Results 11  20
of
22
Robust authenticatedencryption: AEZ and the problem that it solves
, 2014
"... Abstract. With a scheme for robust authenticatedencryption a user can select an arbitrary value λ ≥ 0 and then encrypt a plaintext of any length into a ciphertext that’s λ characters longer. The scheme must provide all the privacy and authenticity possible for the requested λ. We formalize and inve ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Abstract. With a scheme for robust authenticatedencryption a user can select an arbitrary value λ ≥ 0 and then encrypt a plaintext of any length into a ciphertext that’s λ characters longer. The scheme must provide all the privacy and authenticity possible for the requested λ. We formalize and investigate this idea, and construct a welloptimized solution, AEZ, from the AES round function. Our scheme encrypts strings at almost the same rate as OCBAES or CTRAES (on Haswell, AEZ has a peak speed of about 0.7 cpb). To accomplish this we employ an approach we call accelerated provable security: the scheme is designed and proven secure in the provablesecurity tradition, but, to improve speed, one instantiates by scaling down most instances of the underlying primitive. Keywords:AEZ, arbitraryinput blockciphers, authenticated encryption, robust AE, misuse resistance,
On Message Integrity in Symmetric Encryption
, 2000
"... Distinct notions of message integrity (authenticity) for blockoriented symmetric encryption are defined by integrity goals to be achieved in the face of different types of attacks. These notions are partially ordered by a "dominance" relation. When chosenplaintext attacks are considered, ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Distinct notions of message integrity (authenticity) for blockoriented symmetric encryption are defined by integrity goals to be achieved in the face of different types of attacks. These notions are partially ordered by a "dominance" relation. When chosenplaintext attacks are considered, most integrity goals form a lattice. The lattice is extended when knownplaintext and ciphertextonly attacks are also included. The practical use of the dominance relation and lattice in defining the relative strength of different integrity notions is illustrated with common modes of encryption, such as the "infinite garble extension" modes, and simple, noncryptographic, manipulation detection code functions, such as bitwise exclusiveor and constant functions.
FNR: Arbitrary length small domain block cipher proposal
"... Abstract. We propose a practical flexible (or arbitrary) length small domain block cipher, FNR encryption scheme. FNR denotes Flexible Naor and Reingold. It can cipher small domain data formats like IPv4, Port numbers, MAC Addresses, Credit card numbers, any random short strings while preserving the ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a practical flexible (or arbitrary) length small domain block cipher, FNR encryption scheme. FNR denotes Flexible Naor and Reingold. It can cipher small domain data formats like IPv4, Port numbers, MAC Addresses, Credit card numbers, any random short strings while preserving their input length. In addition to the classic Feistel networks, Naor and Reingold propose usage of Pairwise independent permutation (PwIP) functions based on Galois Field GF(2n). Instead we propose usage of random N×N Invertible matrices in GF(2).
A Synopsis of FormatPreserving Encryption
 UNPUBLISHED MANUSCRIPT
, 2010
"... Formatpreserving encryption (FPE) encrypts a plaintext of some specified format into a ciphertext of the same format—for example, encrypting a socialsecurity number into a socialsecurity number. In this survey we describe FPE and review known techniques for achieving it. These include FFX, a rece ..."
Abstract
 Add to MetaCart
Formatpreserving encryption (FPE) encrypts a plaintext of some specified format into a ciphertext of the same format—for example, encrypting a socialsecurity number into a socialsecurity number. In this survey we describe FPE and review known techniques for achieving it. These include FFX, a recent proposal made to NIST.
Privatekey symbolic . . .
"... Symbolic encryption, in the style of DolevYao models, is ubiquitous in formal security analysis aiming at the automated verification of network protocols. The naïve use of symbolic encryption, however, may unnecessarily require an expensive construction: an arbitrarylength encryption scheme that i ..."
Abstract
 Add to MetaCart
Symbolic encryption, in the style of DolevYao models, is ubiquitous in formal security analysis aiming at the automated verification of network protocols. The naïve use of symbolic encryption, however, may unnecessarily require an expensive construction: an arbitrarylength encryption scheme that is private and nonmalleable in an adaptive CCACPA setting. Most of the time, such assumptions remain hidden and rather symbolic encryption is instantiated with a seemingly “good ” cryptographic encryption, such as AES in the CBC configuration. As an illustration of this problem, we first report new attacks on ECB and CBC based implementations of the wellknown NeedhamSchroeder and DenningSacco protocols. We then present a few symbolic encryption schemes along with their cryptographic semantics, and prove the hierarchical relations between the proposed schemes from both cryptographic and formal perspectives. These symbolic schemes can be seamlessly used in many existing formal security models.
Ciphers with Arbitrary Finite Domains
, 2000
"... We introduce the problem of enciphering members of a nite set M where k = jMj is arbitrary (in particular, it need not be a power of two). We want to achieve this goal starting from a block cipher (which requires a message space of size N = 2 n , for some n). We look at a few solutions to this ..."
Abstract
 Add to MetaCart
We introduce the problem of enciphering members of a nite set M where k = jMj is arbitrary (in particular, it need not be a power of two). We want to achieve this goal starting from a block cipher (which requires a message space of size N = 2 n , for some n). We look at a few solutions to this problem, focusing on the case when M = f0; 1; : : : ; k 1g. We see ciphers with arbitrary domains as a useful primitive for making bitecient higherlevel protocols. They seem to be particularly useful for passwordbased authentication protocols.
Efficient Fuzzy Search on Encrypted Data
, 2014
"... We study the problem of efficient (sublinear) fuzzy search on encrypted outsourced data, in the symmetrickey setting. In particular, a user who stores encrypted data on a remote untrusted server forms queries that enable the server to efficiently locate the records containing the requested ..."
Abstract
 Add to MetaCart
(Show Context)
We study the problem of efficient (sublinear) fuzzy search on encrypted outsourced data, in the symmetrickey setting. In particular, a user who stores encrypted data on a remote untrusted server forms queries that enable the server to efficiently locate the records containing the requested
unknown title
, 2000
"... nonces or redundancy in plaintexts for efficient cryptography ..."
(Show Context)
Contents
, 2007
"... Given (deterministic) ciphers E and E that can encipher messages of l and n bits, respectively, we construct a cipher E ∗ = XLS[E, E] that can encipher messages of l + s bits for any s < n. Enciphering such a string will take one call to E and two calls to E. We prove that E ∗ is a strong pseudo ..."
Abstract
 Add to MetaCart
(Show Context)
Given (deterministic) ciphers E and E that can encipher messages of l and n bits, respectively, we construct a cipher E ∗ = XLS[E, E] that can encipher messages of l + s bits for any s < n. Enciphering such a string will take one call to E and two calls to E. We prove that E ∗ is a strong pseudorandom permutation as long as E and E are. Our construction works even in the tweakable and VIL (variableinputlength) settings. It makes use of a multipermutation (a pair of orthogonal Latin squares), a combinatorial object not previously used to get a provablesecurity result.
Certified by........................................................................
, 2001
"... 2 A Study of LubyRackoff Ciphers ..."
(Show Context)