Universal one-way hash functions and their cryptographic applications
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
One-way functions are necessary and sufficient for secure signatures
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
The security of the cipher block chaining message authentication code
Journal of Computer and System Sciences
OCB: a block-cipher mode of operation for efficient authenticated encryption
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Authenticated encryption in SSH: provably fixing the SSH binary packet protocol
Proceedings of the 9th ACM conference on Computer and communications security
Authenticated-encryption with associated-data
Proceedings of the 9th ACM conference on Computer and communications security
Digital Signcryption or How to Achieve Cost(Signature & Encryption)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Collision-Resistant Hashing: Towards Making UOWHFs Practical
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
On the Security of Joint Signature and Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
High-Bandwidth Encryption with Low-Bandwidth Smartcards
Proceedings of the Third International Workshop on Fast Software Encryption
On the Security of Remotely Keyed Encryption
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
Formal Proofs for the Security of Signcryption
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
A composition theorem for universal one-way hash functions
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
ACM Transactions on Information and System Security (TISSEC)
Speeding up Exponentiation using an Untrusted Computational Resource
Designs, Codes and Cryptography
Secure deletion for a versioning file system
FAST'05 Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies - Volume 4
Signcryption Scheme in Multi-user Setting without Random Oracles
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Convertible multi-authenticated encryption scheme with one-way hash function
Computer Communications
Blockwise adversarial model for on-line ciphers and symmetric encryption schemes
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Tag-KEM/DEM: a new framework for hybrid encryption and a new analysis of kurosawa-desmedt KEM
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Threshold and proactive pseudo-random permutations
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Provably convertible multi-authenticated encryption scheme for generalized group communications
Information Sciences: an International Journal
| Hi-index | 0.00 |
We introduce a new cryptographic primitive we call concealment, which is related, but quite different from the notion of commitment. A concealment is a publicly known randomized transformation, which, on input m, outputs a hider h and a binder b. Together, h and b allow one to recover m, but separately, (1) the hider h reveals "no information" about m, while (2) the binder b can be "meaningfully opened" by at most one hider h. While setting b = m, h = φ is a trivial concealment, the challenge is to make |b| ≪ |m|, which we call a "non-trivial" concealment. We show that non-trivial concealments are equivalent to the existence of collision-resistant hash functions. Moreover, our construction of concealments is extremely simple, optimal, and yet very general, giving rise to a multitude of efficient implementations. We show that concealments have natural and important applications in the area of authenticated encryption. Specifically, let AE be an authenticated encryption scheme (either public- or symmetric-key) designed to work on short messages. We show that concealments are exactly the right abstraction allowing one to use AE for encrypting long messages. Namely, to encrypt "long" m, one uses a concealment scheme to get h and b, and outputs authenticated ciphertext 〈AE(b),h〉. More surprisingly, the above paradigm leads to a very simple and general solution to the problem of remotely keyed (authenticated) encryption (RKAE) [12,13]. In this problem, one wishes to split the task of high-bandwidth authenticated encryption between a secure, but low-bandwidth/computationally limited device, and an insecure, but computationally powerful host. We give formal definitions for RKAE, which we believe are simpler and more natural than all the previous definitions. We then show that our composition paradigm satisfies our (very strong) definition. Namely, for authenticated encryption, the host simply sends a short value b to the device (which stores the actual secret key for AE), gets back AE(b), and outputs 〈AE(b), h〉 (authenticated decryption is similar). Finally, we also observe that the particular schemes of [13,17] are all special examples of our general paradigm.