Filters








1,653 Hits in 5.4 sec

Concrete Security Characterizations of PRFs and PRPs: Reductions and Applications [chapter]

Anand Desai, Sara Miner
2000 Lecture Notes in Computer Science  
By analyzing the concrete complexity of the reductions between the standard notions and the alternate ones, we show that the latter, while equivalent under polynomial-time reductions, are weaker in the  ...  We investigate several alternate characterizations of pseudorandom functions (PRFs) and pseudorandom permutations (PRPs) in a concrete security setting.  ...  This work was completed while the first author was a student at the University of California at San Diego, USA.  ... 
doi:10.1007/3-540-44448-3_39 fatcat:vcptxl7dmjfdxall7ucwfhbwgi

A New and Improved Reduction Proof of Cascade PRF [article]

Mridul Nandi
2021 IACR Cryptology ePrint Archive  
The prefix-free PRF (pseudorandom function) security of a cascade function based on a compression function f against a q-query distinguisher is reduced to a q-query PRF security of f with a tightness gap  ...  As an immediate application of our result, we have shown multiuser security of NMAC, HMAC and many other MACs for the first time.  ...  We would like to thank Alfred Menezes and Suprita Talnikar for their valuable comments.  ... 
dblp:journals/iacr/Nandi21 fatcat:urk54kl2mvdjhaxza4ii3jj4lu

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation [chapter]

Dan Boneh, Mark Zhandry
2014 Lecture Notes in Computer Science  
R ← Y and returns y b We require that each x given to RoR are distinct, lie outside of S, and are distinct from all of the x given to the PRF oracle.  ...  All of our constructions employ the punctured PRF technique introduced by Sahai and Waters [SW13].  ...  We thank Brent Waters for suggesting adding capabilities to existing systems such as RSA, and for comments on the definitions of security for key exchange protocols.  ... 
doi:10.1007/978-3-662-44371-2_27 fatcat:3cz3xxubczc53kvim4j3e5mffy

Security of Symmetric Primitives under Incorrect Usage of Keys

Pooya Farshim, Claudio Orlandi, Razvan Rosie
2017 IACR Transactions on Symmetric Cryptology  
We show robust encryption and MACs compose well through generic composition, and identify robust PRFs as the main primitive used in building robust schemes.  ...  We study the security of symmetric primitives under the incorrect usage of keys. Roughly speaking, a key-robust scheme does not output ciphertexts/tags that are valid with respect to distinct keys.  ...  Orlandi was supported by the Danish Independent Research Council and COST Action IC1306.  ... 
doi:10.46586/tosc.v2017.i1.449-473 fatcat:d7vmwtelnngtnbao33znw3wo3e

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Dan Boneh, Mark Zhandry
2016 Algorithmica  
R ← Y and returns y b We require that each x given to RoR are distinct, lie outside of S, and are distinct from all of the x given to the PRF oracle.  ...  All of our constructions employ the punctured PRF technique introduced by Sahai and Waters [SW13].  ...  We thank Brent Waters for suggesting adding capabilities to existing systems such as RSA, and for comments on the definitions of security for key exchange protocols.  ... 
doi:10.1007/s00453-016-0242-8 fatcat:rkwrtoma7nbehl4b23wztuq3vu

Security of Symmetric Primitives under Incorrect Usage of Keys

Pooya Farshim, Claudio Orlandi, Razvan Rosie
2017 IACR Transactions on Symmetric Cryptology  
We show robust encryption and MACs compose well through generic composition, and identify robust PRFs as the main primitive used in building robust schemes.  ...  We study the security of symmetric primitives under the incorrect usage of keys. Roughly speaking, a key-robust scheme does not output ciphertexts/tags that are valid with respect to distinct keys.  ...  Orlandi was supported by the Danish Independent Research Council and COST Action IC1306.  ... 
doi:10.13154/tosc.v2017.i1.449-473 dblp:journals/tosc/FarshimOR17 fatcat:instduhoojfrdjga6tmxdjsyky

A Simple Variant of the Merkle–Damgård Scheme with a Permutation

Shoichi Hirose, Je Hong Park, Aaram Yun
2010 Journal of Cryptology  
And we study the security of simple MAC constructions out of this scheme.  ...  We analyze the security of this scheme using the indifferentiability formalism, which was first adopted by Coron et al. to the analysis of hash functions.  ...  Acknowledgements We would like to thank the anonymous reviewers for their valuable comments. The first author was supported in part by International Communications Foundation (ICF).  ... 
doi:10.1007/s00145-010-9095-5 fatcat:xysauhxrejdwhhcqu2zres4nwy

Generic Compilers for Authenticated Key Exchange [chapter]

Tibor Jager, Florian Kohlar, Sven Schäge, Jörg Schwenk
2010 Lecture Notes in Computer Science  
The constructions are generic: key agreement is executed first and results (without intervention of the adversary) in a secret session key on both sides.  ...  This fact enables efficient attacks on the naïve combination of these protocols.  ...  signatures are existential unforgeable under (non-adaptive) chosen-message attacks, and that the MAC and PRF meet their standard security notions.  ... 
doi:10.1007/978-3-642-17373-8_14 fatcat:foph2ludwrht5gl46czpnyhkjm

Authenticated Encryption in the Face of Protocol and Side Channel Leakage [chapter]

Guy Barwell, Daniel P. Martin, Elisabeth Oswald, Martijn Stam
2017 Lecture Notes in Computer Science  
Moreover, we show how to achieve authenticated encryption that is simultaneously both misuse resistant and leakage resilient, based on a sufficiently leakage resilient PRF, and finally we propose a concrete  ...  This work includes several novel contributions: we augment the notion of nonce-base authenticated encryption with the notion of continuous leakage and we prove composition results in the face of protocol  ...  For a PRF to be used within a composition theorem, adaptive security is required. Finally, Martin et al. [35] provide a MAC which is secure against leakage on the tagging function only.  ... 
doi:10.1007/978-3-319-70694-8_24 fatcat:fexpvna2gfdcrmtmysiec42pra

Modes of Operation Suitable for Computing on Encrypted Data

Dragos Rotaru, Nigel P. Smart, Martijn Stam
2017 IACR Transactions on Symmetric Cryptology  
These two modes are selected because they suit the PRFs examined in previous works. In particular the modes are highly parallel, and do not require evaluation of the inverse of the underlying PRF.  ...  In doing this conversion we examine the associated security proofs of PMAC and OTR, and show that they carry over to this new setting.  ...  IND-CPA) secure, and then authenticate the nonce and the obtained ciphertext with a tag generated from a secure MAC function MacGen.  ... 
doi:10.13154/tosc.v2017.i3.294-324 dblp:journals/tosc/RotaruSS17 fatcat:shef7sk2pba57kb5dy5nugrlia

New Paradigms for Constructing Symmetric Encryption Schemes Secure against Chosen-Ciphertext Attack [chapter]

Anand Desai
2000 Lecture Notes in Computer Science  
We relate the difficulty of breaking our schemes to that of breaking the underlying primitives in a precise and quantitative way.  ...  Our most efficient scheme is based on a novel use of "variable-length" pseudorandom functions and can be efficiently implemented using block ciphers.  ...  Many of the ideas and motivation for the problem considered here came out of collaboration with Daniel Bleichenbacher.  ... 
doi:10.1007/3-540-44598-6_25 fatcat:csujee5wojawdczoljoaeigsku

Message Authentication, Revisited [chapter]

Yevgeniy Dodis, Eike Kiltz, Krzysztof Pietrzak, Daniel Wichs
2012 Lecture Notes in Computer Science  
converted to deterministic one using a PRF by replacing the random coins with the output of the PRF (where the key for the PRF is part of the MAC key, and the input to the PRF is the message to be authenticated  ...  In contrast, stateof-the art discrete-log-type PRFs either require a key of quadratic size in the security parameter (e.g. the NR PRF [38]), or a number of exponentiations linear in the security parameter  ...  Acknowledgements We thank Elette Boyle for valuable comments on an earlier draft, and Abhishek Banerjee, Chris Peikert, and Alon Rosen for finding a mistake in an earlier version of the paper.  ... 
doi:10.1007/978-3-642-29011-4_22 fatcat:3ubsjfejwfcydd3sjgojv7xfpe

Modes of Operation Suitable for Computing on Encrypted Data

Dragos Rotaru, Nigel P. Smart, Martijn Stam
2017 IACR Transactions on Symmetric Cryptology  
These two modes are selected because they suit the PRFs examined in previous works. In particular the modes are highly parallel, and do not require evaluation of the inverse of the underlying PRF.  ...  In doing this conversion we examine the associated security proofs of PMAC and OTR, and show that they carry over to this new setting.  ...  IND-CPA) secure, and then authenticate the nonce and the obtained ciphertext with a tag generated from a secure MAC function MacGen.  ... 
doi:10.46586/tosc.v2017.i3.294-324 fatcat:ums2prp45jhkpnulf2grrbfmwq

The Exact PRF-Security of NMAC and HMAC [chapter]

Peter Gaži, Krzysztof Pietrzak, Michal Rybár
2014 Lecture Notes in Computer Science  
This also violates the bound O( ε) on the PRF-security of NMAC recently claimed by Koblitz and Menezes.  ...  -Our first contribution is a simpler and uniform proof for this fact: If f is an ε-secure PRF (against q queries) and a δ-non-adaptively secure PRF (against q queries), then NMAC f is an (ε + qδ)-secure  ...  We thank the anonymous reviewers for useful comments and suggestions. This work was partly funded by the European Research Council under an ERC Starting Grant (259668-PSPC).  ... 
doi:10.1007/978-3-662-44371-2_7 fatcat:73lqg3xzgnbdbk4oyf5x5c7yeu

Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

Olivier Pereira, François-Xavier Standaert, Srinivas Vivek
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
So far, the literature has mostly focused on the design of leakage-resilient pseudorandom objects (e.g. PRGs, PRFs, PRPs).  ...  Based on these premises, we propose and analyse new constructions of leakage-resilient MAC and encryption schemes, which allow fixing security and efficiency drawbacks of previous proposals in this direction  ...  François-Xavier Standaert is a research associate of the Belgian Fund for Scientific Research (F.R.S.-FNRS).  ... 
doi:10.1145/2810103.2813626 dblp:conf/ccs/PereiraSV15 fatcat:6hn42jlvrrdjbjykjsolxjw6w4
« Previous Showing results 1 — 15 out of 1,653 results