Filters








112 Hits in 3.5 sec

How to Securely Release Unverified Plaintext in Authenticated Encryption [chapter]

Elena Andreeva, Andrey Bogdanov, Atul Luykx, Bart Mennink, Nicky Mouha, Kan Yasuda
2014 Lecture Notes in Computer Science  
Scenarios in which authenticated encryption schemes output decrypted plaintext before successful verification raise many security issues.  ...  Releasing unverified plaintext then becomes harmless as it is infeasible to distinguish the decryption oracle from the plaintext extractor.  ...  cipher that handles a long ciphertext in one pass without using a large buffer: releasing unverified plaintext to applications often means releasing it to attackers and also requires an analysis of how  ... 
doi:10.1007/978-3-662-45611-8_6 fatcat:72ym7t3oafag5o7jvkx5bidbqq

sp-AELM: Sponge Based Authenticated Encryption Scheme for Memory Constrained Devices [chapter]

Megha Agrawal, Donghoon Chang, Somitra Sanadhya
2015 Lecture Notes in Computer Science  
Example: if we release unverified plaintext in OCB mode, then it is not secure.  ...  Analysis Conclusion Release Unverified Plaintext(RUP) • In ASIACRYPT 2014, Andreeval et.al introduced the first formalization of the releasing unverified plaintext (RUP) setting.  ... 
doi:10.1007/978-3-319-19962-7_26 fatcat:m5oqzzpdj5dn3khooa5oxgmxvm

Boosting Authenticated Encryption Robustness with Minimal Modifications [chapter]

Tomer Ashur, Orr Dunkelman, Atul Luykx
2017 Lecture Notes in Computer Science  
More surprisingly, by introducing minor tweaks such as an additional XOR, we can create a GCM variant which provides security even when unverified plaintext is released.  ...  Secure and highly efficient authenticated encryption (AE) algorithms which achieve data confidentiality and authenticity in the symmetric-key setting have existed for well over a decade.  ...  This work was supported in part by the Research  ... 
doi:10.1007/978-3-319-63697-9_1 fatcat:qaix7jnghzhjdd3ljnwjkst7ze

Rogue Decryption Failures: Reconciling AE Robustness Notions [chapter]

Guy Barwell, Daniel Page, Martijn Stam
2015 Lecture Notes in Computer Science  
We reconcile these three works by providing a reference model of security for authenticated encryption in the face of decryption leakage from invalid queries.  ...  An authenticated encryption scheme is deemed secure (AE) if ciphertexts both look like random bitstrings and are unforgeable. AE is a much stronger notion than the traditional IND-CCA.  ...  [2] moved to a nonce-based setting, introducing a framework to capture the release of unverified plaintexts (RUP). Concurrently, Hoang et al.  ... 
doi:10.1007/978-3-319-27239-9_6 fatcat:gimxhftwavckhfpse5673udcmi

A new authenticated encryption technique for handling long ciphertexts in memory constrained devices

Megha Agrawal, Donghoon Chang, Somitra Kumar Sanadhya
2017 International Journal of Applied Cryptography  
In authenticated encryption schemes, there are two techniques for handling long ciphertexts while working within the constraints of a low buffer size: Releasing unverified plaintext (RUP) or Producing  ...  without releasing or storing any part of an unverified plaintext and without need of generating any intermediate tag.  ...  Recently, Andreeva et. al in ASIACRYPT 2014 [16] provides definitions to formalize an AE scheme's security against release of unverified plaintexts.  ... 
doi:10.1504/ijact.2017.086223 fatcat:avuodvhy3nblvnyi5cm46xpc7e

A new authenticated encryption technique for handling long ciphertexts in memory constrained devices

Megha Agrawal, Somitra Kumar Sanadhya, Donghoon Chang
2017 International Journal of Applied Cryptography  
In authenticated encryption schemes, there are two techniques for handling long ciphertexts while working within the constraints of a low buffer size: Releasing unverified plaintext (RUP) or Producing  ...  without releasing or storing any part of an unverified plaintext and without need of generating any intermediate tag.  ...  Recently, Andreeva et. al in ASIACRYPT 2014 [16] provides definitions to formalize an AE scheme's security against release of unverified plaintexts.  ... 
doi:10.1504/ijact.2017.10007291 fatcat:xtvbm4llmzdzneazf35smqxtli

Forgery And Subkey Recovery On Caesar Candidate Ifeed

Willem Schroé, Bart Mennink, Elena Andreeva, Bart Preneel
2015 Zenodo  
iFeed is a blockcipher-based authenticated encryption design by Zhang, Wu, Sui, and Wang and a first round candidate to the CAESAR competition. iFeed is claimed to achieve confidentiality and authenticity  ...  Furthermore, we show how at the price of just one additional forgery one can learn EK(P∗) for any freely chosen plaintext P∗.  ...  known as the release of unverified plaintext (RUP) setting from [2] .  ... 
doi:10.5281/zenodo.55452 fatcat:gn4c4df3vrelfi25xg64e5mnou

Forgery and Subkey Recovery on CAESAR Candidate iFeed [chapter]

Willem Schroé, Bart Mennink, Elena Andreeva, Bart Preneel
2016 Lecture Notes in Computer Science  
iFeed is a blockcipher-based authenticated encryption design by Zhang, Wu, Sui, and Wang and a first round candidate to the CAESAR competition. iFeed is claimed to achieve confidentiality and authenticity  ...  Furthermore, we show how at the price of just one additional forgery one can learn EK (P * ) for any freely chosen plaintext P * .  ...  known as the release of unverified plaintext (RUP) setting from [2] .  ... 
doi:10.1007/978-3-319-31301-6_11 fatcat:m2vkpjw6brekznfvzvrdcdzhdu

The State of the Authenticated Encryption

Damian Vizár
2016 Tatra Mountains Mathematical Publications  
The notion of authenticated encryption marries these two security goals in a single symmetric-key, cryptographic primitive.  ...  The recent Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) has boosted the research activity in this area even more.  ...  The release of unverified plaintext is another type of misuse that can occur in practice, as many schemes decrypt a ciphertext to a putative plaintext before the final authentication check.  ... 
doi:10.1515/tmmp-2016-0038 fatcat:vnvjfj73yvff7ovjqagtwdpena

Xoodyak, a lightweight cryptographic scheme

Joan Daemen, Seth Hoffert, Michaël Peeters, Gilles Van Assche, Ronny Van Keer
2020 IACR Transactions on Symmetric Cryptology  
In this paper, we present Xoodyak, a cryptographic primitive that can be used for hashing, encryption, MAC computation and authenticated encryption.  ...  It inherently hashes the history of all operations in its state, allowing to derive its resistance against generic attacks from that of the full-state keyed duplex.  ...  of unverified decrypted ciphertext in authenticated encryption).  ... 
doi:10.13154/tosc.v2020.is1.60-87 dblp:journals/tosc/DaemenHPAK20 fatcat:zpgfemwxf5cljcetkxbwlczsem

HS1-RIV: Improved Efficiency for Authenticated Encryption

Abhishek Bhardwaj, Subhranil Som, S K. Muttoo
2018 International Journal of Engineering & Technology  
Many attacks are present in the present time, which can break any simple encryption in no time.  ...  Therefore, researchers have proposed and proved various techniques, which can work along encryption and can increase security by many folds.  ...  The advantage of RAE is that it provides security even in the case when unverified plaintext is released; and in addition, it inherits all the advantages of SAE.  ... 
doi:10.14419/ijet.v7i2.7.10871 fatcat:m7srubexx5dcvhyufnevrrpbxq

Collision Attacks Against CAESAR Candidates [chapter]

Thomas Fuhr, Gaëtan Leurent, Valentin Suder
2015 Lecture Notes in Computer Science  
Marble claims security against nonce-repetition, and against release of unverified plaintexts, but cannot hide common prefixes in case of nonce reuse (Marble is online).  ...  In this paper we study authenticated encryption algorithms inspired by the OCB mode (Offset Codebook).  ...  The authors define the security notion of Robust AE, which is the optimal security achievable when nonces are repeated, and unverified plaintexts are released.  ... 
doi:10.1007/978-3-662-48800-3_21 fatcat:h6yugpgyqnbz5ori3b332g4fzq

Scope: On the Side Channel Vulnerability of Releasing Unverified Plaintexts [chapter]

Dhiman Saha, Dipanwita Roy Chowdhury
2016 Lecture Notes in Computer Science  
In this work we try to asses the idea of releasing unverified plaintexts in the light of side channel attacks like fault attacks.  ...  We further show a case-study on the APE authenticated encryption scheme and reduce its key space from 2 160 to 2 50 using 12 faults and to 2 24 using 16 faults on the decryption module.  ...  Introduction In conventional security notions of Authenticated Encryption (AE), release of decrypted plaintext is subject to successful verification.  ... 
doi:10.1007/978-3-319-31301-6_24 fatcat:cmx7fefskreu5pes6r7ccb2cvq

Understanding RUP Integrity of COLM

Nilanjan Datta, Atul Luykx, Bart Mennink, Mridul Nandi
2017 IACR Transactions on Symmetric Cryptology  
In this work, we investigate the integrity of the COLM structure when unverified plaintext is released, and demonstrate that its security highly depends on the choice of mixing function.  ...  The authenticated encryption scheme COLM is a third-round candidate in the CAESAR competition.  ...  Authenticated Encryption We focus on authenticated encryption in the context of the release of unverified plaintext (RUP), and as in [ABL + 14] we separate the decryption algorithm into plaintext computation  ... 
doi:10.46586/tosc.v2017.i2.143-161 fatcat:an4sxv7v5nby5ckmkzy6docv7a

Understanding RUP Integrity of COLM

Nilanjan Datta, Atul Luykx, Bart Mennink, Mridu Nandi
2017 IACR Transactions on Symmetric Cryptology  
In this work, we investigate the integrity of the COLM structure when unverified plaintext is released, and demonstrate that its security highly depends on the choice of mixing function.  ...  The authenticated encryption scheme COLM is a third-round candidate in the CAESAR competition.  ...  Authenticated Encryption We focus on authenticated encryption in the context of the release of unverified plaintext (RUP), and as in [ABL + 14] we separate the decryption algorithm into plaintext computation  ... 
doi:10.13154/tosc.v2017.i2.143-161 dblp:journals/tosc/DattaLMN17 fatcat:al4rc55izfalve2xfpamrerlb4
« Previous Showing results 1 — 15 out of 112 results