A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Filters
The mF mode of authenticated encryption with associated data
2022
Journal of Mathematical Cryptology
Preserved Fulltext
In this article, we propose a tweakable block cipher (TBC)-based authenticated encryption with associated data (AEAD) scheme, which we call mF {\mathsf{mF}} . ...
We call an AEAD adversary nonce respecting when it doesn't make more than one encryption query with the same nonce. ...
Note that the decryption queries are not necessarily nonce respecting, i.e., nonce can be repeated in the decryption queries, and an encryption query and a decryption query can use the same nonce. ...
doi:10.1515/jmc-2020-0054
fatcat:5x6ifouytned7cblkpxnl2ydri
People Who Live in Glass Houses Should not Throw Stones: Targeted Opening Message Franking Schemes
[article]
2018
IACR Cryptology ePrint Archive
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
To tackle this problem, we propose a new primitive called targeted opening compactly committing AEAD (TOCE for short). ...
We also propose a privacyefficiency trade off if we can relax the security of non-opened messages to be one way secure after the abusive reporting (they are still semantically secure if no opening). ...
We notice that in the verification algorithm, the input includes the entire message. ...
dblp:journals/iacr/ChenT18
fatcat:sqzshxudabbgrd7bu3p6xt6vmm
A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer
[article]
2020
IACR Cryptology ePrint Archive
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
To capture its goals, we propose a security definition for authenticated encryption with semi-implicit nonces. ...
We show that QUIC uses an instance of a generic construction parameterized by a standard AEAD-secure scheme and a PRF-secure cipher. We formalize and verify the security of this construction in F . ...
Therefore, encryption nonces cannot be implicit, which causes both communication overhead (full nonces are usually 12 bytes) and privacy concerns: if full nonces are sent on the wire, they can be used ...
dblp:journals/iacr/Delignat-Lavaud20
fatcat:q6ceuxyjnnab7isgh2klqcwqwa
Attacks on the Authenticated Encryption Mode of Operation PAE
2015
IEEE Transactions on Information Theory
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
The message space M of insOCB contains binary strings whose lengths are multiples of n and are at most Ln bits long. The nonce space is {0, 1} n . ...
The AEAD constructions PAEAD and PAEAD-1 which are constructed using PAE and PAE-1, respectively, are also insecure. 2) A message authentication code named iPMAC was also proposed in [6] . ...
the adversary of producing a forgery with the nonce N (q) . ...
doi:10.1109/tit.2015.2461532
fatcat:bi5dbk4y3jbgfjn2rrdng5ozq4
TEDT, a Leakage-Resilient AEAD mode for High (Physical) Security Applications
[article]
2019
IACR Cryptology ePrint Archive
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
(ii) It offers nonce misuse-resilience, that is, the repetition of nonces does not impact the security of ciphertexts produced with fresh nonces. ...
We propose TEDT, a new Authenticated Encryption with Associated Data (AEAD) mode leveraging Tweakable Block Ciphers (TBCs). ...
Thomas Peters and Franc ¸ois-Xavier Standaert are respectively postdoctoral researcher and senior associate researcher of the Belgian Fund for Scientific Research (FNRS-F.R.S.). ...
dblp:journals/iacr/BertiGPPS19
fatcat:ua3js7itxbh2rnekv3erffkhti
Boosting OMD for Almost Free Authentication of Associated Data
[chapter]
2015
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We note that neither OMD nor p-OMD satisfy the nonce-reuse misuse-resistance notions defined in [15, 27] . ...
Misuse-resistant variants of OMD are recently proposed in [22] , but in these variants the encryption process is not online and they are less efficient than OMD. ...
We thank Tomer Ashur and Bart Mennink for pointing out a mistaken claim about authenticity under nonce misuse in the preproceedings of this paper. ...
doi:10.1007/978-3-662-48116-5_20
fatcat:b6siyhtdbzcxxmagxzpfh3thfu
TEDT, a Leakage-Resist AEAD Mode for High Physical Security Applications
2019
Transactions on Cryptographic Hardware and Embedded Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
(ii) It offers nonce misuse-resilience, that is, the repetition of nonces does not impact the security of ciphertexts produced with fresh nonces. ...
We propose TEDT, a new Authenticated Encryption with Associated Data (AEAD) mode leveraging Tweakable Block Ciphers (TBCs). ...
Here, we will focus on leaking AEAD with nonce-misuse-resistant integrity and nonce-misuseresilient confidentiality (as mentioned earlier, nonce-misuse-resistant confidentiality seems unachievable, see ...
doi:10.13154/tches.v2020.i1.256-320
dblp:journals/tches/BertiGPPS20
fatcat:kqbuclxmdjdcxn4ai4ihgsa7ce
Hedging Public-Key Encryption in the Real World
[chapter]
2017
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Hedged PKE schemes are designed to provide useful security when the permessage randomness fails to be uniform, say, due to faulty implementations or adversarial actions. ...
Thus application developers are forced to piece together low-level functionalities and attend to any associated, security-critical algorithmic choices. ...
Acknowledgments Christopher Patton and Thomas Shrimpton are supported by NSF grant CNS-1564446. Alexandra Boldyreva is supported in part by NSF grants CNS-1318511 and CNS-1422794. ...
doi:10.1007/978-3-319-63697-9_16
fatcat:xphbmdkgbrh2hjpiejndsfwf7i
Multi-key Analysis of Tweakable Even-Mansour with Applications to Minalpher and OPP
2017
IACR Transactions on Symmetric Cryptology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We describe knownplaintext attacks on Minalpher and OPP without nonce misuse, which enable us to recover almost all O(2n/3) independent masks by making O(2n/3) queries per key and costing O(22n/3) memory ...
After defining appropriate iterated functions and accordingly changing the mode of creating chains, we improve the basic blockwiseadaptive chosen-plaintext attack to make it also applicable for the nonce-respecting ...
We are also grateful to Si Gao for providing useful suggestions on the related experiments. ...
doi:10.46586/tosc.v2016.i2.288-306
fatcat:2dg5ktpl3vavzmvl6vcpxkq23q
Multi-key Analysis of Tweakable Even-Mansour with Applications to Minalpher and OPP
2017
IACR Transactions on Symmetric Cryptology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We describe knownplaintext attacks on Minalpher and OPP without nonce misuse, which enable us to recover almost all O(2n/3) independent masks by making O(2n/3) queries per key and costing O(22n/3) memory ...
After defining appropriate iterated functions and accordingly changing the mode of creating chains, we improve the basic blockwiseadaptive chosen-plaintext attack to make it also applicable for the nonce-respecting ...
We are also grateful to Si Gao for providing useful suggestions on the related experiments. ...
doi:10.13154/tosc.v2016.i2.288-306
dblp:journals/tosc/GuoWLZ16
fatcat:besakbj35bgbpm2mfqfocmmwda
Private Message Franking with After Opening Privacy
[article]
2018
IACR Cryptology ePrint Archive
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
A novel cryptographic primitive: committing AEAD has been initiated, whose functionality apart from confidentiality and authenticity asks for a compact commitment over the message, which is delivered to ...
We provide to the best of our knowledge the first formal treatment of message franking protocols with minimum leakage whereby only the abusive blocks are opened, while the rest non-abusive blocks of the ...
Notice that compared with CEP2, enumeration of nonces goes for each different key stream P i , i = 1 . . . m, for each block b i . We let q queries for each different key stream. ...
dblp:journals/iacr/LeontiadisV18
fatcat:yjwb2fql75eg7hufcgufwo47t4
Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS
2021
Proceedings on Privacy Enhancing Technologies
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Finally we give the attacker the ability to compromise the security of AEADs if keys and nonces are reused. Obviously against an adversary such as this, ODoH is not secure. ...
As we will discuss in Section 4.5 if we consider nonce reuse attacks against the AEAD this property does not hold. ...
doi:10.2478/popets-2021-0085
fatcat:gpk3r3bmazcf3owtdlmup5t3fm
A Surfeit of SSH Cipher Suites
2016
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
At the same time, 886,449 Dropbear servers in our first scan are vulnerable to a variant of the original CBCmode attack. ...
From our first scan, we found 130,980 OpenSSH servers that are still vulnerable to the CBC-modespecific attack of Albrecht et al. ...
and that copies bear this notice and the full citation on the first page. ...
doi:10.1145/2976749.2978364
dblp:conf/ccs/AlbrechtDHP16
fatcat:gck6nc7yibaf5pz4tqr2ihxlye
Improved Leakage-Resistant Authenticated Encryption based on Hardware AES Coprocessors
2021
Transactions on Cryptographic Hardware and Embedded Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
We revisit Unterstein et al.'s leakage-resilient authenticated encryption scheme from CHES 2020. ...
Acknowledgments Thomas Peters and François-Xavier Standaert are respectively research associate and senior research associate of the Belgian Fund for Scientific Research (F.R.S.-FNRS). ...
L ← E 2L+D (L + C) ⊕ (L + C
Integrity in the presence of leakage: formal analysis Definition 1 (Nonce-Based AEAD [Rog02] ). ...
doi:10.46586/tches.v2021.i3.641-676
fatcat:7bq2ute76jcghnnc4f7563qm3u
SAID: Reshaping Signal into an Identity-Based Asynchronous Messaging Protocol with Authenticated Ratcheting
2019
2019 IEEE European Symposium on Security and Privacy (EuroS&P)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
In this paper, we revisit Signal, describing some attacks against the original design and proposing SAID: Signal Authenticated and IDentity-based. ...
These features are achieved thanks to a key-ratcheting mechanism that updates the key material at every message. ...
A malicious server could set up Man-in-the-Middle attacks in each ongoing conversation without being noticed. ...
doi:10.1109/eurosp.2019.00030
dblp:conf/eurosp/BlazyBBFOP19
fatcat:mnluvigmtjgj7f2aqqdqjdsptu
« Previous
Showing results 1 — 15 out of 30 results