A formal treatment of remotely keyed encryption
Proceedings of the tenth annual ACM-SIAM symposium on Discrete algorithms
High-Bandwidth Encryption with Low-Bandwidth Smartcards
Proceedings of the Third International Workshop on Fast Software Encryption
All-or-Nothing Encryption and the Package Transform
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
On the Security of Remotely Keyed Encryption
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
All-or-Nothing Transform and Remotely Keyed Encription Protocols
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Hi-index | 0.89 |
Remotely keyed encryption (RKE) schemes provide fast symmetric encryption and decryption using a small-bandwidth security module and a powerful host. Such schemes keep the key inside the security module to prevent key compromise. Shin, Shin, and Rhee proposed a length-preserving as well as a length-increasing RKE scheme that both use only a single round of interaction between host and security module. With the length-preserving scheme they claim to answer an open problem of Blaze, Feigenbaum, and Naor. However, in the present paper we show that both their schemes are completely insecure. Further, we present heuristic arguments on why a one-round length-preserving RKE scheme might be impossible.