different features of elmd eme based authenticated
play

Different Features of ELmD, EME Based Authenticated Encryption - PowerPoint PPT Presentation

Aug 18, 2022 •154 likes •364 views

ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul Nandi Indian

  1. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata August 24, 2014 DIAC, UCSB Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  2. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Outline 1 ELmD Authenticated Encryption Scheme 2 EME based Authenticated Encryption Schemes 3 Comparative Study of ELmD with other EME based AEs Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  3. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Design Structure of ELmD 1 Process Associated Data in PMAC like structure. 2 Process Message in the paradigm of Encrypt-Mix-Encrypt (e.g., COPA). 3 Expand the plaintext by applying checksum (xor of all message blocks). This leads ciphertext expansion. Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  4. b b b b b b ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs ELmD AE Scheme: Processing of AD D [1] D [0] D [ d ] = D ∗ [ d ] || 10 ∗ D [0] D [ d ] = D ∗ [ d ] D [1] 2 d − 1 · 3 L 7 · 2 d − 2 · 3 L 3 L 2 · 3 L 3 L 2 · 3 L E K E K E K E K E K E K Z [0] Z [1] Z [ d ] Z [ d ] Z [0] Z [1] W ′ [1] W ′ [2] W ′ [ d ] W ′ [1] W ′ [2] W ′ [ d ] IV IV ρ ρ ρ ρ ρ ρ 0 0 Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  5. b b b b b b ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs ELmD AE Scheme: Processing of Plaintext M [ l ] M [ l + 1] M [1] M [2] M [ it ] 2 it − 1 L 2 L 2 l − 1 L 2 l L L E K E K E K E K E K X [ l ] X [ l + 1] X [1] X [ it ] X [2] W [ it − 1] W [ l − 1] W [1] W [2] W [ it ] W [ l ] ρ ρ ρ ρ ρ IV Y [2] Y [ it ] Y [1] 0 127 1 E − 1 E − 1 E − 1 E − 1 E − 1 K K K K K E − 1 K 3 2 2 L 3 2 2 it + i L 3 2 L 3 2 2 it + i − 1 L 3 2 2 l + h − 1 L C [1] C [2] C [ it ] T [ i ] C [ l ] 3 2 2 l + h L C [ l + 1] Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  6. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Description of ρ function X W ′ = X + αW W ρ Y = X + ( α + 1) W Used to provide online linear mix function Y [ j ] = X [ j ]+( α +1) X [ j − 1]+ . . . + α j − 2 ( α +1) X [1]+ α j − 1 ( α +1) IV Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  7. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Parameters of ELmD 1 We use AES as a blockcipher E K in the second layer. However, we make a choice of 5 or ten rounds of AES in the first layer. 2 We have provisions of intermediate tag (if required). 3 Instead of having exactly 128 bit final tags, we can provide up to 255 bits tag (so that ciphertext size is multiple of 128). This helps in faster decryption and verification in hardware. Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  8. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Proposed Modification on Padding Rule Submitted Padding Rule � ( M ∗ [ l ] || 10 ∗ ) if | M ∗ [ l ] | � = 128 M [ l ] = M ∗ [ l ] else ⊕ l M [ l + 1] = i =1 M [ i ] Proposed Modification � ( M ∗ [ l ] || 10 ∗ ) ⊕ ( ⊕ l − 1 i =1 M [ i ]) if | M ∗ [ l ] | � = 128 M [ l ] = M ∗ [ l ] ⊕ ( ⊕ l − 1 i =1 M [ i ]) else M [ l + 1] = M [ l ] Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  9. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Security Claim Goal ELmD (rd 1 , rd 2 ) , 0 , f ELmD (rd 1 , rd 2 ) , 127 , f confidentiality 62.8 62.8 integrity 62.4 62.3 Table: Table quantifying, for each of the recommended parameter sets, the intended number of bits of security : Here ((rd 1 , rd 2 ) , f) ∈ { ((10 , 10) , 0) , ((10 , 10) , 1) , ((5 , 10) , 0) , ((5 , 10) , 1) } . Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  10. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Security Claim 5 σ 2 Theorem 3.1 : Adv opriv priv ELmD (10 , 10) , 0 , f ( A ) ≤ η ( σ priv ) + . 2 n 6 σ 2 Theorem 3.2 : Adv opriv ELmD (10 , 10) , 127 , f ( A ) ≤ η ( σ priv ) + priv 2 n ELmD (10 , 10) , 0 , f ( A ) ≤ η ( σ auth ) + 9 σ 2 Theorem 3.3 : Adv auth auth . 2 n ELmD (10 , 10) , 127 , f ( A ) ≤ η ( σ auth ) + 11 σ 2 Theorem 3.4 : Adv auth auth 2 n Here η ( i ) denotes the maximum AES advantage over all adversaries, making at most i queries. As full rounds of AES is used, we can assume η ( i ) to be negligible. Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  11. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Properties of EME based AE Schemes Online i th block of ciphertext only depends on the first i blocks of plaintext. Nonce Misuse Resistant Cipher provides online security even if nonce is repeated. Pipeline Implementable As EME is parallel, the ciphers are expected to have the parallel nature and hence pipeline implementable. Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  12. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Examples of other AE Schemes with EME Structure AES-COPA Marble NMR-Deoxys NMR-Joltik NMR-KIASU PRØST-COPA SHELL Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  13. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs No. of primitives used d -block associated data Processing ELmD requires d many block-cipher invocations. l -block message Processing ELmD requires 2 l + 2 many block-cipher invocations. l -block message Processing (final block incomplete) Doesn’t use of XLS or tag splitting. Similar treatment for incomplete, complete blocks and even when the number of blocks is one. Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  14. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Parallelism and Uniformity Processing of Message Similar processing of message for full and incomplete final block messages. Processing of Message and Ciphertext Similar processing for both encryption and decryption. It would help to have low area combined implementation in hardware. Processing of Associated Data Similar processing of associated data. No bottleneck for the last block. Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  15. b b b b b b ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Performance of ELmE Hardware Implementation Enc-Dec Combined hardware implementation area is minimized. J Type δ 1 mask 1 Is complete JJ K[0] RD K[10] R Type W mix Is final S K[10] RD − 1 K[0] QQ Type δ 2 mask 2 Is complete Q Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

  16. ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Limited Buffer Scenario Issues of Limited Buffer Low end devices has limited buffer. It may has to release unverified plaintext during decryption. INT-RUP Security Adversary has access to unverified decryption oracle. OCB, AES-COPA: INT-RUP insecure. Does not work in straightforward manner for ELmD. Solution: Intermediate Tag stops releasing unverified plaintext. Nilanjan Datta and Mridul Nandi Indian Statistical Institute, Kolkata Different Features of ELmD, EME Based Authenticated Encryption

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Universal Forgery and Key Recovery Attacks on ELmD Authenticated Encryption Algorithm Asl Bay 1

Universal Forgery and Key Recovery Attacks on ELmD Authenticated Encryption Algorithm Asl Bay 1

Universal Forgery and Key Recovery Attacks on ELmD Authenticated Encryption Algorithm Asl Bay 1 , O guzhan Ersoy 2 , Ferhat Karako c 1 1 T 2 Bo UB ITAK-B ILGEM-UEKAE gazi ci University ASIACRYPT 2016, Hanoi, VIETNAM 1/27

860 views • 28 slides
Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

PAKE Game-based Security Universal Composability LAKE Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1 David Pointcheval Ecole Normale Sup erieure Game-based Security 2 Universal

927 views • 10 slides
PAEQ: Parallelizable Permutation-based Authenticated Encryption Alex Biryukov and Dmitry

PAEQ: Parallelizable Permutation-based Authenticated Encryption Alex Biryukov and Dmitry

PAEQ: Parallelizable Permutation-based Authenticated Encryption Alex Biryukov and Dmitry Khovratovich University of Luxembourg 12 October 2014 Authenticated encryption Simple encryption If you just want to protect confidentiality of your

991 views • 32 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
IPAKE IPAKE Summary Summary Isomorphisms for Password-based Isomorphisms for Password-based

IPAKE IPAKE Summary Summary Isomorphisms for Password-based Isomorphisms for Password-based

IPAKE IPAKE Summary Summary Isomorphisms for Password-based Isomorphisms for Password-based Authenticated Key Exchange Authenticated Key Exchange Dario Catalano David Pointcheval Password-based CNRS-ENS France Authenticated Key

291 views • 5 slides
AEZ v2 2. Enciphering-based AE 3. Robust-AE 4. Accelerated provable-security Authenticated

AEZ v2 2. Enciphering-based AE 3. Robust-AE 4. Accelerated provable-security Authenticated

1. Why we created AEZ AEZ v2 2. Enciphering-based AE 3. Robust-AE 4. Accelerated provable-security Authenticated Encryption 5. Components FF0 and EME4 by Enciphering 6. AEZ Extensions Viet Tung Hoang Ted Krovetz

721 views • 31 slides
Introduction to Authenticated Encryption Tom Shrimpton Summer School on Real-World Crypto and

Introduction to Authenticated Encryption Tom Shrimpton Summer School on Real-World Crypto and

(A brief, incomplete) Introduction to Authenticated Encryption Tom Shrimpton Summer School on Real-World Crypto and Privacy June 11, 2018 Authenticated Encryption M M Its complicated Probabilistic or deterministic AE? Nonce based AE?

868 views • 47 slides
ALE: AES-Based Lightweight Authenticated Encryption Andrey Bogdanov 1 , Florian Mendel 2 ,

ALE: AES-Based Lightweight Authenticated Encryption Andrey Bogdanov 1 , Florian Mendel 2 ,

ALE: AES-Based Lightweight Authenticated Encryption Andrey Bogdanov 1 , Florian Mendel 2 , Francesco Regazzoni 3,4 , Vincent Rijmen 5 , Elmar Tischhauser 5 1 Technical University of Denmark 2 IAIK, Graz University of Technology, Austria 3 ALaRI -

279 views • 26 slides
Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes C. Dobraunig 1 , M.

Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes C. Dobraunig 1 , M.

Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes C. Dobraunig 1 , M. Eichlseder 1 , T. Korak 1 , V. Lomn e 2 , F. Mendel 1 AsiaCrypt 2016 1 Graz University of Technology, Austria 2 ANSSI, Paris, France

602 views • 27 slides
APE(X): Authenticated Permutation-Based Encryption with Extended Misuse Resistance Atul Luykx

APE(X): Authenticated Permutation-Based Encryption with Extended Misuse Resistance Atul Luykx

APE(X): Authenticated Permutation-Based Encryption with Extended Misuse Resistance Atul Luykx COSIC, KU Leuven August 14, 2013 Joint work with A. Bogdanov, E. Andreeva, B. Mennink, N. Mouha, K. Yasuda 1 / 16 Stateless, Deterministic

198 views • 17 slides
Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan Daemen 1 , Michal Peeters 2 , and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. While mainstream symmetric cryptography has

519 views • 12 slides
AES-Based Authenticated Encryption Modes in Parallel High-Performance Software Andrey Bogdanov

AES-Based Authenticated Encryption Modes in Parallel High-Performance Software Andrey Bogdanov

AES-Based Authenticated Encryption Modes in Parallel High-Performance Software Andrey Bogdanov Martin M. Lauridsen Elmar Tischhauser mmeh @ dtu.dk DTU Compute, Technical University of Denmark DIAC 2014 Santa Barbara, August 24, 2014 Context

540 views • 19 slides
seclab Impersonation Attacks through a Dedicated Bi-directional Authenticated Channel THE

seclab Impersonation Attacks through a Dedicated Bi-directional Authenticated Channel THE

Protecting Web-based Single Sign-on Protocols against Relying Party seclab Impersonation Attacks through a Dedicated Bi-directional Authenticated Channel THE COMPUTER SECURITY GROUP AT UC SANTA BARBARA Yinzhi Cao

704 views • 45 slides
Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ; www.isg.rhul.ac.uk/~kp Motivation for Authenticated Encryption Authenticated Encryption (AE) m 1 m 2 Security goals: Confidentiality and integrity of messages

649 views • 60 slides
On Some Constructions for Authenticated Encryption with Associated Data Palash Sarkar Applied

On Some Constructions for Authenticated Encryption with Associated Data Palash Sarkar Applied

On Some Constructions for Authenticated Encryption with Associated Data Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in (Partially based on joint work with Debrup Chakraborty) Directions

1.01k views • 61 slides
The Evolution of Authenticated Encryption Phillip Rogaway University of California, Davis, USA

The Evolution of Authenticated Encryption Phillip Rogaway University of California, Davis, USA

The Evolution of Authenticated Encryption Phillip Rogaway University of California, Davis, USA Includes joint work with Mihir Bellare, John Black, Ted Krovetz, and Tom Shrimpton DIAC Directions in Authenticated Ciphers 05 July 2012

748 views • 52 slides
Building Trust: facilitating Data Use and Reuse Prof. Devika P. Madalli Indian Statistical

Building Trust: facilitating Data Use and Reuse Prof. Devika P. Madalli Indian Statistical

Building Trust: facilitating Data Use and Reuse Prof. Devika P. Madalli Indian Statistical Institute, India devika@drtc.isibang.ac.in Session 5B: ICRI 2018, 12-14 th September, Vienna Data by itself may not convey much Data is used as basis for

316 views • 12 slides
Generalized Matroid Secretary Problem Sourav Chakraborty (Indian Statistical Institute) Sourav

Generalized Matroid Secretary Problem Sourav Chakraborty (Indian Statistical Institute) Sourav

Generalized Matroid Secretary Problem Sourav Chakraborty (Indian Statistical Institute) Sourav Chakraborty (Indian Statistical Institute) Generalized Matroid Secretary Problem The Art of Selling a Car Want to sell my car. Sourav Chakraborty

984 views • 80 slides
Quantitative estimates of a drainage network model Rahul Roy Indian Statistical Institute, New

Quantitative estimates of a drainage network model Rahul Roy Indian Statistical Institute, New

Quantitative estimates of a drainage network model Rahul Roy Indian Statistical Institute, New Delhi joint work with Kumarjit Saha and Anish Sarkar. Hurst exponent A river basin network is an anisotropic system defined by a longitudinal length

453 views • 42 slides
Improving IR performance from OCRed text using cooccurrence RISOT 2012 Kripabandhu Ghosh and

Improving IR performance from OCRed text using cooccurrence RISOT 2012 Kripabandhu Ghosh and

Improving IR performance from OCRed text using cooccurrence RISOT 2012 Kripabandhu Ghosh and Anirban Chakraborty Indian Statistical Institute Kolkata, India Kripabandhu GhoshandAnirban Chakraborty Indian Statistical Institute Improving IR

697 views • 22 slides
Stability of INEX 2007 Evaluation Measures Sukomal Pal Mandar Mitra Arnab Chakraborty { sukomal

Stability of INEX 2007 Evaluation Measures Sukomal Pal Mandar Mitra Arnab Chakraborty { sukomal

Stability of INEX 2007 Evaluation Measures Sukomal Pal Mandar Mitra Arnab Chakraborty { sukomal r, mandar } @isical.ac.in arnabc@stanfordalumni.org Information Retrieval Lab, CVPR Unit Indian Statistical Institute Kolkata - 700108, India. ISI

674 views • 35 slides
Optimal three-treatment response-adaptive designs for phase III clinical trials with binary

Optimal three-treatment response-adaptive designs for phase III clinical trials with binary

Optimal three-treatment response-adaptive designs for phase III clinical trials with binary responses Atanu Biswas Indian Statistical Institute, Kolkata, India atanu@isical.ac.in Saumen Mandal University of Manitoba, Winnipeg, Canada saumen

173 views • 14 slides
Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian

Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian

Introduction Idealized Combined Feedback Construction : iCOFB Specification for COFB Hardware Implimentation Results of COFB Conclusion Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian Statistical

457 views • 35 slides
Tools for Symmetric Key Provable Security Mridul Nandi Indian Statistical Institute, Kolkata ASK

Tools for Symmetric Key Provable Security Mridul Nandi Indian Statistical Institute, Kolkata ASK

Probability in Cryptography Two Tools: H-Coefficient and 2 Some Constructions and Applications Tools for Symmetric Key Provable Security Mridul Nandi Indian Statistical Institute, Kolkata ASK Workshop, Changsha 10 Dec. 2017 1 / 72

1.48k views • 71 slides

More recommend