to correspond to “new” message m not submitted to \({\texttt{AuthEnc}}_K(\cdot)\).
- 11.
Note that the definition does not prevent so-called reflection attacks, where a message produced by S is returned back to S as a valid message from R. Such attacks can (and should) be easily prevented by a higher level application.
- 12.
Meaning “indistinguishability against chosen plaintext attack.”
- 13.
The formalization of this claim is somewhat subtle; see [6].
- 14.
Clearly, this also means that this is a secure way to build a “long” authenticated encryption from a single call to a block cipher . In fact, preimage resistance of H and key-one-wayness of \({\texttt{Enc}}\) are not needed in this case.
References
S. Alt. Authenticated hybrid encryption for multiple recipients. Available from http:// eprint.iacr.org/2006/029, 2006.
J. H. An and M. Bellare. Constructing VIL-MACs from FIL-MACs: Message authentication under weakened assumptions. In M. Wiener, editor, Advances in Cryptology – Crypto ’99, volume 1666 of Lecture Notes in Computer Science, pages 252–269. Springer, 1999.
J. H. An, Y. Dodis, and T. Rabin. On the security of joint signatures and encryption. In L. Knudsen, editor, Advances in Cryptology – Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pages 83–107. Springer, 2002.
M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. In N. Koblitz, editor, Advances in Cryptology – Crypto ’96, volume 1109 of Lecture Notes in Computer Science, pages 1–15. Springer, 1996.
M. Bellare, J. Killian, and P. Rogaway. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, 61(3):362–399, 2000.
M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In T. Okamoto, editor, Advances in Cryptology – Asiacrypt 2000, volume 1976 of Lecture Notes in Computer Science, pages 531–545. Springer, 2000.
M. Bellare and P. Rogaway. Optimal asymmetric encryption. In A. De Santis, editor, Advances in Cryptology – Eurocrypt ’94, volume 950 of Lecture Notes in Computer Science, pages 92–111. Springer, 1994.
M. Bellare and P. Rogaway. Collision-resistant hashing: Towards making UOWHFs practical. In B. S. Kaliski Jr., editor, Advances in Cryptology – Crypto ’97, volume 1294 of Lecture Notes in Computer Science, pages 470–484. Springer, 1997.
M. Bellare and P. Rogaway. Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography. In T. Okamoto, editor, Advances in Cryptology – Asiacrypt 2000, volume 1976 of Lecture Notes in Computer Science, pages 317–330. Springer, 2000.
D. J. Bernstein. The Poly1305-AES message-authentication code. In H. Gilbert and H. Handschuh, editors, Fast Software Encryption – FSE 2005, volume 3557 of Lecture Notes in Computer Science, pages 32–49. Springer, 2005.
J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and secure message authentication. In M. Wiener, editor, Advances in Cryptology – Crypto ’99, volume 1666 of Lecture Notes in Computer Science, pages 216–233. Springer, 1999.
M. Blaze. High-bandwidth encryption with low-bandwidth smartcards. In D. Gollmann, editor, Fast Software Encryption – FSE ’96, volume 1039 of Lecture Notes in Computer Science, pages 33–40. Springer, 1996.
M. Blaze, J. Feigenbaum, and M. Naor. A formal treatment of remotely keyed encryption. In K. Nyberg, editor, Advances in Cryptology – Eurocrypt ’98, volume 1403 of Lecture Notes in Computer Science, pages 251–265. Springer, 1998.
I. B. Damgård. Collision free hash functions and public key signature schemes. In D. Chaum and W. L. Price, editors, Advances in Cryptology – Eurocrypt ’87, volume 304 of Lecture Notes in Computer Science, pages 203–216. Springer, 1987.
Y. Dodis and J. H. An. Concealment and its application to authenticated encryption. In E. Biham, editor, Advances in Cryptology – Eurocrypt 2003, volume 2656 of Lecture Notes in Computer Science, pages 312–329. Springer, 2003.
Y. Dodis and J. H. An. Concealment and its application to authenticated encryption. Full version. Available from http://people.csail.mit.edu/∼dodis/academic.html, 2003.
S. Halevi and H. Krawczyk. Strengthening digital signatures via randomized hashing. In C. Dwork, editor, Advances in Cryptology – Crypto 2006, volume 4117 of Lecture Notes in Computer Science, pages 41–59. Springer, 2006.
R. Impagliazzo and M. Luby. One-way functions are essential for complexity based cryptography. In Proceedings of the 30th Symposium on Foundations of Computer Science – FOCS ’89, pages 230–235. IEEE Computer Society, 1989.
M. Jakobsson, J. P. Stern, and M. Yung. Scramble all, encrypt small. In L. Knudsen, editor, Fast Software Encryption – FSE ’99, volume 1636 of Lecture Notes in Computer Science, pages 95–111. Springer, 1999.
A. Joux, G. Martinet, and F. Valette. Blockwise-adaptive attackers: Revisiting the (in)security of some provably secure encryption models: CBC, GEM, IACBC. In M. Yung, editor, Advances in Cryptology – Crypto 2002, volume 2442 of Lecture Notes in Computer Science, pages 17–30. Springer, 2002.
C. S. Jutla. Encryption modes with almost free message integrity. In B. Pfitzmann, editor, Advances in Cryptology – Eurocrypt 2001, volume 2045 of Lecture Notes in Computer Science, pages 529–544. Springer, 2001.
J. Katz and M. Yung. Unforgeable encryption and chosen ciphertext secure modes of operation. In B. Schneier, editor, Fast Software Encryption – FSE 2000, volume 1978 of Lecture Notes in Computer Science, pages 284–299. Springer, 2000.
S. Lucks. On the security of remotely keyed encryption. In E. Biham, editor, Fast Software Encryption – FSE ’97, volume 1267 of Lecture Notes in Computer Science, pages 219–229. Springer, 1997.
S. Lucks. Accelerated remotely keyed encryption. In L. Knudsen, editor, Fast Software Encryption – FSE ’99, volume 1636 of Lecture Notes in Computer Science, pages 112–123. Springer, 1999.
A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.
M. Naor. Bit commitment using pseudorandomness. Journal of Cryptology, 4(2):151–158, 1991.
M. Naor and M. Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the 21st Symposium on the Theory of Computing – STOC 1989, pages 33–43. ACM Press, 1989.
P. Rogaway. Authenticated-encryption with associated-data. In Proceedings of the 9th ACM Conference on Computer and Communications Security – ACM CCS 2002, pages 98–107. ACM Press, 2002.
P. Rogaway, M. Bellare, J. Black, and T. Krovetz. OCB: A block-cipher mode of operation for efficient authenticated encryption. In Proceedings of the 8th ACM Conference on Computer and Communications Security – ACM CCS 2001, pages 196–205. ACM Press, 2001.
J. Rompel. One-way functions are necessary and sufficient for secure signatures. In Proceedings of the 22nd Symposium on the Theory of Computing – STOC 1990, pages 387 – 394. ACM Press, 1990.
V. Shoup. A composition theorem for universal one-way hash functions. In B. Preneel, editor, Advances in Cryptology – Eurocrypt 2000, volume 1807 of Lecture Notes in Computer Science, pages 445–452. Springer, 2000.
D. R. Simon. Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In K. Nyberg, editor, Advances in Cryptology – Eurocrypt ’98, volume 1403 of Lecture Notes in Computer Science, pages 334–345. Springer, 1998.
D. R. Stinson. Universal hashing and authentication codes. Designs, Codes and Cryptography, 4(4):369–380, 1994.
Y. Zheng. Digital signcryption or how to achieve cost(signature & encryption) « cost (signature) + cost(encryption). In B. S. Kaliski Jr., editor, Advances in Cryptology – Crypto ’97, volume 1294 of Lecture Notes in Computer Science, pages 165–179. Springer, 1997.
Y. Zheng. Digital signcryption or how to achieve cost(signature & encryption) « cost (signature) + cost(encryption). Full version. Available from http://www.sis.uncc.edu/∼yzheng/papers/, 1997.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Dodis, Y. (2010). Concealment and Its Applications to Authenticated Encryption. In: Dent, A., Zheng, Y. (eds) Practical Signcryption. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89411-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-89411-7_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89409-4
Online ISBN: 978-3-540-89411-7
eBook Packages: Computer ScienceComputer Science (R0)