Advertisement

Hybrid Encryption in a Multi-user Setting, Revisited

  • Federico GiaconEmail author
  • Eike Kiltz
  • Bertram Poettering
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10769)

Abstract

This paper contributes to understanding the interplay of security notions for PKE, KEMs, and DEMs, in settings with multiple users, challenges, and instances. We start analytically by first studying (a) the tightness aspects of the standard hybrid KEM+DEM encryption paradigm, (b) the inherent weak security properties of all deterministic DEMs due to generic key-collision attacks in the multi-instance setting, and (c) the negative effect of deterministic DEMs on the security of hybrid encryption.

We then switch to the constructive side by (d) introducing the concept of an augmented data encapsulation mechanism (ADEM) that promises robustness against multi-instance attacks, (e) proposing a variant of hybrid encryption that uses an ADEM instead of a DEM to alleviate the problems of the standard KEM+DEM composition, and (f) constructing practical ADEMs that are secure in the multi-instance setting.

Keywords

Hybrid encryption Multi-user security Tightness 

Notes

Acknowledgments

We are grateful to Krzysztof Pietrzak and the anonymous reviewers for their valuable comments. The authors were partially supported by ERC Project ERCC (FP7/615074) and by DFG SPP 1736 Big Data.

References

  1. 1.
    Attrapadung, N., Hanaoka, G., Yamada, S.: A framework for identity-based encryption with almost tight security. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015 Part I. LNCS, vol. 9452, pp. 521–549. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_22 CrossRefGoogle Scholar
  2. 2.
    Bellare, M.: New proofs for NMAC and HMAC: security without collision resistance. J. Cryptol. 28(4), 844–878 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Bellare, M., Bernstein, D.J., Tessaro, S.: Hash-function based PRFs: AMAC and its multi-user security. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016 Part I. LNCS, vol. 9665, pp. 566–595. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49890-3_22 CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259–274. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-45539-6_18 CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48658-5_32 Google Scholar
  6. 6.
    Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44448-3_41 CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Tackmann, B.: The multi-user security of authenticated encryption: AES-GCM in TLS 1.3. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016 Part I. LNCS, vol. 9814, pp. 247–276. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_10 CrossRefGoogle Scholar
  8. 8.
    Chatterjee, S., Koblitz, N., Menezes, A., Sarkar, P.: Another look at tightness II: practical issues in cryptography. Cryptology ePrint Archive, Report 2016/360 (2016)Google Scholar
  9. 9.
    Cogliani, S., Maimuţ, D.Ş., Naccache, D., do Canto, R.P., Reyhanitabar, R., Vaudenay, S., Vizár, D.: OMD: a compression function mode of operation for authenticated encryption. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 112–128. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-13051-4_7 CrossRefGoogle Scholar
  10. 10.
    Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård revisited: how to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005).  https://doi.org/10.1007/11535218_26 CrossRefGoogle Scholar
  11. 11.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Gay, R., Hofheinz, D., Kiltz, E., Wee, H.: Tightly CCA-secure encryption without pairings. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016 Part I. LNCS, vol. 9665, pp. 1–27. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49890-3_1 CrossRefGoogle Scholar
  13. 13.
    Gaži, P., Pietrzak, K., Tessaro, S.: Generic security of NMAC and HMAC with input whitening. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015 Part II. LNCS, vol. 9453, pp. 85–109. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48800-3_4 CrossRefGoogle Scholar
  14. 14.
    Giacon, F., Kiltz, E., Poettering, B.: Hybrid encryption in a multi-user setting, revisited. Cryptology ePrint Archive, Report 2017/843 (2017)Google Scholar
  15. 15.
    Gong, J., Chen, J., Dong, X., Cao, Z., Tang, S.: Extended nested dual system groups, revisited. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016 Part I. LNCS, vol. 9614, pp. 133–163. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49384-7_6 Google Scholar
  16. 16.
    Herranz, J., Hofheinz, D., Kiltz, E.: Some (in)sufficient conditions for secure hybrid encryption. Inf. Comput. 208(11), 1243–1257 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Hofheinz, D., Jager, T.: Tightly secure signatures and public-key encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 590–607. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_35 CrossRefGoogle Scholar
  18. 18.
    Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74143-5_31 CrossRefGoogle Scholar
  19. 19.
    Libert, B., Joye, M., Yung, M., Peters, T.: Concise multi-challenge CCA-secure encryption and signatures with almost tight security. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014 Part II. LNCS, vol. 8874, pp. 1–21. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45608-8_1 Google Scholar
  20. 20.
    Libert, B., Peters, T., Joye, M., Yung, M.: Compactly hiding linear spans. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015 Part I. LNCS, vol. 9452, pp. 681–707. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_28 CrossRefGoogle Scholar
  21. 21.
    Patarin, J.: Security in \(O(2^n)\) for the xor of two random permutations–proof with the standard \(H\) technique. Cryptology ePrint Archive, Report 2013/368 (2013)Google Scholar
  22. 22.
    Zaverucha, G.: Hybrid encryption in the multi-user setting. Cryptology ePrint Archive, Report 2012/159 (2012)Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • Federico Giacon
    • 1
    Email author
  • Eike Kiltz
    • 1
  • Bertram Poettering
    • 2
  1. 1.Ruhr University BochumBochumGermany
  2. 2.Royal Holloway, University of LondonLondonUK

Personalised recommendations