Best effort and practice activation codes

Authors:
Gerhard de Koning Gans;Eric R. Verheul
Affiliations:
Institute for Computing and Information Sciences, Radboud University Nijmegen, Nijmegen, The Netherlands;Institute for Computing and Information Sciences, Radboud University Nijmegen, Nijmegen, The Netherlands and PricewaterhouseCoopers Advisory, Amsterdam, The Netherlands
Venue:
TrustBus'11 Proceedings of the 8th international conference on Trust, privacy and security in digital business
Year:
2011

Citing 15
Cited 0

How to construct pseudorandom permutations from pseudorandom functions

SIAM Journal on Computing - Special issue on cryptography
Secure and lightweight advertising on the Web

WWW '99 Proceedings of the eighth international conference on World Wide Web
Distributed digital-ticket management for rights trading system

Proceedings of the 1st ACM conference on Electronic commerce
Copy prevention scheme for rights trading infrastructure

Proceedings of the fourth working conference on smart card research and advanced applications on Smart card research and advanced applications
A lightweight protocol for the generation and distribution of secure e-coupons

Proceedings of the 11th international conference on World Wide Web
Pseudorandomness and Cryptographic Applications

Pseudorandomness and Cryptographic Applications
Ciphers with Arbitrary Finite Domains

CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Online Advertising: Secure E-coupons

ICTCS '01 Proceedings of the 7th Italian Conference on Theoretical Computer Science
New Results on Pseudorandom Permutation Generators Based on the DES Scheme

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
About Feistel Schemes with Six (or More) Rounds

FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
Secure E-Coupons

Electronic Commerce Research
Elastic block ciphers: the basic design

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Sales promotions on the internet

WOEC'98 Proceedings of the 3rd conference on USENIX Workshop on Electronic Commerce - Volume 3
How to Encipher Messages on a Small Domain

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
KATAN and KTANTAN -- A Family of Small and Efficient Hardware-Oriented Block Ciphers

CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Activation Codes are used in many different digital services and known by many different names including voucher, e-coupon and discount code. In this paper we focus on a specific class of ACs that are short, human-readable, fixed-length and represent value. Even though this class of codes is extensively used there are no general guidelines for the design of Activation Code schemes. We discuss different methods that are used in practice and propose BEPAC, a new Activation Code scheme that provides both authenticity and confidentiality. The small message space of activation codes introduces some problems that are illustrated by an adaptive chosen-plaintext attack (CPA-2) on a general 3-round Feistel network of size 22n. This attack recovers the complete permutation from at most 2n+2 plaintext-ciphertext pairs. For this reason, BEPAC is designed in such a way that authenticity and confidentiality are independent properties, i.e. loss of confidentiality does not imply loss of authenticity.