Ciphertext verification security of symmetric encryption schemes 被引量：4

Ciphertext verification security of symmetric encryption schemes

导出

摘要 This paper formally discusses the security problem caused by the ciphertext verification, presenting a new security notion named IND-CVA （indistinguishability under ciphertext verification attacks） to characterize the privacy of encryption schemes in this situation. Allowing the adversary to access to both encryption oracle and ciphertext verification oracle, the new notion IND-CVA is slightly stronger than IND-CPA （indistinguishability under chosen-plaintext attacks） but much weaker than IND-CCA （indistin- guishability under chosen-ciphertext attacks）, and can be satisfied by most of the popular symmetric encryption schemes such as OTP （one-time-pad）, CBC （cipher block chaining） and CTR （counter）. An MAC （message authentication scheme） is usually combined with an encryption to guarantee secure communication （e.g. SSH, SSL and IPSec）. However, with the notion of IND-CVA, this paper shows that a secure MAC can spoil the privacy in some cases. This paper formally discusses the security problem caused by the ciphertext verification, presenting a new security notion named IND-CVA （indistinguishability under ciphertext verification attacks） to characterize the privacy of encryption schemes in this situation. Allowing the adversary to access to both encryption oracle and ciphertext verification oracle, the new notion IND-CVA is slightly stronger than IND-CPA （indistinguishability under chosen-plaintext attacks） but much weaker than IND-CCA （indistin- guishability under chosen-ciphertext attacks）, and can be satisfied by most of the popular symmetric encryption schemes such as OTP （one-time-pad）, CBC （cipher block chaining） and CTR （counter）. An MAC （message authentication scheme） is usually combined with an encryption to guarantee secure communication （e.g. SSH, SSL and IPSec）. However, with the notion of IND-CVA, this paper shows that a secure MAC can spoil the privacy in some cases.

作者 HU ZhenYu SUN FuChun JIANG JianChun

机构地区 National Laboratory of Information Science and Technology Institute of Software

出处《Science in China(Series F)》 2009年第9期1617-1631,共15页 中国科学（F辑英文版）

基金 the National Basic Research Program of China (Grant No. G2002cb312205)

关键词 ENCRYPTION PRIVACY INTEGRITY reaction attack IND-CPA IND-CCA encryption, privacy, integrity, reaction attack, IND-CPA, IND-CCA

分类号 TP309 [自动化与计算机技术—计算机系统结构] X913 [环境科学与工程—安全科学]

引文网络
相关文献

参考文献13

1Krawczyk H. The order of encryption and authentication for protecting communications (or: How Security Is SSL?). In: Crypto'01, LNCS Vol. 2139. Berlin: Springer-Verlag, 2001. 310-331.
2Hall C, Goldberg I, Schneier B. Reaction attacks against several public-key cryptosystems. In: Varadharajan V, Mu Y, eds. Proceedings of Information and Communication Security, ICICS'99, vol. 1726. Berlin: Springer-Verlag, 1999. 2-12.
3An J H, Dodis T, Rabin T. On the security of joint signature and encryption. In: Knudsen L, ed. Advances in Cryptology- EUROCRYPT 2002, vol. 2332 of Lecture Notes in Computer Science. Berlin: Springer-Verlag, 2002. 85107.
4Canetti R, Krawczyk H. Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann B, ed. Advances in Cryptology-EUROCRYPT 2001, vol. 2045 of Lecture Notes in Computer Science. Berlin: Springer-Verlag, 2001. 453-474. Extended version at http://eprint.oacr.ogr/ 2001/040.
5Canetti R, Krawczyk H, Universally composable notions of key exchange and secure channels. In: Eurocypt'02, LNCS Vol. 2332. 2003. 337-351. Extended version at http://eprint. oacr.ogr/2002/059,.
6Canetti R. Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, 2001, the latest full version available at http://eprint.iacr.org/2000/067.
7Namprempre C. Secure channels based on authenticated encryption schemes: a simple characterization. In: Zheng Y, ed. Advance in Cryptology-ASIACRYPT 2002, Lecture Notes in Computer Science. Berlin: Springer-Verlag, 2002.
8Goldwasser S, Bellare M. Lecture Notes on Cryptography.Summer course on cryptography, MIT, 1996-2001. Available from Http://theory.lcs.mit.edu/shafi.
9Bellare M, Namprempre C. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto T, ed. Advances in Cryptology- ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science. Berlin: Springer-Verlag, 2000. 531-545.
10Bellare M, Desai A, Jokipii E, et al. A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation. In: Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE Computer Society Press, 1997. 394-403.

同被引文献2

1ZENG Guang HE KaiCheng HAN WenBao.A trinomial type of σ-LFSR oriented toward software implementation[J].Science in China(Series F),2007,50(3):359-372. 被引量：11
2WANG ShengBao,CAO ZhenFu,CHENG ZhaoHui,CHOO Kim-Kwang Raymond.Perfect forward secure identity-based authenticated key agreement protocol in the escrow mode[J].Science in China(Series F),2009,52(8):1358-1370. 被引量：9

引证文献4

1胡振宇,蒋建春,孙富春.利用IND-CVA实现安全信道[J].中国科学（F辑:信息科学）,2009,39(12):1248-1257.
2HU ZhenYu,JIANG JianChun,SUN FuChun.Using IND-CVA for constructing secure communication[J].Science in China(Series F),2009,52(10):1801-1811.
3WEN Hong,HO PinHan,GONG Guang.A framework of physical layer technique assisted authentication for vehicular communication networks[J].Science China(Information Sciences),2010,53(10):1996-2004. 被引量：2
4LI Lei,LIU XiangHui,WANG Zheng,LI FengHua.An improved attack on clock-controlled shift registers based on hardware implementation[J].Science China(Information Sciences),2013,56(11):224-233. 被引量：2

二级引证文献4

1DONG Wei,CHEN LiQian.Recent advances on trusted computing in China[J].Chinese Science Bulletin,2012,57(35):4529-4532. 被引量：4
2刘建芳,郑浩,马飞.基于最佳中继节点搜寻的WSN数据汇聚算法[J].计算机工程与设计,2016,37(12):3228-3234. 被引量：1
3Jiao HU,Ruilin LI,Chaojing TANG.A real-time inversion attack on the GMR-2 cipher used in the satellite phones[J].Science China(Information Sciences),2018,61(3):153-170. 被引量：1
4Lin DING,Dawu GU,Lei WANG,Chenhui JIN,Jie GUAN.Improved Guess and Determine attack on the MASHA stream cipher[J].Science China(Information Sciences),2021,64(9):243-244.

1SUN Yinxia,ZHANG Futai.Secure Certificateless Encryption with Short Ciphertext[J].Chinese Journal of Electronics,2010,19(2):313-318. 被引量：2
2Ding Ning Gu Dawu Liu Zhiqiang.Disguisable Symmetric Encryption Schemes for an Anti-forensics Purpose[J].China Communications,2010,7(6):56-63.
3CAO Weiwei HU Lei.Ciphertext-only Attack on a Multivariate Public Key Encryption Scheme with Internal Perturbation and Plus Structure[J].Chinese Journal of Electronics,2011,20(3):511-515.
4KANG Li,TANG XiaoHu,LIU JiaFen.Tight chosen ciphertext attack(CCA)-secure hybrid encryption scheme with full public verifiability[J].Science China(Information Sciences),2014,57(11):157-170.
5路献辉,来学嘉,何大可.The Gap between Intractable Problem and Adaptive Chosen Ciphertext Security[J].Journal of Shanghai Jiaotong university(Science),2009,14(1):90-93.
6WU Qiuxin.A Generic Construction of Ciphertext-Policy Attribute- Based Encryption Supporting Attribute Revocation[J].China Communications,2014,11(A01):93-100. 被引量：7
7杨旸,林柏钢,马懋德.具有细粒度访问控制的隐藏关键词可搜索加密方案[J].通信学报,2013,34(S1):92-100. 被引量：5
8刘伯红,王易.云存储环境下支持信任管理的CP-ABE方案[J].网络安全技术与应用,2017(1):52-54. 被引量：1
9魏江宏,刘文芬,胡学先.前向安全的密文策略基于属性加密方案[J].通信学报,2014,35(7):38-45. 被引量：13
10Yang YANG,Yu-pu HU,Le-you ZHANG,Chun-hui SUN.CCA2 secure biometric identity based encryption with constant-size ciphertext[J].Journal of Zhejiang University-Science C(Computers and Electronics),2011,12(10):819-827. 被引量：1

Science in China(Series F)

2009年第9期

浏览历史

内容加载中请稍等...

Ciphertext verification security of symmetric encryption schemes 被引量：4

参考文献13

同被引文献2

引证文献4

二级引证文献4

相关作者

相关机构

相关主题

浏览历史