Anand Desai scite author profile

We study notions and schemes for symmetric ie. private key encryption in a concrete security framework.We give four di erent notions of security against chosen plaintext attack and analyze the concrete complexity o f reductions among them, providing both upper and lower bounds, and obtaining tight relations. In this way w e classify notions even though polynomially reducible to each other as stronger or weaker in terms of concrete security.Next we provide concrete security analyses of methods to encrypt using a block cipher, including the most popular encryption method, CBC. We establish tight bounds meaning matching upper bounds and attacks on the success of adversaries as a function of their resources.

show abstract

Relations among notions of security for public-key encryption schemes

Bellare

et al. 1998

View full text Add to dashboard Cite

Abstract. We compare the relative strengths of popular notions of security for public key encryption schemes. We consider the goals of privacy and non-malleability, each under chosen plaintext attack and two kinds of chosen ciphertext attack. For each of the resulting pairs of definitions we prove either an implication (every scheme meeting one no~ion must meet the other) or a separation (there is a scheme meeting one notion but not the other, assuming the first notion can be met at all). We similaxly treat plaintext awareness, a notion of security in the random oracle model. An additional contribution of this paper is a new definition of non-malleability which we believe is simpler than the previous one.

show abstract

Key-Privacy in Public-Key Encryption

Bellare

Boldyreva

Desai³

et al. 2001

330

315

View full text Add to dashboard Cite

We consider a novel security requirement of encryption schemes that we call "key-privacy" or "anonymity". It asks that an eavesdropper in possession of a ciphertext not be able to tell which specific key, out of a set of known public keys, is the one under which the ciphertext was created, meaning the receiver is anonymous from the point of view of the adversary. We investigate the anonymity of known encryption schemes. We prove that the El Gamal scheme provides anonymity under chosen-plaintext attack assuming the Decision Diffie-Hellman problem is hard and that the Cramer-Shoup scheme provides anonymity under chosen-ciphertext attack under the same assumption. We also consider anonymity for trapdoor permutations. Known attacks indicate that the RSA trapdoor permutation is not anonymous and neither are the standard encryption schemes based on it. We provide a variant of RSA-OAEP that provides anonymity in the random oracle model assuming RSA is one-way. We also give constructions of anonymous trapdoor permutations, assuming RSA is one-way, which yield anonymous encryption schemes in the standard model.

show abstract

The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search

Desai

2000

View full text Add to dashboard Cite

Abstract. We investigate the all-or-nothing encryption paradigm which was introduced by Rivest as a new mode of operation for block ciphers. The paradigm involves composing an all-or-nothing transform (AONT) with an ordinary encryption mode. The goal is to have secure encryption modes with the additional property that exhaustive key-search attacks on them are slowed down by a factor equal to the number of blocks in the ciphertext. We give a new notion concerned with the privacy of keys that provably captures this key-search resistance property. We suggest a new characterization of AONTs and establish that the resulting all-or-nothing encryption paradigm yields secure encryption modes that also meet this notion of key privacy. A consequence of our new characterization is that we get more efficient ways of instantiating the all-or-nothing encryption paradigm. We describe a simple block-cipher-based AONT and prove it secure in the Shannon Model of a block cipher. We also give attacks against alternate paradigms that were believed to have the above keysearch resistance property.

show abstract

A Practice-Oriented Treatment of Pseudorandom Number Generators

Desai¹,

Hevia

Yin³

2002

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Anand Desai

A concrete security treatment of symmetric encryption

Relations among notions of security for public-key encryption schemes

Key-Privacy in Public-Key Encryption

The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search

A Practice-Oriented Treatment of Pseudorandom Number Generators

Contact Info

Product

Resources

About