Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography
We investigate the following approach to symmetric encryption: first encode the message via some keyless transform, and then encipher the encoded message, meaning apply a permutation F K based on a shared key K. We provide conditions on the encoding functions and the cipher which ensure that the resulting encryption scheme meets strong privacy (eg. semantic security) and/or authenticity goals. The encoding can either be implemented in a simple way (eg. prepend a counter and append a checksum) or viewed as modeling existing redundancy or entropy already present in the messages, whereby encode-then-encipher encryption provides a way to exploit structured message spaces to achieve compact ciphertexts.
KeywordsAuthentication Scheme Block Cipher Message Authentication Code Message Space Packet Format
- 1.M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, “Acon crete security treatment of symmetric encryption.” Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997.Google Scholar
- 2.M. Bellare, J. Kilian and P. Rogaway, “On the security of cipher block chaining.” Advances in Cryptology-Crypto’ 94, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.Google Scholar
- 3.M. Bellare, T. Krovetz and P. Rogaway, “Luby-Racko. backwards: Increasing security by making block ciphers non-invertible.” Advances in Cryptology-Eurocrypt’ 98, Lecture Notes in Computer Science Vol. 1403, K. Nyberg ed., Springer-Verlag, 1998.Google Scholar
- 4.M. Bellare and C. Namprempre, “Authenticated encryption: Relations among notions and analysis of the generic composition paradigm.” Advances in Cryptology-Asiacrypt’ 00, Lecture Notes in Computer Science, T. Okamoto, ed., Springer-Verlag, 2000.Google Scholar
- 6.M. Bellare and P. Rogaway, “Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for effcient cryptography.” Full version of this paper, available via http://www-cseucsd.edu/users/mihir.
- 7.D. Dolev, C. Dwork and M. Naor. “Non-malleable cryptography,” Proceedings of the 23rd Annual Symposium on the Theory of Computing, ACM, 1991. To appear in SIAM J. on Computing.Google Scholar
- 9.S. Goldwasser and S. Micali, “Probabilistic encryption.” Journal of Computer and System Sciences 28, 270–299, April 1984.Google Scholar
- 10.J. Katz and M. Yung, “Unforgeable encryption and adaptively secure modes of operation.” Fast Software Encryption’ 00, Lecture Notes in Computer Science, B. Schneier, ed., Springer-Verlag, 2000.Google Scholar
- 11.M. Luby and C. Rackoff, “How to construct pseudorandom permutations from pseudorandom functions.” SIAM J. Computing, Vol. 17, No. 2, April 1988.Google Scholar
- 13.C. Rackoff and D. Simon, “Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack.” Advances in Cryptology-Crypto’ 91, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.Google Scholar