Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes

Abstract. Motivated by revelations concerning population-wide surveillance of encrypted communications, we formalize and investigate the resistance of symmetric encryption schemes to mass surveillance. The focus is on algorithm-substitution attacks (ASAs), where a subverted encryption algorithm replaces the real one. We assume that the goal of "big brother" is undetectable subversion, meaning that ciphertexts produced by the subverted encryption algorithm should reveal plaintexts to big brother yet be indistinguishable to users from those produced by the real encryption scheme. We formalize security notions to capture this goal and then offer both attacks and defenses. In the first category we show that successful (from the point of view of big brother) ASAs may be mounted on a large class of common symmetric encryption schemes. In the second category we show how to design symmetric encryption schemes that avoid such attacks and meet our notion of security. The lesson that emerges is the danger of choice: randomized, stateless schemes are subject to attack while deterministic, stateful ones are not.

show abstract

“…These include schemes that do not surface the IV, for example encrypted-IV schemes like CBC2 [41], IACBC [28] and XCBC$ [20].…”

Section: The Biased-ciphertext Attackmentioning

confidence: 99%

Security of Symmetric Encryption against Mass Surveillance

Bellare

Paterson

Rogaway

2014

Lecture Notes in Computer Science

140

208

View full text Add to dashboard Cite

show abstract

“…Therefore, from the attacker side, adversaries in the IND security game can adapt the message blocks according to the previously received ciphertext blocks. The same notion concerning integrity on real-time applications has been used by Gennaro and Rohatgi [4].…”

Section: Introductionmentioning

confidence: 93%

Practical Symmetric On-Line Encryption

Fouque

Martinet

Poupard

2003

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. This paper addresses the security of symmetric cryptosystems in the blockwise adversarial model. At Crypto 2002, Joux, Martinet and Valette have proposed a new kind of attackers against several symmetric encryption schemes. In this paper, we first show a generic technique to thwart blockwise adversaries for a specific class of encryption schemes. It consists in delaying the output of the ciphertext block. Then we provide the first security proof for the CFB encryption scheme, which is naturally immune against such attackers.

show abstract

“…The formal notion of authenticated encryption systems was introduced independently by Katz and Yung in [45], and by Bellare and Rogaway in [13]. Since then, many dedicated authenticated encryption schemes have been proposed, such as, RPC of Katz and Yung [45], XECB of Gligor and Donescu [35], IAPM of Jutla [43], OCB of Rogaway et al [60], and EAX of Bellare et al [14]. A noteworthy point is that all secure dedicated authenticated encryption primitives are blockcipher based.…”

Section: Background and Related Workmentioning

confidence: 99%

Authenticated encryption: how reordering can impact performance

Alomair

2016

Security Comm Networks

View full text Add to dashboard Cite

Abstract. In this work, we look at authenticated encryption schemes from a new perspective. As opposed to focusing solely on the "security" implications of the different methods for constructing authenticated encryption schemes, we investigate the effect of the method used to construct an authenticated encryption scheme on the "performance" of the construction. We show that, as opposed to the current NIST standard, by performing the authentication operation before the encryption operation, the computational efficiency of the construction can be increased, without affecting the security of the overall construction. In fact, we show that the proposed construction is even more secure than standard authentication based on universal hashing in the sense that the hashing key is resilient to key recovery attacks.

show abstract

Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes

Cited by 109 publications

References 17 publications

Security of Symmetric Encryption against Mass Surveillance

Security of Symmetric Encryption against Mass Surveillance

Practical Symmetric On-Line Encryption

Authenticated encryption: how reordering can impact performance

Contact Info

Product

Resources

About