Secret-key cryptography from ideal primitives: A systematic overview

Gaži, Peter; Tessaro, Stefano

doi:10.1109/itw.2015.7133163

Cited by 11 publications

(10 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…the usual hardware and power consumption metrics. The main technical contribution of this paper is to introduce a formal ideal primitive model (in the sense of [12]) for KSG-based stream ciphers and to show the sharp 2 3 n-bound for the security of the Lizardconstruction against generic time-memory-data tradeoff attacks.…”

mentioning

confidence: 99%

On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks

Hamann

Krause

2018

Cryptogr. Commun.

View full text Add to dashboard Cite

We propose and analyze the Lizard-construction, a way to construct keystream generator (KSG) based stream ciphers with provable 2 3 n-security with respect to generic time-memory-data tradeoff attacks. Note that for the vast majority of known practical KSG-based stream ciphers such attacks reduce the effective key length to the birthday bound n/2, where n denotes the inner state length of the underlying KSG. This implies that practical stream ciphers have to have a comparatively large inner state length (e.g., n = 288 bit for Trivium [6] and n = 160 bit for Grain v1 [16]). The Lizard-construction proposes a state initialization algorithm for stream ciphers working in packet mode (like the GSM cipher A5/1 or the Bluetooth cipher E0). The proposal is that for each packet i the packet initial state q i init is computed from the secret session key k and the packet initial value IV i via q i init = P (k ⊕IV i )⊕k, where P denotes a state mixing algorithm. Note that the recently published cipher Lizard (see [14]), a stream cipher having inner state length of only 121 bit, is a lightweight practical instantiation of our proposal, which is competitive w.r.t. the usual hardware and power consumption metrics. The main technical contribution of this paper is to introduce a formal ideal primitive model (in the sense of [12]) for KSG-based stream ciphers and to show the sharp 2 3 n-bound for the security of the Lizardconstruction against generic time-memory-data tradeoff attacks.

show abstract

mentioning

confidence: 99%

On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks

Hamann

Krause

2018

Cryptogr. Commun.

View full text Add to dashboard Cite

show abstract

“…Gentry and Ramzan [34] proposed the idea of combining the Feistel construction and the Even-Mansour cipher, which was later named the Key Alternating Feistel (KAF) cipher by Lampe and Seurin [45]. In the work of Gazi and Tessaro [33], a construction that turns RFs into PRF has been introduced. Moreover, the Whitened Swap-or-Not construction by Tessaro [65] provides another way of building nearly optimal n-bits secure PRP from RPs or RFs.…”

Section: Our Contribution In Bigger Perspectivementioning

confidence: 99%

“…of SoP [14,23,51] Indiff. of Feistel [26,27,29] GT [33] K e y A lt e r n a t in g F e is t e l [3 4 , 4 5 ]…”

Section: Our Contribution In Bigger Perspectivementioning

confidence: 99%

How to Build Pseudorandom Functions from Public Random Permutations

Chen

Lambooij

Mennink

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Pseudorandom functions are traditionally built upon block ciphers, but with the trend of permutation based cryptography, it is a natural question to investigate the design of pseudorandom functions from random permutations. We present a generic study of how to build beyond birthday bound secure pseudorandom functions from public random permutations. We first show that a pseudorandom function based on a single permutation call cannot be secure beyond the 2 n/2 birthday bound, where n is the state size of the function. We next consider the Sum of Even-Mansour (SoEM) construction, that instantiates the sum of permutations with the Even-Mansour construction. We prove that SoEM achieves tight 2n/3-bit security if it is constructed from two independent permutations and two randomly drawn keys. We also demonstrate a birthday bound attack if either the permutations or the keys are identical. Finally, we present the Sum of Key Alternating Ciphers (SoKAC) construction, a translation of Encrypted Davies-Meyer Dual to a public permutation based setting, and show that SoKAC achieves tight 2n/3-bit security even when a single key is used.

show abstract

“…The general model of computationally distinguishing an idealized cryptosystem from an actual implementation of the system has been proposed in Maurer [9]. A recent overview of the progress in this area is provided in [10].…”

Section: A Related Workmentioning

confidence: 99%

Secrecy through Synchronization Errors

Castiglione

Kavcic

2014

2015 IEEE Global Communications Conference (GLOBECOM)

View full text Add to dashboard Cite

In this paper, we propose a secure transmission scheme based on deleting and inserting symbols. The proposed encryption/decryption method is novel since it achieves secrecy by a transmitter that deliberately introduces synchronization errors (insertions and/or deletions) based on a shared source of randomness. The intended receiver, having access to the same shared source of randomness as the transmitter, can resynchronize the received sequence. On the other hand, the eavesdropper's channel remains a synchronization error channel. We show that the scheme achieves information theoretic security. We prove a secrecy capacity theorem, provide a lower bound on the secrecy capacity, and propose numerical methods to evaluate it.

show abstract

Secret-key cryptography from ideal primitives: A systematic overview

Cited by 11 publications

References 29 publications

On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks

On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks

How to Build Pseudorandom Functions from Public Random Permutations

Secrecy through Synchronization Errors

Contact Info

Product

Resources

About