We consider two possible notions of authenticity for symmetric encryption schemes, namely integrity of plaintexts and integrity of ciphertexts, and relate them to the standard notions of privacy for symmetric encryption schemes by presenting implications and separations between all notions considered. We then analyze the security of authenticated encryption schemes designed by “generic composition,” meaning making black-box use of a given symmetric encryption scheme and a given MAC. Three composition methods are considered, namely Encrypt-and-MAC plaintext, MAC-then-encrypt, and Encrypt-then- MAC. For each of these, and for each notion of security, we indicate whether or not the resulting scheme meets the notion in question assuming the given symmetric encryption scheme is secure against chosen-plaintext attack and the given MAC is unforgeable under chosen-message attack. We provide proofs for the cases where the answer is “yes” and counter-examples for the cases where the answer is “no.”
- Encryption Scheme
- Authentication Scheme
- Symmetric Encryption
- Composition Method
- Choose Ciphertext Attack
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
M. Bellare, R. Canetti AND H. Krawczyk, “Keying hash functions for message authentication,” Advances in Cryptology-Crypto’ 96, LNCS Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996.
M. Bellare, A. Desai, E. Jokipii AND P. Rogaway, “A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation,” Proc. of the 38th IEEE FOCS, IEEE, 1997.
M. Bellare, A. Desai, D. Pointcheval AND P. Rogaway, “Relations among notions of security for public-key encryption schemes,” Advances in Cryptology-Crypto’ 98, LNCS Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.
M. Bellare, J. Kilian, P. Rogaway, “The security of the cipher block chaining message authentication code,” Advances in Cryptology-Crypto’ 94, LNCS Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.
M. Bellare, C. Namprempre, “Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm,” Full version of this paper, available via http://www-cse.ucsd.edu/users/mihir.
M. Bellare AND P. Rogaway, “Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography,” Advances in Cryptology-ASIACRYPT’ 00, LNCS Vol. ??, T. Okamoto ed., Springer-Verlag, 2000.
M. Bellare AND A. Sahai, “Non-Malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization,” Advances in Cryptology-Crypto’ 99, LNCS Vol. 1666, M. Wiener ed., Springer-Verlag, 1999.
J. Black, S. Halevi, H. Krawczyk, T. Krovetz AND P. Rogaway, “UMAC: Fast and secure message authentication,” Advances in Cryptology-Crypto’ 99, LNCS Vol. 1666, M. Wiener ed., Springer-Verlag, 1999.
A. Desai, “New paradigms for constructing symmetric encryption schemes secure against chosen ciphertext attack,” Advances in Cryptology-Crypto’ 00, LNCS Vol. 1880, M. Bellare ed., Springer-Verlag, 2000.
D. Dolev, C. Dwork, AND M. Naor, “Non-malleable cryptography,” Proc. of the 23rd ACM STOC, ACM, 1991.
D. Dolev, C. Dwork, AND M. Naor, “Non-malleable cryptography,” to appear in SIAM J. Comput.
S. Goldwasser AND S. Micali, “Probabilistic encryption,” Journal of Computer and System Science,Vol. 28, 1984, pp. 270–299.
C. Jutla, “Encryption modes with almost free message integrity,” Report 2000/039, Cryptology ePrint Archive, http://eprint.iacr.org/, August 2000.
J. Katz AND M. Yung, “Complete characterization of security notions for probabilistic private-key encryption,” Proc. of the 32ndACM STOC, ACM, 2000.
J. Katz AND M. Yung, “Unforgeable Encryption and Adaptively Secure Modes of Operation,” Fast Software Encryption’ 00, LNCS Vol. ??, B. Schneier ed., Springer-Verlag, 2000.
S. Kent AND R. Atkinson, “IP Encapsulating Security Payload (ESP),” Request for Comments 2406, November 1998.
M. Naor AND M. Yung, “Public-key cryptosystems provably secure against chosen ciphertext attacks,” Proc. of the 22nd ACM STOC, ACM, 1990.
C. Rackoff AND D. Simon, “Non-Interactive zero-knowledge proof of knowledge and chosen ciphertext attack,” Advances in Cryptology-Crypto’ 91, LNCS Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.
Editors and Affiliations
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bellare, M., Namprempre, C. (2000). Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (eds) Advances in Cryptology — ASIACRYPT 2000. ASIACRYPT 2000. Lecture Notes in Computer Science, vol 1976. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44448-3_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41404-9
Online ISBN: 978-3-540-44448-0
eBook Packages: Springer Book Archive