scholarly journals Deterministic Authenticated Encryption Scheme for Memory Constrained Devices

Cryptography ◽  
2018 ◽  
Vol 2 (4) ◽  
pp. 37
Author(s):  
Megha Agrawal ◽  
Donghoon Chang ◽  
Jinkeon Kang
Keyword(s):  
Intermediate State ◽  
Authenticated Encryption ◽  
Session Key ◽  
Legitimate User ◽  
Security Proof ◽  
Ideal Cipher ◽  
Standard Manner ◽  
Deterministic Authenticated Encryption ◽  
Ideal Cipher Model ◽  
Constrained Devices

A technique of authenticated encryption for memory constrained devices called sp-AELM was proposed by Agrawal et al. at ACISP 2015. The sp-ALEM construction utilizes a sponge-based primitive to support online encryption and decryption functionalities. Online encryption in the construction is achieved in the standard manner by processing plaintext blocks as they arrive to produce ciphertext blocks. However, decryption is achieved by storing only one intermediate state and releasing it to the user upon correct verification. This intermediate state allows a legitimate user to generate the plaintext herself. However, the scheme is nonce-respecting, i.e., the scheme is insecure if the nonce is repeated. Implementation of a nonce is non-trivial in practice, and reuse of a nonce in an AE scheme is often devastating. In this paper, we propose a new AE scheme called dAELM, which stands for deterministic authenticated encryption (DAE) scheme for low memory devices. DAE is used in domains such as the key wrap, where the available message entropy omits the overhead of a nonce. For limiting memory usage, our idea is to use a session key to encrypt a message and share the session key with the user depending upon the verification of a tag. We provide the security proof of the proposed construction in the ideal cipher model.

scholarly journals Permutation-Based Lightweight Authenticated Cipher with Beyond Conventional Security

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Ping Zhang
Keyword(s):  
Hardware Implementation ◽  
Authenticated Encryption ◽  
Resource Constrained ◽  
Large Capacity ◽  
Efficiency Optimization ◽  
Security Proof ◽  
Almost All ◽  
Resource Constrained Devices ◽  
Constrained Devices

Lightweight authenticated ciphers are specially designed as authenticated encryption (AE) schemes for resource-constrained devices. Permutation-based lightweight authenticated ciphers have gained more attention in recent years. However, almost all of permutation-based lightweight AE schemes only ensure conventional security, i.e., about c / 2 -bit security, where c is the capacity of the permutation. This may be vulnerable for an insufficiently large capacity. This paper focuses on the stronger security guarantee and the better efficiency optimization of permutation-based lightweight AE schemes. On the basis of APE series (APE, APE R I , APE O W , and APE C A ), we propose a new improved permutation-based lightweight online AE mode APE + which supports beyond conventional security and concurrent absorption. Then, we derive a simple security proof and prove that APE + enjoys at most about min r , c -bit security, where r is the rate of the permutation. Finally, we discuss the properties of APE + on the hardware implementation.

scholarly journals Security of Symmetric Primitives against Key-Correlated Attacks

2019 ◽  
pp. 193-230
Author(s):  
Aisling Connolly ◽  
Pooya Farshim ◽  
Georg Fuchsbauer
Keyword(s):  
Natural Transformation ◽  
Random Oracle Model ◽  
Random Permutation ◽  
Random Oracle ◽  
Dependent Data ◽  
Authenticated Encryption ◽  
Ideal Cipher ◽  
Permutation Model ◽  
Ideal Cipher Model ◽  
The Ideal

We study the security of symmetric primitives against key-correlated attacks (KCA), whereby an adversary can arbitrarily correlate keys, messages, and ciphertexts. Security against KCA is required whenever a primitive should securely encrypt key-dependent data, even when it is used under related keys. KCA is a strengthening of the previously considered notions of related-key attack (RKA) and key-dependent message (KDM) security. This strengthening is strict, as we show that 2-round Even–Mansour fails to be KCA secure even though it is both RKA and KDM secure. We provide feasibility results in the ideal-cipher model for KCAs and show that 3-round Even–Mansour is KCA secure under key offsets in the random-permutation model. We also give a natural transformation that converts any authenticated encryption scheme to a KCA-secure one in the random-oracle model. Conceptually, our results allow for a unified treatment of RKA and KDM security in idealized models of computation.

scholarly journals Cryptanalysis of PMACx, PMAC2x, and SIVx

2017 ◽  
pp. 162-176
Author(s):  
Kazuhiko Minematsu ◽  
Tetsu Iwata
Keyword(s):  
Provable Security ◽  
Block Cipher ◽  
Query Complexity ◽  
Block Length ◽  
Encryption Scheme ◽  
Authenticated Encryption ◽  
Pseudorandom Functions ◽  
Tweakable Block Cipher ◽  
Deterministic Authenticated Encryption ◽  
Provably Secure

At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2n/2), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

scholarly journals A Dual Key-Based Activation Scheme for Secure LoRaWAN

2017 ◽  
Vol 2017 ◽  
pp. 1-12 ◽  
Author(s):  
Jaehyu Kim ◽  
JooSeok Song
Keyword(s):  
Long Range ◽  
Wide Area ◽  
The Internet ◽  
Area Network ◽  
Key Generation ◽  
Wide Area Network ◽  
Session Key ◽  
Original Scheme ◽  
The Internet Of Things ◽  
Constrained Devices

With the advent of the Internet of Things (IoT) era, we are experiencing rapid technological progress. Billions of devices are connected to each other, and our homes, cities, hospitals, and schools are getting smarter and smarter. However, to realize the IoT, several challenging issues such as connecting resource-constrained devices to the Internet must be resolved. Recently introduced Low Power Wide Area Network (LPWAN) technologies have been devised to resolve this issue. Among many LPWAN candidates, the Long Range (LoRa) is one of the most promising technologies. The Long Range Wide Area Network (LoRaWAN) is a communication protocol for LoRa that provides basic security mechanisms. However, some security loopholes exist in LoRaWAN’s key update and session key generation. In this paper, we propose a dual key-based activation scheme for LoRaWAN. It resolves the problem of key updates not being fully supported. In addition, our scheme facilitates each layer in generating its own session key directly, which ensures the independence of all layers. Real-world experimental results compared with the original scheme show that the proposed scheme is totally feasible in terms of delay and battery consumption.

scholarly journals Revisiting Variable Output Length XOR Pseudorandom Function

2018 ◽  
pp. 314-335 ◽  
Author(s):  
Srimanta Bhattacharya ◽  
Mridul Nandi
Keyword(s):  
Linear Equations ◽  
Security Analysis ◽  
Basic Structure ◽  
Authenticated Encryption ◽  
Security Proof ◽  
Simple Variant ◽  
Encryption Algorithms ◽  
The Cost ◽  
Mirror Theory ◽  
Pseudorandom Function

Let σ be some positive integer and C ⊆ {(i, j) : 1 ≤ i < j ≤ σ}. The theory behind finding a lower bound on the number of distinct blocks P1, . . . , Pσ ∈ {0, 1}n satisfying a set of linear equations {Pi ⊕Pj = ci,j : (i, j) ∈ C} for some ci,j ∈ {0, 1}n, is called mirror theory. Patarin introduced the mirror theory and provided a proof for this. However, the proof, even for a special class of equations, is complex and contains several non-trivial gaps. As an application of mirror theory, XORP[w] (known as XOR construction) returning (w−1) block output, is a pseudorandom function (PRF) for some parameter w, called width. The XOR construction can be seen as a basic structure of some encryption algorithms, e.g., the CENC encryption and the CHM authenticated encryption, proposed by Iwata in 2006. Due to potential application of XORP[w] and the nontrivial gaps in the proof of mirror theory, an alternative simpler analysis of PRF-security of XORP[w] would be much desired. Recently (in Crypto 2017) Dai et al. introduced a tool, called the χ2 method, for analyzing PRF-security. Using this tool, the authors have provided a proof of PRF-security of XORP[2] without relying on the mirror theory. In this paper, we resolve the general case; we apply the χ2 method to obtain a simpler security proof of XORP[w] for any w ≥ 2. For w = 2, we obtain a tighter bound for a wider range of parameters than that of Dai et al.. Moreover, we consider variable width construction XORP[∗] (in which the widths are chosen by adversaries adaptively), and also provide variable output length pseudorandom function (VOLPRF) security analysis for it. As an application of VOLPRF, we propose an authenticated encryption which is a simple variant of CHM or AES-GCM and provides much higher security than those at the cost of one extra blockcipher call for every message.

Sign in / Sign up

Export Citation Format

Share Document