Filters








30 Hits in 2.1 sec

The mF mode of authenticated encryption with associated data

Bishwajit Chakraborty, Mridul Nandi
2022 Journal of Mathematical Cryptology  
In this article, we propose a tweakable block cipher (TBC)-based authenticated encryption with associated data (AEAD) scheme, which we call mF {\mathsf{mF}} .  ...  We call an AEAD adversary nonce respecting when it doesn't make more than one encryption query with the same nonce.  ...  Note that the decryption queries are not necessarily nonce respecting, i.e., nonce can be repeated in the decryption queries, and an encryption query and a decryption query can use the same nonce.  ... 
doi:10.1515/jmc-2020-0054 fatcat:5x6ifouytned7cblkpxnl2ydri

People Who Live in Glass Houses Should not Throw Stones: Targeted Opening Message Franking Schemes [article]

Long Chen, Qiang Tang
2018 IACR Cryptology ePrint Archive  
To tackle this problem, we propose a new primitive called targeted opening compactly committing AEAD (TOCE for short).  ...  We also propose a privacyefficiency trade off if we can relax the security of non-opened messages to be one way secure after the abusive reporting (they are still semantically secure if no opening).  ...  We notice that in the verification algorithm, the input includes the entire message.  ... 
dblp:journals/iacr/ChenT18 fatcat:sqzshxudabbgrd7bu3p6xt6vmm

A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer [article]

Antoine Delignat-Lavaud, Cédric Fournet, Bryan Parno, Jonathan Protzenko, Tahina Ramananandro, Jay Bosamiya, Joseph Lallemand, Itsaka Rakotonirina, Yi Zhou
2020 IACR Cryptology ePrint Archive  
To capture its goals, we propose a security definition for authenticated encryption with semi-implicit nonces.  ...  We show that QUIC uses an instance of a generic construction parameterized by a standard AEAD-secure scheme and a PRF-secure cipher. We formalize and verify the security of this construction in F .  ...  Therefore, encryption nonces cannot be implicit, which causes both communication overhead (full nonces are usually 12 bytes) and privacy concerns: if full nonces are sent on the wire, they can be used  ... 
dblp:journals/iacr/Delignat-Lavaud20 fatcat:q6ceuxyjnnab7isgh2klqcwqwa

Attacks on the Authenticated Encryption Mode of Operation PAE

Debrup Chakraborty, Mridul Nandi
2015 IEEE Transactions on Information Theory  
The message space M of insOCB contains binary strings whose lengths are multiples of n and are at most Ln bits long. The nonce space is {0, 1} n .  ...  The AEAD constructions PAEAD and PAEAD-1 which are constructed using PAE and PAE-1, respectively, are also insecure. 2) A message authentication code named iPMAC was also proposed in [6] .  ...  the adversary of producing a forgery with the nonce N (q) .  ... 
doi:10.1109/tit.2015.2461532 fatcat:bi5dbk4y3jbgfjn2rrdng5ozq4

TEDT, a Leakage-Resilient AEAD mode for High (Physical) Security Applications [article]

Francesco Berti, Chun Guo, Olivier Pereira, Thomas Peters, François-Xavier Standaert
2019 IACR Cryptology ePrint Archive  
(ii) It offers nonce misuse-resilience, that is, the repetition of nonces does not impact the security of ciphertexts produced with fresh nonces.  ...  We propose TEDT, a new Authenticated Encryption with Associated Data (AEAD) mode leveraging Tweakable Block Ciphers (TBCs).  ...  Thomas Peters and Franc ¸ois-Xavier Standaert are respectively postdoctoral researcher and senior associate researcher of the Belgian Fund for Scientific Research (FNRS-F.R.S.).  ... 
dblp:journals/iacr/BertiGPPS19 fatcat:ua3js7itxbh2rnekv3erffkhti

Boosting OMD for Almost Free Authentication of Associated Data [chapter]

Reza Reyhanitabar, Serge Vaudenay, Damian Vizár
2015 Lecture Notes in Computer Science  
We note that neither OMD nor p-OMD satisfy the nonce-reuse misuse-resistance notions defined in [15, 27] .  ...  Misuse-resistant variants of OMD are recently proposed in [22] , but in these variants the encryption process is not online and they are less efficient than OMD.  ...  We thank Tomer Ashur and Bart Mennink for pointing out a mistaken claim about authenticity under nonce misuse in the preproceedings of this paper.  ... 
doi:10.1007/978-3-662-48116-5_20 fatcat:b6siyhtdbzcxxmagxzpfh3thfu

TEDT, a Leakage-Resist AEAD Mode for High Physical Security Applications

Francesco Berti, Chun Guo, Olivier Pereira, Thomas Peters, François-Xavier Standaert
2019 Transactions on Cryptographic Hardware and Embedded Systems  
(ii) It offers nonce misuse-resilience, that is, the repetition of nonces does not impact the security of ciphertexts produced with fresh nonces.  ...  We propose TEDT, a new Authenticated Encryption with Associated Data (AEAD) mode leveraging Tweakable Block Ciphers (TBCs).  ...  Here, we will focus on leaking AEAD with nonce-misuse-resistant integrity and nonce-misuseresilient confidentiality (as mentioned earlier, nonce-misuse-resistant confidentiality seems unachievable, see  ... 
doi:10.13154/tches.v2020.i1.256-320 dblp:journals/tches/BertiGPPS20 fatcat:kqbuclxmdjdcxn4ai4ihgsa7ce

Hedging Public-Key Encryption in the Real World [chapter]

Alexandra Boldyreva, Christopher Patton, Thomas Shrimpton
2017 Lecture Notes in Computer Science  
Hedged PKE schemes are designed to provide useful security when the permessage randomness fails to be uniform, say, due to faulty implementations or adversarial actions.  ...  Thus application developers are forced to piece together low-level functionalities and attend to any associated, security-critical algorithmic choices.  ...  Acknowledgments Christopher Patton and Thomas Shrimpton are supported by NSF grant CNS-1564446. Alexandra Boldyreva is supported in part by NSF grants CNS-1318511 and CNS-1422794.  ... 
doi:10.1007/978-3-319-63697-9_16 fatcat:xphbmdkgbrh2hjpiejndsfwf7i

Multi-key Analysis of Tweakable Even-Mansour with Applications to Minalpher and OPP

Zhiyuan Guo, Wenling Wu, Renzhang Liu, Liting Zhang
2017 IACR Transactions on Symmetric Cryptology  
We describe knownplaintext attacks on Minalpher and OPP without nonce misuse, which enable us to recover almost all O(2n/3) independent masks by making O(2n/3) queries per key and costing O(22n/3) memory  ...  After defining appropriate iterated functions and accordingly changing the mode of creating chains, we improve the basic blockwiseadaptive chosen-plaintext attack to make it also applicable for the nonce-respecting  ...  We are also grateful to Si Gao for providing useful suggestions on the related experiments.  ... 
doi:10.46586/tosc.v2016.i2.288-306 fatcat:2dg5ktpl3vavzmvl6vcpxkq23q

Multi-key Analysis of Tweakable Even-Mansour with Applications to Minalpher and OPP

Zhiyuan Guo, Wenling Wu, Renzhang Liu, Liting Zhang
2017 IACR Transactions on Symmetric Cryptology  
We describe knownplaintext attacks on Minalpher and OPP without nonce misuse, which enable us to recover almost all O(2n/3) independent masks by making O(2n/3) queries per key and costing O(22n/3) memory  ...  After defining appropriate iterated functions and accordingly changing the mode of creating chains, we improve the basic blockwiseadaptive chosen-plaintext attack to make it also applicable for the nonce-respecting  ...  We are also grateful to Si Gao for providing useful suggestions on the related experiments.  ... 
doi:10.13154/tosc.v2016.i2.288-306 dblp:journals/tosc/GuoWLZ16 fatcat:besakbj35bgbpm2mfqfocmmwda

Private Message Franking with After Opening Privacy [article]

Iraklis Leontiadis, Serge Vaudenay
2018 IACR Cryptology ePrint Archive  
A novel cryptographic primitive: committing AEAD has been initiated, whose functionality apart from confidentiality and authenticity asks for a compact commitment over the message, which is delivered to  ...  We provide to the best of our knowledge the first formal treatment of message franking protocols with minimum leakage whereby only the abusive blocks are opened, while the rest non-abusive blocks of the  ...  Notice that compared with CEP2, enumeration of nonces goes for each different key stream P i , i = 1 . . . m, for each block b i . We let q queries for each different key stream.  ... 
dblp:journals/iacr/LeontiadisV18 fatcat:yjwb2fql75eg7hufcgufwo47t4

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

Sudheesh Singanamalla, Suphanat Chunhapanya, Jonathan Hoyland, Marek Vavruša, Tanya Verma, Peter Wu, Marwan Fayed, Kurtis Heimerl, Nick Sullivan, Christopher Wood
2021 Proceedings on Privacy Enhancing Technologies  
Finally we give the attacker the ability to compromise the security of AEADs if keys and nonces are reused. Obviously against an adversary such as this, ODoH is not secure.  ...  As we will discuss in Section 4.5 if we consider nonce reuse attacks against the AEAD this property does not hold.  ... 
doi:10.2478/popets-2021-0085 fatcat:gpk3r3bmazcf3owtdlmup5t3fm

A Surfeit of SSH Cipher Suites

Martin R. Albrecht, Jean Paul Degabriele, Torben Brandt Hansen, Kenneth G. Paterson
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
At the same time, 886,449 Dropbear servers in our first scan are vulnerable to a variant of the original CBCmode attack.  ...  From our first scan, we found 130,980 OpenSSH servers that are still vulnerable to the CBC-modespecific attack of Albrecht et al.  ...  and that copies bear this notice and the full citation on the first page.  ... 
doi:10.1145/2976749.2978364 dblp:conf/ccs/AlbrechtDHP16 fatcat:gck6nc7yibaf5pz4tqr2ihxlye

Improved Leakage-Resistant Authenticated Encryption based on Hardware AES Coprocessors

Olivier Bronchain, Charles Momin, Thomas Peters, François-Xavier Standaert
2021 Transactions on Cryptographic Hardware and Embedded Systems  
We revisit Unterstein et al.'s leakage-resilient authenticated encryption scheme from CHES 2020.  ...  Acknowledgments Thomas Peters and François-Xavier Standaert are respectively research associate and senior research associate of the Belgian Fund for Scientific Research (F.R.S.-FNRS).  ...  L ← E 2L+D (L + C) ⊕ (L + C Integrity in the presence of leakage: formal analysis Definition 1 (Nonce-Based AEAD [Rog02] ).  ... 
doi:10.46586/tches.v2021.i3.641-676 fatcat:7bq2ute76jcghnnc4f7563qm3u

SAID: Reshaping Signal into an Identity-Based Asynchronous Messaging Protocol with Authenticated Ratcheting

Olivier Blazy, Angele Bossuat, Xavier Bultel, Pierre-Alain Fouque, Cristina Onete, Elena Pagnin
2019 2019 IEEE European Symposium on Security and Privacy (EuroS&P)  
In this paper, we revisit Signal, describing some attacks against the original design and proposing SAID: Signal Authenticated and IDentity-based.  ...  These features are achieved thanks to a key-ratcheting mechanism that updates the key material at every message.  ...  A malicious server could set up Man-in-the-Middle attacks in each ongoing conversation without being noticed.  ... 
doi:10.1109/eurosp.2019.00030 dblp:conf/eurosp/BlazyBBFOP19 fatcat:mnluvigmtjgj7f2aqqdqjdsptu
« Previous Showing results 1 — 15 out of 30 results