摘要
密码算法的安全定义研究以及定义间的深入理解已经成为现代密码学的主要研究领域。然而,当前多数可认证加密方案缺乏必要的安全性分析,为了分析协议安全性,在IND-CPA概念基础上,对加密与MAC组合与先MAC后加密两种对称式的可认证加密协议予以分析,并分别用Oracle机方法给出了IND-CPA攻击下的安全性证明。结果表明加密与MAC组合方式不能保证IND-CPA安全,但先MAC后加密方式则可实现IND-CPA安全。
The development of precise definitions of security for encryption, as well as a detailed understanding of their relationships, has been a major area of research in modern cryptography. However, most of currently authenticated encryption schemes is lack of the essential security analysis. To analyze the security of scheme encrypt after MAC on the basis of the standard notions for the and the security for two authenticated encryption model: Encrypt and MAC, indistinguishability against chosen-plaintext attacks (1ND-CPA). For each of these, the security proofs are proposed using Oracle model in the IND-CPA sence. The results indicate that the encrypt and MAC method is insecure against IND-CPA attack, but the encrypt after MAC is secure.
出处
《计算机工程与设计》
CSCD
北大核心
2007年第10期2303-2305,共3页
Computer Engineering and Design
基金
河南省自然科学基金项目(0411013600)
关键词
认证加密
选择明文攻击
不可区分性
消息认证
对称密码
authenticated encryption
CPA
indistinguishability
message authentication
symmetric encryption