Security of Symmetric Primitives under Incorrect Usage of Keys

We study the security of symmetric primitives under the incorrect usage of keys. Roughly speaking, a key-robust scheme does not output ciphertexts/tags that are valid with respect to distinct keys. Key-robustness is a notion that is often tacitly expected/assumed in protocol design — as is the case with anonymous auction, oblivious transfer, or public-key encryption. We formalize simple, yet strong definitions of key robustness for authenticated-encryption, message-authentication codes and PRFs. We show standard notions (such as AE or PRF security) guarantee a basic level of key-robustness under honestly generated keys, but fail to imply keyrobustness under adversarially generated (or known) keys. We show robust encryption and MACs compose well through generic composition, and identify robust PRFs as the main primitive used in building robust schemes. Standard hash functions are expected to satisfy key-robustness and PRF security, and hence suffice for practical instantiations. We however provide further theoretical justifications (in the standardmodel) by constructing robust PRFs from (left-and-right) collision-resistant PRGs.

Download Full-text

Data Integrity

10.1093/oso/9780198788003.003.0006 ◽

2017 ◽

Author(s):

Keith M. Martin

Keyword(s):

Hash Function ◽

Hash Functions ◽

Data Integrity ◽

Message Authentication ◽

Authenticated Encryption ◽

Authentication Codes ◽

Basic Model ◽

Function Design ◽

Security Properties ◽

Different Levels

This chapter discusses cryptographic mechanisms for providing data integrity. We begin by identifying different levels of data integrity that can be provided. We then look in detail at hash functions, explaining the different security properties that they have, as well as presenting several different applications of a hash function. We then look at hash function design and illustrate this by discussing the hash function SHA-3. Next, we discuss message authentication codes (MACs), presenting a basic model and discussing basic properties. We compare two different MAC constructions, CBC-MAC and HMAC. Finally, we consider different ways of using MACs together with encryption. We focus on authenticated encryption modes, and illustrate these by describing Galois Counter mode.

Download Full-text

New Developments in Quasigroup-Based Cryptography

Advances in Information Security, Privacy, and Ethics - Multidisciplinary Perspectives in Cryptology and Information Security ◽

10.4018/978-1-4666-5808-0.ch012 ◽

2014 ◽

pp. 286-317 ◽

Cited By ~ 1

Author(s):

Aleksandra Mileva

Keyword(s):

Building Blocks ◽

Block Ciphers ◽

Public Key ◽

Message Authentication ◽

Authentication Codes ◽

New Developments ◽

Identification Schemes ◽

Public Key Cryptosystems ◽

Research Activities ◽

The Given

This chapter offers an overview of new developments in quasigroup-based cryptography, especially of new defined quasigroup-based block ciphers and stream ciphers, hash functions and message authentication codes, PRNGs, public key cryptosystems, etc. Special attention is given to Multivariate Quadratic Quasigroups (MQQs) and MQQ public key schemes, because of their potential to become one of the most efficient pubic key algorithms today. There are also directions of using MQQs for building Zero knowledge ID-based identification schemes. Recent research activities show that some existing non-quasigroup block ciphers or their building blocks can be represented by quasigroup string transformations. There is a method for generating optimal 4x4 S-boxes by quasigroups of order 4, by which a more optimized hardware implementation of the given S-box can be obtained. Even some block ciphers' modes of operations can be represented by quasigroup string transformations, which leads to finding weaknesses in the interchanged use of these modes.

Download Full-text

Hash Functions and Their Applications

Algorithmic Strategies for Solving Complex Problems in Cryptography - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-2915-6.ch005 ◽

2018 ◽

pp. 66-77

Author(s):

Kannan Balasubramanian

Keyword(s):

Hash Function ◽

Hash Functions ◽

Digital Signatures ◽

Message Authentication ◽

Authenticated Encryption ◽

Authentication Codes ◽

Message Authentication Codes ◽

Message Digest ◽

Cryptographic Hash Functions

Cryptographic Hash Functions are used to achieve a number of Security goals like Message Authentication, Message Integrity, and are also used to implement Digital Signatures (Non-repudiation), and Entity Authentication. This chapter discusses the construction of hash functions and the various attacks on the Hash functions. The Message Authentication Codes are similar to the Hash functions except that they require a key for producing the message digest or hash. Authenticated Encryption is a scheme that combines hashing and Encryption. The Various types of hash functions like one-way hash function, Collision Resistant hash function and Universal hash functions are also discussed in this chapter.

Download Full-text

Cryptography with Disposable Backdoors

Cryptography ◽

10.3390/cryptography3030022 ◽

2019 ◽

Vol 3 (3) ◽

pp. 22

Author(s):

Kai-Min Chung ◽

Marios Georgiou ◽

Ching-Yi Lai ◽

Vassilis Zikas

Keyword(s):

Quantum Computation ◽

Good Reason ◽

Message Authentication ◽

Public Key Encryption ◽

Authentication Codes ◽

Digital World ◽

Trusted Hardware ◽

Single Use ◽

Generic Transformation ◽

Provably Secure

Backdooring cryptographic algorithms is an indisputable taboo in the cryptographic literature for a good reason: however noble the intentions, backdoors might fall in the wrong hands, in which case security is completely compromised. Nonetheless, more and more legislative pressure is being produced to enforce the use of such backdoors. In this work we introduce the concept of disposable cryptographic backdoors which can be used only once and become useless after that. These exotic primitives are impossible in the classical digital world without stateful and secure trusted hardware support, but, as we show, are feasible assuming quantum computation and access to classical stateless hardware tokens. Concretely, we construct a disposable (single-use) version of message authentication codes, and use them to derive a black-box construction of stateful hardware tokens in the above setting with quantum computation and classical stateless hardware tokens. This can be viewed as a generic transformation from stateful to stateless tokens and enables, among other things, one-time programs and memories. This is to our knowledge the first provably secure construction of such primitives from stateless tokens. As an application of disposable cryptographic backdoors we use our constructed primitive above to propose a middle-ground solution to the recent legislative push to backdoor cryptography: the conflict between Apple and FBI. We show that it is possible for Apple to create a one-time backdoor which unlocks any single device, and not even Apple can use it to unlock more than one, i.e., the backdoor becomes useless after it is used. We further describe how to use our ideas to derive a version of CCA-secure public key encryption, which is accompanied with a disposable (i.e., single-use, as in the above scenario) backdoor.

Download Full-text

Digital Image Protection using Keyed Hash Function

International Journal of Computer Vision and Image Processing ◽

10.4018/ijcvip.2012040103 ◽

2012 ◽

Vol 2 (2) ◽

pp. 36-47 ◽

Cited By ~ 1

Author(s):

Siva Charan Muraharirao ◽

Manik Lal Das

Keyword(s):

Digital Image ◽

Digital Signature ◽

Hash Function ◽

Image Authentication ◽

Experimental Results ◽

Public Key ◽

Message Authentication ◽

Authentication Codes ◽

Message Authentication Codes ◽

Image Protection

Digital image authentication is an essential attribute for protecting digital image from piracy and copyright violator. Anti-piracy, digital watermarking, and ownership verification are some mechanisms evolving over the years for achieving digital image authentication. Cryptographic primitives, such as hash function, digital signature, and message authentication codes are being used in several applications including digital image authentication. Use of Least Significant Bit (LSB) is one of the classical approaches for digital image authentication. Although LSB approach is efficient, it does not provide adequate security services. On the other hand, digital signature-based image authentication provides better security, but with added computational cost in comparison with LSB approach. Furthermore, digital signature-based authentication approach requires managing public key infrastructure. Considering security weakness of LSB-based approach and cost overhead of public key based approach, the authors present a digital image authentication scheme using LSB and message authentication codes (MAC). The MAC-based approach for authenticating digital image is secure and efficient approach without public key management overhead. The authors also provide experimental results of the proposed scheme using MATLAB. The experimental results show that the proposed scheme is efficient and secure in comparisons with other schemes.

Download Full-text

Efficient KDM-CCA Secure Public-Key Encryption via Auxiliary-Input Authenticated Encryption

Security and Communication Networks ◽

10.1155/2017/2148534 ◽

2017 ◽

Vol 2017 ◽

pp. 1-27 ◽

Cited By ~ 1

Author(s):

Shuai Han ◽

Shengli Liu ◽

Lin Lyu

Keyword(s):

Public Key ◽

Authenticated Encryption ◽

Public Key Encryption ◽

Secret Key ◽

Diffie Hellman ◽

Affine Functions ◽

Generic Construction ◽

Hash Proof System ◽

Auxiliary Input ◽

Ddh Assumption

KDM[F]-CCA security of public-key encryption (PKE) ensures the privacy of key-dependent messages f(sk) which are closely related to the secret key sk, where f∈F, even if the adversary is allowed to make decryption queries. In this paper, we study the design of KDM-CCA secure PKE. To this end, we develop a new primitive named Auxiliary-Input Authenticated Encryption (AIAE). For AIAE, we introduce two related-key attack (RKA) security notions, including IND-RKA and weak-INT-RKA. We present a generic construction of AIAE from tag-based hash proof system (HPS) and one-time secure authenticated encryption (AE) and give an instantiation of AIAE under the Decisional Diffie-Hellman (DDH) assumption. Using AIAE as an essential building block, we give two constructions of efficient KDM-CCA secure PKE based on the DDH and the Decisional Composite Residuosity (DCR) assumptions. Specifically, (i) our first PKE construction is the first one achieving KDM[Faff]-CCA security for the set of affine functions and compactness of ciphertexts simultaneously. (ii) Our second PKE construction is the first one achieving KDM[Fpolyd]-CCA security for the set of polynomial functions and almost compactness of ciphertexts simultaneously. Our PKE constructions are very efficient; in particular, they are pairing-free and NIZK-free.

Download Full-text