Filters








26 Hits in 5.9 sec

On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN [article]

Karthikeyan Bhargavan, Gaëtan Leurent
2016 IACR Cryptology ePrint Archive  
When used in CBC mode, these ciphers are known to be susceptible to collision attacks when they are used to encrypt around 2 32 blocks of data (the so-called birthday bound).  ...  Indeed, practical collision attacks have never been demonstrated against any mainstream security protocol, leading to the continued use of 64-bit ciphers on the Internet.  ...  In particular, they should verify that the amount of data encrypted with a fixed key is significantly smaller than 2 32 blocks, or use modes that provide security beyond the birthday bound, such as CENC  ... 
dblp:journals/iacr/BhargavanL16 fatcat:ighusk3rjjhnvd2j3mp5lirbna

On the Practical (In-)Security of 64-bit Block Ciphers

Karthikeyan Bhargavan, Gaëtan Leurent
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
When used in CBC mode, these ciphers are known to be susceptible to collision attacks when they are used to encrypt around 2 32 blocks of data (the so-called birthday bound).  ...  Indeed, practical collision attacks have never been demonstrated against any mainstream security protocol, leading to the continued use of 64-bit ciphers on the Internet.  ...  In particular, they should verify that the amount of data encrypted with a fixed key is significantly smaller than 2 32 blocks, or use modes that provide security beyond the birthday bound, such as CENC  ... 
doi:10.1145/2976749.2978423 dblp:conf/ccs/BhargavanL16 fatcat:kino5nznhraotkqplutqasjtyi

Tweakable Blockciphers with Beyond Birthday-Bound Security [chapter]

Will Landecker, Thomas Shrimpton, R. Seth Terashima
2012 Lecture Notes in Computer Science  
Almost all such constructions enjoy provable security only to the birthday bound, and the one that does achieve security beyond the birthday bound (due to Minematsu) severely restricts the tweak size and  ...  This paper gives the first TBC construction that simultaneously allows for arbitrarily "wide" tweaks, does not rekey, and delivers provable security beyond the birthday bound.  ...  to accept birthday-bound security.  ... 
doi:10.1007/978-3-642-32009-5_2 fatcat:mewtjwrgibbt7fqnzyyb6c37mi

Secure Distributed Virtual Conferencing [chapter]

W. A. Adamson, C. J. Antonelli, K. W. Coffman, P. McDaniel, J. Rees
1999 Secure Information Networks  
We describe a secure distributed virtual conferencing application (SDVC) that provides high quality streaming video and audio using IP multicast for efficient distribution, uses strong authentication via  ...  Preneel (ed.), Secure Information Networks  ...  to building and deploying portable, interoperable, scalable, and secure applications.  ... 
doi:10.1007/978-0-387-35568-9_12 fatcat:xrsivmoxhba7hcfp2bqjljjwty

Salvaging Weak Security Bounds for Blockcipher-Based Constructions [chapter]

Thomas Shrimpton, R. Seth Terashima
2016 Lecture Notes in Computer Science  
Like the ICM, the ICM-KOA can give sharp security bounds when standard-model bounds do not.  ...  , or when a large number of connections need to be kept secure.  ...  This allows on the order of 2 2n/3 n-bit blocks of data to be securely encrypted, beating the birthday bound.  ... 
doi:10.1007/978-3-662-53887-6_16 fatcat:6hzbulnrfjaflmjj32spfgxozu

KEDGEN2: A key establishment and derivation protocol for EPC Gen2 RFID systems

Wiem Tounsi, Nora Cuppens-Boulahia, Joaquin Garcia-Alfaro, Yannick Chevalier, Frédéric Cuppens
2014 Journal of Network and Computer Applications  
To address this problem, RFID tags must be equipped with a robust mechanism to authenticate readers before authorising them to access their data.  ...  However, the Gen2 standard lacks of verifiable security functionalities. Eavesdropping attacks can, for instance, affect the security of applications based on the Gen2 technology.  ...  Acknowledgements: The authors would like to thank the anonymous reviewers for their valuable comments and suggestions to improve the quality of the paper. J.  ... 
doi:10.1016/j.jnca.2013.06.002 fatcat:5ocyzpvyynfyvozyj5wpowfizq

Efficient Side-Channel Secure Message Authentication with Better Bounds

Chun Guo, François-Xavier Standaert, Weijia Wang, Yu Yu
2020 IACR Transactions on Symmetric Cryptology  
Built upon secure AES implementations, LRWHM is provably secure up to (beyond-birthday) 278.3 time complexity, while RHM is provably secure up to 2121 time.  ...  employs internal rekeying.  ...  It's worth noting that the application of BBB secure HtM variant may be far beyond side-channel security.  ... 
doi:10.46586/tosc.v2019.i4.23-53 fatcat:4w3r7qxee5bhvdglob6zqcij2q

Efficient Side-Channel Secure Message Authentication with Better Bounds

Chun Guo, François-Xavier Standaert, Weijia Wang, Yu Yu
2020 IACR Transactions on Symmetric Cryptology  
Built upon secure AES implementations, LRWHM is provably secure up to (beyond-birthday) 278.3 time complexity, while RHM is provably secure up to 2121 time.  ...  employs internal rekeying.  ...  It's worth noting that the application of BBB secure HtM variant may be far beyond side-channel security.  ... 
doi:10.13154/tosc.v2019.i4.23-53 dblp:journals/tosc/GuoSWY19 fatcat:cn6bia4ugng3tnmilfz2l6nbwq

Higher-Order Countermeasures against Side-Channel Cryptanalysis on Rabbit Stream Cipher

Jonathan A.P. Marpaung, Bruce Ndibanje, Hoon Jae Lee
2014 Journal of information and communication convergence engineering  
Our contribution brings improvements to previous countermeasures making the implementation resistant to higher-order attacks.  ...  Abdalla and Bellare [6] argued that rekeying (key refreshment) provides a provable increase in the security of an application.  ...  Cryptographic primitives are used in various applications to provide confidentiality, integrity, and authentication.  ... 
doi:10.6109/jicce.2014.12.4.237 fatcat:vnp2iwln4fdozavudabzdx2vsq

Reconsidering Generic Composition: The Tag-then-Encrypt Case [chapter]

Francesco Berti, Olivier Pereira, Thomas Peters
2018 CSR und Social Enterprise  
A common strategy to obtain AE is to combine a Message Authentication Code (MAC) and an encryption scheme, either noncebased or iv-based.  ...  Authenticated Encryption (AE) achieves confidentiality and authenticity, the two most fundamental goals of cryptography, in a single scheme.  ...  Tweakable blockciphers for efficient authenticated encryptions with beyond the birthday-bound security. IACR Trans. Olivier Pereira, François-Xavier Standaert, and Srinivas Vivek.  ... 
doi:10.1007/978-3-030-05378-9_4 dblp:conf/indocrypt/BertiPP18 fatcat:5ki26ff3gbckfkx5tyj3h66ha4

TEDT, a Leakage-Resilient AEAD mode for High (Physical) Security Applications [article]

Francesco Berti, Chun Guo, Olivier Pereira, Thomas Peters, François-Xavier Standaert
2019 IACR Cryptology ePrint Archive  
We propose TEDT, a new Authenticated Encryption with Associated Data (AEAD) mode leveraging Tweakable Block Ciphers (TBCs).  ...  (ii) It offers nonce misuse-resilience, that is, the repetition of nonces does not impact the security of ciphertexts produced with fresh nonces.  ...  For AEDT, the security of both encryption and authentication are tightly birthday even in the black-box setting.  ... 
dblp:journals/iacr/BertiGPPS19 fatcat:ua3js7itxbh2rnekv3erffkhti

The mF mode of authenticated encryption with associated data

Bishwajit Chakraborty, Mridul Nandi
2022 Journal of Mathematical Cryptology  
We provide authenticated encryption security analysis for mF {\mathsf{mF}} under some weaker security assumptions (stated in the article) on the underlying TBC.  ...  In this article, we propose a tweakable block cipher (TBC)-based authenticated encryption with associated data (AEAD) scheme, which we call mF {\mathsf{mF}} .  ...  In addition to the dedicated constructions, there are some known constructions of TBC based on a block cipher. For example, XEX [11] is shown to have birthday-bound security.  ... 
doi:10.1515/jmc-2020-0054 fatcat:5x6ifouytned7cblkpxnl2ydri

Multi-key Analysis of Tweakable Even-Mansour with Applications to Minalpher and OPP

Zhiyuan Guo, Wenling Wu, Renzhang Liu, Liting Zhang
2017 IACR Transactions on Symmetric Cryptology  
As important applications, we utilize our techniques to analyze the authenticated encryption algorithms Minalpher (a second-round candidate of CAESAR) and OPP (proposed at EUROCRYPT 2016) in the multi-key  ...  While our attacks do not contradict the security proofs of Minalpher and OPP in the classical setting, nor pose an immediate threat to their uses, our results demonstrate their security margins in the  ...  We are also grateful to Si Gao for providing useful suggestions on the related experiments.  ... 
doi:10.13154/tosc.v2016.i2.288-306 dblp:journals/tosc/GuoWLZ16 fatcat:besakbj35bgbpm2mfqfocmmwda

Multi-key Analysis of Tweakable Even-Mansour with Applications to Minalpher and OPP

Zhiyuan Guo, Wenling Wu, Renzhang Liu, Liting Zhang
2017 IACR Transactions on Symmetric Cryptology  
As important applications, we utilize our techniques to analyze the authenticated encryption algorithms Minalpher (a second-round candidate of CAESAR) and OPP (proposed at EUROCRYPT 2016) in the multi-key  ...  While our attacks do not contradict the security proofs of Minalpher and OPP in the classical setting, nor pose an immediate threat to their uses, our results demonstrate their security margins in the  ...  We are also grateful to Si Gao for providing useful suggestions on the related experiments.  ... 
doi:10.46586/tosc.v2016.i2.288-306 fatcat:2dg5ktpl3vavzmvl6vcpxkq23q

Authenticated Encryption in the Face of Protocol and Side Channel Leakage [chapter]

Guy Barwell, Daniel P. Martin, Elisabeth Oswald, Martijn Stam
2017 Lecture Notes in Computer Science  
Authenticated encryption schemes in practice have to be robust against adversaries that have access to various types of leakage, for instance decryption leakage on invalid ciphertexts (protocol leakage  ...  Moreover, we show how to achieve authenticated encryption that is simultaneously both misuse resistant and leakage resilient, based on a sufficiently leakage resilient PRF, and finally we propose a concrete  ...  Another idea to provide security is frequent rekeying.  ... 
doi:10.1007/978-3-319-70694-8_24 fatcat:fexpvna2gfdcrmtmysiec42pra
« Previous Showing results 1 — 15 out of 26 results