Combiners for AEAD
| Autor: | Paul Rösler, Bertram Poettering |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
AEAD
Ciphertext Translation lcsh:Computer engineering. Computer hardware Computer science Applied Mathematics Secure Combiners lcsh:TK7885-7895 0102 computer and information sciences 02 engineering and technology 01 natural sciences Computer Science Applications Computational Mathematics 010201 computation theory & mathematics Impossibility Result 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Provable Security Encrypt-then-MAC Software |
| Zdroj: | IACR Transactions on Symmetric Cryptology; Volume 2020, Issue 1; 121-143 IACR Transactions on Symmetric Cryptology, Vol 2020, Iss 1 (2020) |
| ISSN: | 2519-173X |
| DOI: | 10.46586/tosc.v2020.i1.121-143 |
| Popis: | The Authenticated Encryption with Associated Data (AEAD) primitive, which integrates confidentiality and integrity services under a single roof, found wide-spread adoption in industry and became indispensable in practical protocol design. Recognizing this, academic research put forward a large number of candidate constructions, many of which come with provable security guarantees. Nevertheless, the recent past has shaken up with the discovery of vulnerabilities, some of them fatal, in well-regarded schemes, stemming from weak underlying primitives, flawed security arguments, implementation-level vulnerabilities, and so on. Simply reacting to such findings by replacing broken candidates by better(?) ones is in many cases unduly, costly, and sometimes just impossible. On the other hand, as attack techniques and opportunities change over time, it seems venturous to propose any specific scheme if the intended lifetime of its application is, say, twenty years. In this work we study a workable approach towards increasing the resilience against unforeseen breaks of AEAD primitives. Precisely, we consider the ability to combine two AEAD schemes into one such that the resulting AEAD scheme is secure as long as at least one of its components is (or: as long as at most one component is broken). We propose a series of such combiners, some of which work with fully generic AEAD components while others assume specific internal structures of the latter (like an encrypt-then-MAC design). We complement our results by proving the optimality of our constructions by showing the impossibility of combiners that get along with less invocations of the component algorithms. IACR Transactions on Symmetric Cryptology, Volume 2020, Issue 1 |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|