Skip to main content
SpringerLink
Log in
Book cover

Practical Signcryption pp 149–173Cite as

Concealment and Its Applications to Authenticated Encryption

  • Chapter
  • First Online:

Part of the book series: Information Security and Cryptography ((ISC))

Abstract

In this chapter we will study a recent cryptographic primitive called concealment , which was introduced by Dodis and An [75, 76] because of its natural applications to authenticated encryption .

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    We note that authenticated encryption in the public-key setting is typically called signcryption [203, 204]. However, since all our applications of concealments will work, with minor adjustments, in both in the symmetric- and in the public-key settings, we will use the term authenticated encryption throughout.

  2. 2.

    In this chapter, though, we will concentrate on the more popular symmetric-key setting, only briefly mentioning the simple extension to the public-key setting.

  3. 3.

    Except that both [107] and [40] insist on achieving some kind of pseudorandomness of the output. Even though our constructions achieve it as well, we feel this requirement is not crucial for any application of RKAE and was mainly put to make the definition look similar to RK-PRPs.

  4. 4.

    Unfortunately, the shortest length of the binder b which we can currently achieve is roughly 300 bits. This means that most popular block ciphers , such as AES, cannot be used in this setting. However, any block cipher with a 512-bit block seems to be more than sufficient.

  5. 5.

    We could have allowed \({\mathcal{A}}\) to find \(h\neq h'\) as long as \((h,b)\), \((h',b)\) do not open to distinct messages \(m\neq m'\). However, we will find the stronger notion more convenient.

  6. 6.

    Meaning that the maximal probability that two unequal messages collide under a random H is at most \(\frac{n}{{\it v}2^{\it v}}\).

  7. 7.

    Meaning “strong unforgeability against chosen message attack.”

  8. 8.

    Meaning “indistinguishability against chosen ciphertext attack.”

  9. 9.

    Of course, since S and R share the same key and use the same algorithms, there is no need to allow for “another” chosen message attack on R or a chosen ciphertext attack on S.

  10. 10.

    A slightly weaker notion of UF-CMA requires C to correspond to “new” message m not submitted to \({\texttt{AuthEnc}}_K(\cdot)\).

  11. 11.

    Note that the definition does not prevent so-called reflection attacks, where a message produced by S is returned back to S as a valid message from R. Such attacks can (and should) be easily prevented by a higher level application.

  12. 12.

    Meaning “indistinguishability against chosen plaintext attack.”

  13. 13.

    The formalization of this claim is somewhat subtle; see [6].

  14. 14.

    Clearly, this also means that this is a secure way to build a “long” authenticated encryption from a single call to a block cipher . In fact, preimage resistance of H and key-one-wayness of \({\texttt{Enc}}\) are not needed in this case.

References

  1. S. Alt. Authenticated hybrid encryption for multiple recipients. Available from http:// eprint.iacr.org/2006/029, 2006.

  2. J. H. An and M. Bellare. Constructing VIL-MACs from FIL-MACs: Message authentication under weakened assumptions. In M. Wiener, editor, Advances in Cryptology – Crypto ’99, volume 1666 of Lecture Notes in Computer Science, pages 252–269. Springer, 1999.

    Google Scholar 

  3. J. H. An, Y. Dodis, and T. Rabin. On the security of joint signatures and encryption. In L. Knudsen, editor, Advances in Cryptology – Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pages 83–107. Springer, 2002.

    Google Scholar 

  4. M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. In N. Koblitz, editor, Advances in Cryptology – Crypto ’96, volume 1109 of Lecture Notes in Computer Science, pages 1–15. Springer, 1996.

    Google Scholar 

  5. M. Bellare, J. Killian, and P. Rogaway. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, 61(3):362–399, 2000.

    Article  MATH  MathSciNet  Google Scholar 

  6. M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In T. Okamoto, editor, Advances in Cryptology – Asiacrypt 2000, volume 1976 of Lecture Notes in Computer Science, pages 531–545. Springer, 2000.

    Google Scholar 

  7. M. Bellare and P. Rogaway. Optimal asymmetric encryption. In A. De Santis, editor, Advances in Cryptology – Eurocrypt ’94, volume 950 of Lecture Notes in Computer Science, pages 92–111. Springer, 1994.

    Google Scholar 

  8. M. Bellare and P. Rogaway. Collision-resistant hashing: Towards making UOWHFs practical. In B. S. Kaliski Jr., editor, Advances in Cryptology – Crypto ’97, volume 1294 of Lecture Notes in Computer Science, pages 470–484. Springer, 1997.

    Google Scholar 

  9. M. Bellare and P. Rogaway. Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography. In T. Okamoto, editor, Advances in Cryptology – Asiacrypt 2000, volume 1976 of Lecture Notes in Computer Science, pages 317–330. Springer, 2000.

    Google Scholar 

  10. D. J. Bernstein. The Poly1305-AES message-authentication code. In H. Gilbert and H. Handschuh, editors, Fast Software Encryption – FSE 2005, volume 3557 of Lecture Notes in Computer Science, pages 32–49. Springer, 2005.

    Google Scholar 

  11. J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and secure message authentication. In M. Wiener, editor, Advances in Cryptology – Crypto ’99, volume 1666 of Lecture Notes in Computer Science, pages 216–233. Springer, 1999.

    Google Scholar 

  12. M. Blaze. High-bandwidth encryption with low-bandwidth smartcards. In D. Gollmann, editor, Fast Software Encryption – FSE ’96, volume 1039 of Lecture Notes in Computer Science, pages 33–40. Springer, 1996.

    Google Scholar 

  13. M. Blaze, J. Feigenbaum, and M. Naor. A formal treatment of remotely keyed encryption. In K. Nyberg, editor, Advances in Cryptology – Eurocrypt ’98, volume 1403 of Lecture Notes in Computer Science, pages 251–265. Springer, 1998.

    Google Scholar 

  14. I. B. Damgård. Collision free hash functions and public key signature schemes. In D. Chaum and W. L. Price, editors, Advances in Cryptology – Eurocrypt ’87, volume 304 of Lecture Notes in Computer Science, pages 203–216. Springer, 1987.

    Google Scholar 

  15. Y. Dodis and J. H. An. Concealment and its application to authenticated encryption. In E. Biham, editor, Advances in Cryptology – Eurocrypt 2003, volume 2656 of Lecture Notes in Computer Science, pages 312–329. Springer, 2003.

    Google Scholar 

  16. Y. Dodis and J. H. An. Concealment and its application to authenticated encryption. Full version. Available from http://people.csail.mit.edu/∼dodis/academic.html, 2003.

  17. S. Halevi and H. Krawczyk. Strengthening digital signatures via randomized hashing. In C. Dwork, editor, Advances in Cryptology – Crypto 2006, volume 4117 of Lecture Notes in Computer Science, pages 41–59. Springer, 2006.

    Google Scholar 

  18. R. Impagliazzo and M. Luby. One-way functions are essential for complexity based cryptography. In Proceedings of the 30th Symposium on Foundations of Computer Science – FOCS ’89, pages 230–235. IEEE Computer Society, 1989.

    Google Scholar 

  19. M. Jakobsson, J. P. Stern, and M. Yung. Scramble all, encrypt small. In L. Knudsen, editor, Fast Software Encryption – FSE ’99, volume 1636 of Lecture Notes in Computer Science, pages 95–111. Springer, 1999.

    Google Scholar 

  20. A. Joux, G. Martinet, and F. Valette. Blockwise-adaptive attackers: Revisiting the (in)security of some provably secure encryption models: CBC, GEM, IACBC. In M. Yung, editor, Advances in Cryptology – Crypto 2002, volume 2442 of Lecture Notes in Computer Science, pages 17–30. Springer, 2002.

    Google Scholar 

  21. C. S. Jutla. Encryption modes with almost free message integrity. In B. Pfitzmann, editor, Advances in Cryptology – Eurocrypt 2001, volume 2045 of Lecture Notes in Computer Science, pages 529–544. Springer, 2001.

    Google Scholar 

  22. J. Katz and M. Yung. Unforgeable encryption and chosen ciphertext secure modes of operation. In B. Schneier, editor, Fast Software Encryption – FSE 2000, volume 1978 of Lecture Notes in Computer Science, pages 284–299. Springer, 2000.

    Google Scholar 

  23. S. Lucks. On the security of remotely keyed encryption. In E. Biham, editor, Fast Software Encryption – FSE ’97, volume 1267 of Lecture Notes in Computer Science, pages 219–229. Springer, 1997.

    Google Scholar 

  24. S. Lucks. Accelerated remotely keyed encryption. In L. Knudsen, editor, Fast Software Encryption – FSE ’99, volume 1636 of Lecture Notes in Computer Science, pages 112–123. Springer, 1999.

    Google Scholar 

  25. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.

    Google Scholar 

  26. M. Naor. Bit commitment using pseudorandomness. Journal of Cryptology, 4(2):151–158, 1991.

    Article  MATH  Google Scholar 

  27. M. Naor and M. Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the 21st Symposium on the Theory of Computing – STOC 1989, pages 33–43. ACM Press, 1989.

    Google Scholar 

  28. P. Rogaway. Authenticated-encryption with associated-data. In Proceedings of the 9th ACM Conference on Computer and Communications Security – ACM CCS 2002, pages 98–107. ACM Press, 2002.

    Google Scholar 

  29. P. Rogaway, M. Bellare, J. Black, and T. Krovetz. OCB: A block-cipher mode of operation for efficient authenticated encryption. In Proceedings of the 8th ACM Conference on Computer and Communications Security – ACM CCS 2001, pages 196–205. ACM Press, 2001.

    Google Scholar 

  30. J. Rompel. One-way functions are necessary and sufficient for secure signatures. In Proceedings of the 22nd Symposium on the Theory of Computing – STOC 1990, pages 387 – 394. ACM Press, 1990.

    Google Scholar 

  31. V. Shoup. A composition theorem for universal one-way hash functions. In B. Preneel, editor, Advances in Cryptology – Eurocrypt 2000, volume 1807 of Lecture Notes in Computer Science, pages 445–452. Springer, 2000.

    Google Scholar 

  32. D. R. Simon. Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In K. Nyberg, editor, Advances in Cryptology – Eurocrypt ’98, volume 1403 of Lecture Notes in Computer Science, pages 334–345. Springer, 1998.

    Google Scholar 

  33. D. R. Stinson. Universal hashing and authentication codes. Designs, Codes and Cryptography, 4(4):369–380, 1994.

    Article  MATH  MathSciNet  Google Scholar 

  34. Y. Zheng. Digital signcryption or how to achieve cost(signature & encryption) « cost (signature) + cost(encryption). In B. S. Kaliski Jr., editor, Advances in Cryptology – Crypto ’97, volume 1294 of Lecture Notes in Computer Science, pages 165–179. Springer, 1997.

    Google Scholar 

  35. Y. Zheng. Digital signcryption or how to achieve cost(signature & encryption) « cost (signature) + cost(encryption). Full version. Available from http://www.sis.uncc.edu/∼yzheng/papers/, 1997.

Download references

Author information

Authors and Affiliations

  1. Cryptography Group, Department of Computer Science, New York University, New York, NY, USA

    Yevgeniy Dodis

Authors
  1. Yevgeniy Dodis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yevgeniy Dodis .

Editor information

Editors and Affiliations

  1. University of London, Information Security Group, Royal Holloway, Egham, Surrey, TW20 0EX, United Kingdom

    Alexander W. Dent

  2. Dept. Software & Information Systems, University of North Carolina, Charlotte, University City Blvd. 9201, Charlotte, 28223, North Carolina, USA

    Yuliang Zheng

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Dodis, Y. (2010). Concealment and Its Applications to Authenticated Encryption. In: Dent, A., Zheng, Y. (eds) Practical Signcryption. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89411-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89411-7_8

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89409-4

  • Online ISBN: 978-3-540-89411-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation