Practical Symmetric On-Line Encryption

Fouque, Pierre-Alain; Martinet, Gwenaëlle; Poupard, Guillaume

doi:10.1007/978-3-540-39887-5_26

Cited by 20 publications

(25 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Next we show that delayed versions of CBC-CS achieve an analogous IND$ notion that we define for online security. The idea of delayed CBC is from Fouque, Martinet, and Poupard [11]. Our formulation for online security generalizes their and subsequent work (further history and credits coming shortly).…”

Section: Introductionmentioning

confidence: 89%

“…We can defend against this attack and, more broadly, get online-secure scheme, simply by delaying the last ciphertext block from each plaintext chunk, holding onto it until the relevant blockcipher has already been made. The idea is due to Fouque, Martinet, and Poupard [11]. The contents of this section are a strengthening and extension of that work, adding ciphertext stealing, employing less restrictive syntax, and establishing a stronger notion of security.…”

Section: Online Security Of the Cbc-cs Schemesmentioning

confidence: 97%

“…Note that the IND$-definition allows interleaved querying of multiple streams; this is the purpose of the index i. Fouque, Martinet, and Poupard earlier observed that, with respect to their definitions for online indistinguishability, this made for a stronger security notion [11]. The same is true for us; it is easy to see that if the adversary were restricted to asking a sequence of messages with nondecreasing indexes, a restriction that amounts to forbidding the interleaving of encryptions, the resulting security notion would be properly weaker.…”

Section: Defining Online Securitymentioning

confidence: 99%

“…The stronger ind$-definition that we adopt here is from Rogaway, Bellare, Black, and Krovetz [16]. For online security, the delayed-CBC scheme that we embellish with NIST's versions of ciphertext stealing is due to Fouque, Martinet, and Poupard [11].…”

Section: Introductionmentioning

confidence: 99%

“…Our definition of online security springs from the line of work on blockwiseadaptive attacks that starts with Bellare, Kohno, and Namprempre [4] and Joux, Martinet, and Valette [13] and continues with Fouque, Martinet, and Poupard [11], Fouque, Joux, and Poupard [10], and Bard [2]. As explained, our own security definitions take a different turn by divorcing the notion of online security from its former association with blockcipher-based schemes.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

The Security of Ciphertext Stealing

Rogaway

Wooding

Zhang

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We prove the security of CBC encryption with ciphertext stealing. Our results cover all versions of ciphertext stealing recently recommended by NIST. The complexity assumption is that the underlying blockcipher is a good PRP, and the security notion achieved is the strongest one commonly considered for chosen-plaintext attacks, indistinguishability from random bits (ind$-security). We go on to generalize these results to show that, when intermediate outputs are slightly delayed, one achieves ind$-security in the sense of an online encryption scheme, a notion we formalize that focuses on what is delivered across an online API, generalizing prior notions of blockwise-adaptive attacks. Finally, we pair our positive results with the observation that the version of ciphertext stealing described in Meyer and Matyas's well-known book (1982) is not secure.

show abstract

Section: Introductionmentioning

confidence: 89%

Section: Online Security Of the Cbc-cs Schemesmentioning

confidence: 97%

Section: Defining Online Securitymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

The Security of Ciphertext Stealing

Rogaway

Wooding

Zhang

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

Chosen-Ciphertext Attacks Against MOSQUITO

Joux¹,

Muller²

2006

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. Self-Synchronizing Stream Ciphers (SSSC) are a particular class of symmetric encryption algorithms, such that the resynchronization is automatic, in case of error during the transmission of the ciphertext.In this paper, we extend the scope of chosen-ciphertext attacks against SSSC. Previous work in this area include the cryptanalysis of dedicated constructions, like KNOT, HBB or SSS. We go further to break the last standing dedicated design of SSSC, i.e. the ECRYPT proposal MOS-QUITO. Our attack costs about 2 70 computation steps, while a 96-bit security level was expected. It also applies to Γ Υ (an ancestor of MOS-QUITO) therefore the only secure remaining SSSC are block-cipherbased constructions.

show abstract

Authenticated On-Line Encryption

Fouque

Joux

Martinet

et al. 2004

Selected Areas in Cryptography

Self Cite

View full text Add to dashboard Cite

Abstract. In this paper, we investigate the authenticated encryption paradigm, and its security against blockwise adaptive adversaries, mounting chosen ciphertext attacks on on-the-fly cryptographic devices. We remark that most of the existing solutions are insecure in this context, since they provide a decryption oracle for any ciphertext. We then propose a generic construction called Decrypt-Then-Mask, and prove its security in the blockwise adversarial model. The advantage of this proposal is to apply minimal changes to the encryption protocol. In fact, in our solution, only the decryption protocol is modified, while the encryption part is left unchanged. Finally, we propose an instantiation of this scheme, using the encrypted CBC-MAC algorithm, a secure pseudorandom number generator and the Delayed variant of the CBC encryption scheme.

show abstract

Practical Symmetric On-Line Encryption

Cited by 20 publications

References 9 publications

The Security of Ciphertext Stealing

The Security of Ciphertext Stealing

Chosen-Ciphertext Attacks Against MOSQUITO

Authenticated On-Line Encryption

Contact Info

Product

Resources

About