blockcipher based authentcated encryption how small can
play

Blockcipher-based Authentcated Encryption: How Small Can We Go? - PowerPoint PPT Presentation

Jan 31, 2024 •93 likes •457 views

Introduction Idealized Combined Feedback Construction : iCOFB Specification for COFB Hardware Implimentation Results of COFB Conclusion Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian Statistical

  1. Introduction Idealized Combined Feedback Construction : iCOFB Specification for COFB Hardware Implimentation Results of COFB Conclusion Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian Statistical Institute, Kolkata) Tetsu Iwata (Nagoya University, Japan) Kazuhiko Minematsu (NEC Corporation, Japan) Mridul Nandi (Indian Statistical Institute, Kolkata) September, 2016 COFB

  2. Introduction Idealized Combined Feedback Construction : iCOFB Specification for COFB Hardware Implimentation Results of COFB Conclusion Introduction 1 Idealized Combined Feedback Construction : iCOFB 2 Specification for COFB 3 Hardware Implimentation Results of COFB 4 Conclusion 5 COFB

  3. Introduction Idealized Combined Feedback Construction : iCOFB Specification for COFB Hardware Implimentation Results of COFB Conclusion Authenticated Encryption (AE) More Formally.... AE . enc : M×D×N ×K → C AE . dec : C × D × N × K → M∪ ⊥ Goal Primitive Security Privacy Symmetric Encryption IND-CPA Integrity MAC/Others INT-CTXT Table: Security Properties COFB

  4. Introduction Idealized Combined Feedback Construction : iCOFB Specification for COFB Hardware Implimentation Results of COFB Conclusion IND-CPA Security for Privacy E k ( . ) $( . ) ( N i , A i , M i ) ( N i , A i , M i ) i = 1 . . . q A i = 1 . . . q ( C i , T i ) ( C i , T i ) Simulate E k ( . ) Simulate $( . ) 0 / 1 ∆ A ( O 1 ; O 2 ) = | Pr[ A O 1 = 1] − Pr[ A O 2 = 1] | . Adv PRIV ( A ) := ∆ A ( E K ; $) AE Adv PRIV ( q , σ, t ) = max A Adv PRIV ( A ) AE AE t : Time, q : #queries , σ : # blocks in all queries COFB

  5. Introduction Idealized Combined Feedback Construction : iCOFB Specification for COFB Hardware Implimentation Results of COFB Conclusion INT-CTXT Security for Integrity E k ( · ) V k ( · ) ( N ∗ j , A ∗ j , C ∗ j , T ∗ j ) ( N i , A i , M i ) i = 1 . . . q e A j = 1 . . . q f forge attempts ( C i , T i ) 0 / 1 A forges if ∃ ( N ∗ j , A ∗ j , C ∗ j , T ∗ j ) ∋ V k ( N ∗ j , A ∗ j , C ∗ j , T ∗ j ) = 1 AE ( A ) := Pr [ A E k forges ] Adv INT Adv INT AE (( q e , q f ) , ( σ e , σ f ) , t ) = max A Adv INT AE ( A ) COFB

  6. Introduction Idealized Combined Feedback Construction : iCOFB Motivation Specification for COFB Idealized Combined-Feedback Authenticated Encryption : iCOFB Hardware Implimentation Results of COFB Security of iCOFB Conclusion Introduction 1 Idealized Combined Feedback Construction : iCOFB 2 Motivation Idealized Combined-Feedback Authenticated Encryption : iCOFB Security of iCOFB Specification for COFB 3 Hardware Implimentation Results of COFB 4 Conclusion 5 COFB

  7. Introduction Idealized Combined Feedback Construction : iCOFB Motivation Specification for COFB Idealized Combined-Feedback Authenticated Encryption : iCOFB Hardware Implimentation Results of COFB Security of iCOFB Conclusion Current State of the Art Structural Properties Schemes CLOC-SILC AES-JAMBU iFEED State 2n + k 1.5n + k 3n + k 1 1 Rate 1 2 2 Yes Yes (integrity only) Yes (wrong) Proofs Here n is the blocksize of blockcipher COFB

  8. Introduction Idealized Combined Feedback Construction : iCOFB Motivation Specification for COFB Idealized Combined-Feedback Authenticated Encryption : iCOFB Hardware Implimentation Results of COFB Security of iCOFB Conclusion Main Idea and Motivation Behind the Construction Very small cipher state Provably Security in terms of both Privacy and Integrity COFB

  9. Introduction Idealized Combined Feedback Construction : iCOFB Motivation Specification for COFB Idealized Combined-Feedback Authenticated Encryption : iCOFB Hardware Implimentation Results of COFB Security of iCOFB Conclusion Introduction 1 Idealized Combined Feedback Construction : iCOFB 2 Motivation Idealized Combined-Feedback Authenticated Encryption : iCOFB Security of iCOFB Specification for COFB 3 Hardware Implimentation Results of COFB 4 Conclusion 5 COFB

  10. Introduction Idealized Combined Feedback Construction : iCOFB Motivation Specification for COFB Idealized Combined-Feedback Authenticated Encryption : iCOFB Hardware Implimentation Results of COFB Security of iCOFB Conclusion iCOFB Construction Generic Combined Feedback Mode Instantiated by COFB AE scheme Easy to Understand COFB COFB

  11. Introduction Idealized Combined Feedback Construction : iCOFB Motivation Specification for COFB Idealized Combined-Feedback Authenticated Encryption : iCOFB Hardware Implimentation Results of COFB Security of iCOFB Conclusion iCOFB Construction 0 n X [1] X [2] X [3] X [4] R N,A, (0 , 0) R N,A, (1 , 0) R N,A, (2 , 0) R N,A, (3 , 0) R N,A, (4 , 1) Y [0] Y [1] Y [2] Y [3] M [1] ρ M [2] ρ M [3] ρ M [4] ρ Y [4] C [1] C [2] C [3] C [4] Powered by TCPDF (www.tcpdf.org) R N , A , ( a , b ) : Tweakable random function ∀ N , A , ( a , b ), R N , A , ( a , b ) : B → B COFB

  12. Introduction Idealized Combined Feedback Construction : iCOFB Motivation Specification for COFB Idealized Combined-Feedback Authenticated Encryption : iCOFB Hardware Implimentation Results of COFB Security of iCOFB Conclusion iCOFB Construction 0 n X [1] X [2] X [3] X [4] R N,A, (0 , 0) R N,A, (1 , 0) R N,A, (2 , 0) R N,A, (3 , 0) R N,A, (4 , 1) Y [0] Y [1] Y [2] Y [3] ρ ρ ρ ρ Y [4] M [1] M [2] M [3] M [4] C [1] C [2] C [3] C [4] Powered by TCPDF (www.tcpdf.org) ρ : Linear Feedback Function COFB

  13. Introduction Idealized Combined Feedback Construction : iCOFB Motivation Specification for COFB Idealized Combined-Feedback Authenticated Encryption : iCOFB Hardware Implimentation Results of COFB Security of iCOFB Conclusion iCOFB Construction 0 n X [1] X [2] X [3] X [4] R N,A, (0 , 0) R N,A, (1 , 0) R N,A, (2 , 0) R N,A, (3 , 0) R N,A, (4 , 1) Y [0] Y [1] Y [2] Y [3] M [1] ρ M [2] ρ M [3] ρ M [4] ρ Y [4] C [1] C [2] C [3] C [4] Powered by TCPDF (www.tcpdf.org) CT = ( C [1] , C [2] , C [3] , C [4]), Tag = Y [4] COFB

  14. Introduction Idealized Combined Feedback Construction : iCOFB Motivation Specification for COFB Idealized Combined-Feedback Authenticated Encryption : iCOFB Hardware Implimentation Results of COFB Security of iCOFB Conclusion Linear Feedback Function : ρ ′ For ρ : B × B → B × B , ∃ ρ Correctness Condition for encryption, ′ ( Y , C ) = ( X , M ) ∀ Y , M ∈ B , ρ ( Y , M ) = ( X , C ) ⇒ ρ ρ ensures given ( Y , C ): M should be uniquely computable � G � � I + G � I ′ = I Example : ρ = , ρ , G is invertible I I I I COFB

  15. Introduction Idealized Combined Feedback Construction : iCOFB Motivation Specification for COFB Idealized Combined-Feedback Authenticated Encryption : iCOFB Hardware Implimentation Results of COFB Security of iCOFB Conclusion ′ ρ and ρ ρ : During Encryption � X [ i ] � � E 1 , 1 � � Y [ i − 1] � E 1 , 2 = C [ i ] E 2 , 1 E 2 , 2 M [ i ] If ρ Satisfies the correctness condition then E 2 , 2 must be inv ′ : During Decryption ρ � X [ i ] � � D 1 , 1 � � Y [ i − 1] � D 1 , 2 = M [ i ] D 2 , 1 D 2 , 2 C [ i ] D 1 , 1 = E 1 , 1 + E 1 , 2 . E − 1 2 , 2 . E 2 , 1 , D 1 , 2 = E 1 , 2 D 2 , 1 = E − 1 2 , 2 . E 2 , 1 , D 2 , 2 = E − 1 2 , 2 ρ is Valid if both ( C 1) E 2 , 1 , ( C 2) D 1 , 2 and ( C 3) D 1 , 1 invertible COFB

  16. Introduction Idealized Combined Feedback Construction : iCOFB Motivation Specification for COFB Idealized Combined-Feedback Authenticated Encryption : iCOFB Hardware Implimentation Results of COFB Security of iCOFB Conclusion Introduction 1 Idealized Combined Feedback Construction : iCOFB 2 Motivation Idealized Combined-Feedback Authenticated Encryption : iCOFB Security of iCOFB Specification for COFB 3 Hardware Implimentation Results of COFB 4 Conclusion 5 COFB

  17. Introduction Idealized Combined Feedback Construction : iCOFB Motivation Specification for COFB Idealized Combined-Feedback Authenticated Encryption : iCOFB Hardware Implimentation Results of COFB Security of iCOFB Conclusion Privacy and Authencity for iCOFB ( C 2) ⇒ ∀ Y , C � = C ′ , D 1 , 1 . Y + D 1 , 2 . C � = D 1 , 1 . Y + D 1 , 2 . C ′ ( C 3) ⇒ ρ is invertible (for correctness E − 1 2 , 2 is invertible). Hence, ← B : D 1 , 1 . Y + D 1 , 2 . C = X ] = 2 − n , ∀ ( C , X ) ∈ B 2 $ Pr[ Y Theorem If ρ is valid then for adversary A making q encryption queries and q f forging attempts having at most ℓ f many blocks, we have iCOFB ( A ) ≤ q f ( ℓ f + 1) Adv priv Adv auth iCOFB ( A ) = 0 , . 2 n COFB

  18. Introduction Idealized Combined Feedback Construction : iCOFB Underlying Mathematical Components for COFB Specification for COFB Security Bounds Hardware Implimentation Results of COFB Properties Conclusion Introduction 1 Idealized Combined Feedback Construction : iCOFB 2 Specification for COFB 3 Underlying Mathematical Components for COFB Security Bounds Properties Hardware Implimentation Results of COFB 4 Conclusion 5 COFB

  19. Introduction Idealized Combined Feedback Construction : iCOFB Underlying Mathematical Components for COFB Specification for COFB Security Bounds Hardware Implimentation Results of COFB Properties Conclusion Design Rationale and Challenges COFB : An instantiation of iCOFB Instatiation of iCOFB is possible by standard method (like XE mode) But results in 2 state memories Here, we considered half tweak (only Half-bit mask) Sufficient for standard security bound The proof for COFB is not the same as XE based iCOFB Proof based on specific design (w/o iCOFBs security bound) COFB

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure

Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure

Introduction Specification for COFB Hardware Implementation Results of COFB-AES Conclusions References Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure Platform laboratories, Japan) Tetsu Iwata

470 views • 35 slides
New Blockcipher Modes of Operation with Beyond the Birthday Bound Security Tetsu Iwata

New Blockcipher Modes of Operation with Beyond the Birthday Bound Security Tetsu Iwata

New Blockcipher Modes of Operation with Beyond the Birthday Bound Security Tetsu Iwata Ibaraki University March 17, 2006 Fast Software Encryption, FSE 2006, Graz, Austria, March 1517, 2006 Blockcipher Modes Algorithms

1.42k views • 30 slides
Design approach to efficient blockcipher modes Kazuhiko Minematsu, NEC Corporation The Fourth

Design approach to efficient blockcipher modes Kazuhiko Minematsu, NEC Corporation The Fourth

Design approach to efficient blockcipher modes Kazuhiko Minematsu, NEC Corporation The Fourth Asian Workshop on Symmetric Key Cryptography, 19%22, December 2014, SETS Chennai, India 1 Introduction Blockcipher mode : turning a blockcipher

702 views • 59 slides
Salvaging Weak Security Bounds for Blockcipher-based Constructions Thomas Shrimpton (University

Salvaging Weak Security Bounds for Blockcipher-based Constructions Thomas Shrimpton (University

Salvaging Weak Security Bounds for Blockcipher-based Constructions Thomas Shrimpton (University of Florida) Seth Terashima (Qualcomm Technologies, inc.) What weak bounds? ...from encrypting lots of data Intel Hardware RNG: Single-machine

246 views • 23 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
The 128-bit Blockcipher CLEFIA Taizo Shirai 1 , Kyoji Shibutani 1 , Toru Akishita 1 Shiho

The 128-bit Blockcipher CLEFIA Taizo Shirai 1 , Kyoji Shibutani 1 , Toru Akishita 1 Shiho

The 128-bit Blockcipher CLEFIA Taizo Shirai 1 , Kyoji Shibutani 1 , Toru Akishita 1 Shiho Moriai 1 , Tetsu Iwata 2 1 Sony Corporation 2 Nagoya University Direction for designing a new blockcipher Priority for Choosing an algorithm 1.

464 views • 19 slides
Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with Fast Software Encryption Conference 2017 1 Joan Daemen 1 , 2 Guido Bertoni 1 , Michal Peeters 1 , Gilles Van Assche 1 and Ronny Van Keer 1 1

855 views • 30 slides
Minimum Blockcipher Calls for Block cipher based Designs Mridul Nandi Indian Statistical

Minimum Blockcipher Calls for Block cipher based Designs Mridul Nandi Indian Statistical

Minimum Blockcipher Calls for Block cipher based Designs Mridul Nandi Indian Statistical Institute, Kolkata mridul@isical.ac.in 30th Sept, ASK-2015, NTU, Singapore Symmetric Key Primitives Distinguishing Game Distinguishing a real keyed

588 views • 33 slides
Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata

Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata

Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata Nagoya University iwata@cse.nagoya-u.ac.jp ESC, Echternach Symmetric Crypto seminar January 11, 2008 Blockcipher plaintext M

576 views • 40 slides
Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan Daemen 1 , Michal Peeters 2 , and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. While mainstream symmetric cryptography has

519 views • 12 slides
Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata

Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata

Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata Nagoya University iwata@cse.nagoya-u.ac.jp Africacrypt 2008, Casablanca, Morocco June 11, 2008 Blockcipher plaintext M key K E

720 views • 37 slides
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko Brent Waters Roots of Attribute-Based Encryption Moving beyond Public Key Encryption: CEO Manager 1 Manager 2 Bob

341 views • 19 slides
Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment Functional encryption Shared coin flips Fully-homomorphic encryption APPLICATIONS AND PROTOCOLS Threshold cryptography Searchable

399 views • 11 slides
A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky

A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky

A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky INRIA / ENS, Paris Lattice-Based Crypto & Applications 1 Bar-Ilan University, Israel 2012 Lattice-Based Encryption Schemes 1. NTRU [Hoffstein,

849 views • 47 slides
PAEQ: Parallelizable Permutation-based Authenticated Encryption Alex Biryukov and Dmitry

PAEQ: Parallelizable Permutation-based Authenticated Encryption Alex Biryukov and Dmitry

PAEQ: Parallelizable Permutation-based Authenticated Encryption Alex Biryukov and Dmitry Khovratovich University of Luxembourg 12 October 2014 Authenticated encryption Simple encryption If you just want to protect confidentiality of your

991 views • 32 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Optimal three-treatment response-adaptive designs for phase III clinical trials with binary

Optimal three-treatment response-adaptive designs for phase III clinical trials with binary

Optimal three-treatment response-adaptive designs for phase III clinical trials with binary responses Atanu Biswas Indian Statistical Institute, Kolkata, India atanu@isical.ac.in Saumen Mandal University of Manitoba, Winnipeg, Canada saumen

173 views • 14 slides
Stability of INEX 2007 Evaluation Measures Sukomal Pal Mandar Mitra Arnab Chakraborty { sukomal

Stability of INEX 2007 Evaluation Measures Sukomal Pal Mandar Mitra Arnab Chakraborty { sukomal

Stability of INEX 2007 Evaluation Measures Sukomal Pal Mandar Mitra Arnab Chakraborty { sukomal r, mandar } @isical.ac.in arnabc@stanfordalumni.org Information Retrieval Lab, CVPR Unit Indian Statistical Institute Kolkata - 700108, India. ISI

674 views • 35 slides
Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul

Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul

ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul Nandi Indian

364 views • 20 slides
Building Trust: facilitating Data Use and Reuse Prof. Devika P. Madalli Indian Statistical

Building Trust: facilitating Data Use and Reuse Prof. Devika P. Madalli Indian Statistical

Building Trust: facilitating Data Use and Reuse Prof. Devika P. Madalli Indian Statistical Institute, India devika@drtc.isibang.ac.in Session 5B: ICRI 2018, 12-14 th September, Vienna Data by itself may not convey much Data is used as basis for

316 views • 12 slides
Tools for Symmetric Key Provable Security Mridul Nandi Indian Statistical Institute, Kolkata ASK

Tools for Symmetric Key Provable Security Mridul Nandi Indian Statistical Institute, Kolkata ASK

Probability in Cryptography Two Tools: H-Coefficient and 2 Some Constructions and Applications Tools for Symmetric Key Provable Security Mridul Nandi Indian Statistical Institute, Kolkata ASK Workshop, Changsha 10 Dec. 2017 1 / 72

1.48k views • 71 slides
On Dihedral Group Invariant Boolean Functions (Extended Abstract) Subhamoy Maitra 1 Sumanta

On Dihedral Group Invariant Boolean Functions (Extended Abstract) Subhamoy Maitra 1 Sumanta

Motivation Our Results/Contribution Summary On Dihedral Group Invariant Boolean Functions (Extended Abstract) Subhamoy Maitra 1 Sumanta Sarkar 1 Deepak Kumar Dalai 2 1 Applied Statistics Unit Indian Statistical Institute, Kolkata. 2 Project

1.16k views • 87 slides
Using Negative Information in Search Sauparna Palchowdhury Sukomal Pal Mandar Mitra Indian

Using Negative Information in Search Sauparna Palchowdhury Sukomal Pal Mandar Mitra Indian

Using Negative Information in Search Sauparna Palchowdhury Sukomal Pal Mandar Mitra Indian Statistical Institute 203 B T Road, Kolkata 700108 West Bengal, India February 18, 2011 Introduction Problem Verbose queries give users more

341 views • 20 slides
A generalization of unitaries T. S. S. R. K. Rao StatMath Unit Indian Statistical Institute

A generalization of unitaries T. S. S. R. K. Rao StatMath Unit Indian Statistical Institute

A generalization of unitaries T. S. S. R. K. Rao StatMath Unit Indian Statistical Institute R. V. College P.O. Bangalore 560059, India, E-mail : tss@isibang.ac.in Abstract: In this talk we give a new geometric generalization of the notion

504 views • 16 slides

More recommend