Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography

  • Mihir Bellare
  • Phillip Rogaway
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1976)


We investigate the following approach to symmetric encryption: first encode the message via some keyless transform, and then encipher the encoded message, meaning apply a permutation F K based on a shared key K. We provide conditions on the encoding functions and the cipher which ensure that the resulting encryption scheme meets strong privacy (eg. semantic security) and/or authenticity goals. The encoding can either be implemented in a simple way (eg. prepend a counter and append a checksum) or viewed as modeling existing redundancy or entropy already present in the messages, whereby encode-then-encipher encryption provides a way to exploit structured message spaces to achieve compact ciphertexts.


Authentication Scheme Block Cipher Message Authentication Code Message Space Packet Format 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, “Acon crete security treatment of symmetric encryption.” Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997.Google Scholar
  2. 2.
    M. Bellare, J. Kilian and P. Rogaway, “On the security of cipher block chaining.” Advances in Cryptology-Crypto’ 94, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.Google Scholar
  3. 3.
    M. Bellare, T. Krovetz and P. Rogaway, “Luby-Racko. backwards: Increasing security by making block ciphers non-invertible.” Advances in Cryptology-Eurocrypt’ 98, Lecture Notes in Computer Science Vol. 1403, K. Nyberg ed., Springer-Verlag, 1998.Google Scholar
  4. 4.
    M. Bellare and C. Namprempre, “Authenticated encryption: Relations among notions and analysis of the generic composition paradigm.” Advances in Cryptology-Asiacrypt’ 00, Lecture Notes in Computer Science, T. Okamoto, ed., Springer-Verlag, 2000.Google Scholar
  5. 5.
    M. Bellare and P. Rogaway, “On the construction of variable-input-length ciphers.” Fast Software Encryption’ 99, Lecture Notes in Computer Science Vol. 1636, L. Knudsen ed., Springer-Verlag, 1999.CrossRefGoogle Scholar
  6. 6.
    M. Bellare and P. Rogaway, “Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for effcient cryptography.” Full version of this paper, available via
  7. 7.
    D. Dolev, C. Dwork and M. Naor. “Non-malleable cryptography,” Proceedings of the 23rd Annual Symposium on the Theory of Computing, ACM, 1991. To appear in SIAM J. on Computing.Google Scholar
  8. 8.
    O. Goldreich, S. Goldwasser and S. Micali, “How to construct random functions.” Journal of the ACM, Vol. 33, No. 4, 210–217, (1986).CrossRefMathSciNetGoogle Scholar
  9. 9.
    S. Goldwasser and S. Micali, “Probabilistic encryption.” Journal of Computer and System Sciences 28, 270–299, April 1984.Google Scholar
  10. 10.
    J. Katz and M. Yung, “Unforgeable encryption and adaptively secure modes of operation.” Fast Software Encryption’ 00, Lecture Notes in Computer Science, B. Schneier, ed., Springer-Verlag, 2000.Google Scholar
  11. 11.
    M. Luby and C. Rackoff, “How to construct pseudorandom permutations from pseudorandom functions.” SIAM J. Computing, Vol. 17, No. 2, April 1988.Google Scholar
  12. 12.
    M. Naor and O. Reingold, “On the construction of pseudo-random permutations: Luby-Racko. revisited.” J. of Cryptology, vol. 12, 1999, pp. 29–66.zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    C. Rackoff and D. Simon, “Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack.” Advances in Cryptology-Crypto’ 91, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.Google Scholar
  14. 14.
    R. Rivest, “All-or-nothing encryption and the package transform.” Fast Software Encryption’ 97, Lecture Notes in Computer Science Vol. 1267, E. Biham ed., Springer-Verlag, 1997.CrossRefGoogle Scholar
  15. 15.
    C. Shannon, “Communication theory of secrecy systems.” Bell Systems Technical Journal, 28(4), 656–715 (1949).MathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Phillip Rogaway
    • 2
  1. 1.Dept. of Computer Science & EngineeringUniversity of California at San DiegoLa JollaUSA
  2. 2.Dept. of Computer Science Engineering II BuildingUniversity of California at DavisDavisUSA

Personalised recommendations