Abstract
We find certain neglected issues in the study of private-key encryption schemes. For one, private-key encryption is generally held to the same standard of security as public-key encryption (i.e., indistinguishability) even though usage of the two is very different. Secondly, though the importance of secure encryption of single blocks is well known, the security of modes of encryption (used to encrypt multiple blocks) is often ignored. With this in mind, we present definitions of a new notion of security for private-key encryption called encryption unforgeability which captures an adversary’s inability to generate valid ciphertexts. We show applications of this definition to authentication protocols and adaptive chosen ciphertext security.
Additionally, we present and analyze a new mode of encryption, RPC (for Related Plaintext Chaining), which is unforgeable in the strongest sense of the above definition. This gives the first mode provably secure against chosen ciphertext attacks. Although RPC is slightly less efficient than, say, CBC mode (requiring about 33% more block cipher applications and having ciphertext expansion of the same amount when using a block cipher with 128-bit blocksize), it has highly parallelizable encryption and decryption operations.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full chapter text
Chapter PDF
References
ANSI X3.106, “American National Standard for Information Systems—Data Encryption Algorithm—Modes of Operation,” American National Standards Institute, 1983.
M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation. FOCS 1997.
M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations Among Notions of Security for Public-Key Encryption Schemes. CRYPTO 1998.
M. Bellare, O. Goldreich, and S. Goldwasser. Incremental Cryptography and Application to Virus Protection. STOC 1995.
M. Bellare and P. Rogaway. On the Construction of Variable-Input-Length Ciphers. FSE 1999.
E. Biham. Cryptanalysis of Multiple Modes of Operation. J. of Cryptology 1998.
E. Biham and L.K. Knudsen. Cryptanalysis of the ANSI X9.52 CBCM Mode. EUROCRYPT 1998.
D. Bleichenbacher and A. Desai. A Construction of a Super-Pseudorandom Cipher. Manuscript, February 1999.
D. Dolev, C. Dwork, and M. Naor. Non-malleable Cryptography. SIAM J. Computing, to appear; a preliminary version appears in STOC 1991.
S. Goldwasser and S. Micali. Probabilistic Encryption. JCSS, 28: 270–299, 1984.
ISO 8372, “Information Processing—Modes of Operation for a 64-bit Block Cipher Algorithm,” International Organization for Standardization, Geneva, Switzerland, 1987.
M. Jakobsson, J.P. Stern, and M. Yung. Scramble All, Encrypt Small. FSE 1999.
C.J.A. Jansen and D.E. Boekee. Modes of Blockcipher Algorithms and Their Protection Against Active Eavesdropping. EUROCRYPT 1987.
C. Kaufman, R. Perlman, and M. Speciner. “Network Security: Private Communication in a Public World,” Prentice Hall, New Jersey, 1995, pp. 89–92.
J. Katz and B. Schneier. A Chosen Ciphertext Attack Against Several E-mail Encryption Protocols. 9th USENIX Security Symposium, to appear.
J. Katz and M. Yung. Complete Characterization of Security Notions for Probabilistic Private-Key Encryption. STOC 2000.
J. Katz and M. Yung. Chosen-Ciphertext Secure Incremental Encryption. Manuscript, February 2000.
M. Luby. Chapter 14, “Pseudorandomness and Cryptographic Applications,” Princeton University Press, 1996.
C.H. Meyer and S.M. Matyas. “Cryptography: A New Dimension in Computer Data Security,” John Wiley & Sons, New York, 1982.
M. Naor and O. Reingold. On the Construction of Pseudorandom Permutations: Luby-Rackoff Revisited. STOC 1997; also: personal communication, December 1999.
M. Naor and M. Yung. Public-Key Cryptosystems Provably Secure Against Chosen Ciphertext Attacks. STOC 1990.
National Bureau of Standards, NBS FIPS PUB 81, “DES Modes of Operation,” U.S. Department of Commerce, 1980.
B. Preneel. Cryptographic Primitives for Information Authentication—State of the Art. State of the Art in Applied Cryptography, 1997.
B. Preneel, M. Nuttin, V. Rijmen, and J. Buelens. Cryptanalysis of the CFB Mode of the DES with a Reduced Number of Rounds. CRYPTO 1993.
C. Rackoff and D. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. CRYPTO 1991.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Katz, J., Yung, M. (2001). Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds) Fast Software Encryption. FSE 2000. Lecture Notes in Computer Science, vol 1978. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44706-7_20
Download citation
DOI: https://doi.org/10.1007/3-540-44706-7_20
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41728-6
Online ISBN: 978-3-540-44706-1
eBook Packages: Springer Book Archive