Does Encryption with Redundancy Provide Authenticity? [chapter]

Jee Hea An, Mihir Bellare
2001 Lecture Notes in Computer Science  
A popular paradigm for achieving privacy plus authenticity is to append some "redundancy" to the data before encrypting. The redundancy is computed by applying a redundancy function to the data. We investigate the security of this paradigm at both a general and a specific level. We consider various possible notions of privacy for the base encryption scheme, and for each such notion we provide a condition on the redundancy function that is necessary and sufficient to ensure authenticity of the
more » ... cryption-with-redundancy scheme. We then consider the case where the base encryption scheme is a variant of CBC called NCBC, and find sufficient conditions on the redundancy functions for NCBC encryption-with-redundancy to provide authenticity. Our results highlight an important distinction between public redundancy functions, meaning those that the adversary can compute, and secret ones, meaning those that depend on the shared key between the legitimate parties.
doi:10.1007/3-540-44987-6_31 fatcat:nsdxoiynybe3pawyyuvw3dxha4