• Corpus ID: 9957827

A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation

@inproceedings{Bellare1997ACS,
  title={A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation},
  author={Mihir Bellare and Anand Desai and E. Jokipii and Phillip Rogaway},
  booktitle={FOCS 1997},
  year={1997}
}
We study notions and schemes for symmetric (ie. [] Key Method Next we provide concrete security analyses of methods to encrypt using a block cipher, including the most popular encryption method, CBC. We establish tight bounds (meaning matching upper bounds and attacks) on the success of adversaries as a function of their resources. Dept. of Computer Science & Engineering, University of California at San Diego, 9500 Gilman Drive, La Jolla, CA 92093, USA. E-Mail: fmihir; adesai; ejg@cs.ucsd.edu. URL: http…

Figures from this paper

Complete characterization of security notions for probabilistic private-key encryption
TLDR
This work investigates the relation between notions of security for symmetric (private) key encryption and constructs a complete hierarchy of private-key security notions indicating equivalences, separations, and incomparabilities.
Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation
TLDR
This work presents definitions of a new notion of security for private-key encryption called encryption unforgeability which captures an adversary's inability to generate valid ciphertexts and presents and analyzes a new mode of encryption, RPC, which is unforgeable in the strongest sense.
Notions and relations for RKA-secure permutation and function families
TLDR
The first part of the paper shows that secure tweakable permutation families in the sense of strong pseudorandom permutation (SPRP) can be transformed into secure permutations families inThe sense of SPRP against some classes of RKA (SP RP–RKA) and other security notions for RKA-secure block ciphers are defined.
Relations among Notions of Security for Public-Key Encryption Schemes
TLDR
The goals of privacy and non-malleability are considered, each under chosen plaintext attack and two kinds of chosen ciphertext attack, and a new definition of non-Malleability is proposed which the author believes is simpler than the previous one.
Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem
TLDR
It is suggested that key-wrap's goal is security in the sense of deterministic authenticated-encryption (DAE), and it is shown that a DAE scheme with a vector-valued header, such as SIV, directly realizes this goal.
Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption
TLDR
It is argued that the best way to prevent all of these attacks is to insist on integrity of ciphertexts in addition to semantic security as the “proper” notion of privacy for symmetric encryption schemes.
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
TLDR
This work considers two possible notions of authenticity for authenticated encryption schemes, namely integrity of plaintexts and integrity of ciphertexts, and relates them to the standard notions of privacy IND-CCA and NM-CPA by presenting implications and separations between all notions considered.
Constructing VIL-MACsfrom FIL-MACs: Message Authentication under Weakened Assumptions
TLDR
This paper considers the design of iterated MACs under the (minimal) assumption that the given FIL primitive is itself a MAC, and looks at three popular transforms, namely CBC, Feistel and the Merkle-Damgard method, and shows that each preserves unforgeability.
Security Analysis of Signcryption Scheme from q-Di ffi e-Hellman Problems ∗
  • C. Tan
  • Computer Science, Mathematics
  • 2005
TLDR
The Libert-Quisquater’s q-DH signcryption scheme proposed in SCN’2004 is analysed and it is shown that the semantically secure symmetric encryption scheme defined in their paper is not sufficient to guarantee their signc encryption scheme to be secure against adaptive chosen ciphertext attacks.
Stateful public-key cryptosystems: how to encrypt with one 160-bit exponentiation
TLDR
This work presents stateful versions of the DHIES and Kurosawa-Desmedt schemes that each use only 1 exponentiation to encrypt, yielding the fastest discrete-log based public-key encryption schemes known in the random-oracle and standard models respectively.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 25 REFERENCES
Optimal Asymmetric Encryption-How to Encrypt with RSA
TLDR
A slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which the adversary knows the corresponding plaintexts, and is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack.
The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin
TLDR
An RSA-based signing scheme which combines essentially optimal efficiency with attractive security properties and a second scheme which maintains all of the above features and in addition provides message recovery is provided.
An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information
TLDR
This paper introduces the first probabilistic public-key encryption scheme which combines the following two properties: perfect secrecy with respect to polynomial time eavesdroppers and effectiveness in both encoding and decoding time and bandwidth expansion.
Pubic Randomness in Cryptography
The main contribution of this paper is the introduction of a formal notion of public randomness in the context of cryptography. We show how this notion affects the definition of the security of a
Advances in cryptology--CRYPTO '91 : proceedings
TLDR
This work focuses on the design and analysis of protocols for access control in distributed systems, and the shared generation of authenticators and signatures in public Cryptosystems.
The Security of Cipher Block Chaining
TLDR
This work provides its first formal justification, showing the following general lemma: that cipher block chaining a pseudorandom function gives a Pseudo-Cipher Block Chaining function.
XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions
We describe a new approach for authenticating a message using a finite pseudorandom function (PRF). Our "XOR MACs" have several nice features, including parallelisability, incrementality, and
Public-key cryptosystems provably secure against chosen ciphertext attacks
We show how to construct a public-key cryptosystem (as originally defined by DiNe and Hellman) secure against chosen ciphertezt attacks, given a public-key cryptosystern secure against passive
Pseudorandom functions revisited: the cascade construction and its concrete security
TLDR
The authors investigate new ways of designing pseudorandom function families, and propose the cascade construction, and provide a concrete security analysis which relates the strength of the cascade to that of the underlying finite pseudOrandom function family in a precise and quantitative way.
Security preserving amplification of hardness
The task of transforming a weak one-way function (which may be easily inverted on all but a polynomial fraction of the range) into a strong one-way function (which can be easily inverted only on a
...
1
2
3
...