Does Encryption with Redundancy Provide Authenticity?

Authors:
Jee Hea An;Mihir Bellare
Affiliations:
-;-
Venue:
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Year:
2001

Citing 19
Cited 6

A high speed manipulation detection code

Proceedings on Advances in cryptology---CRYPTO '86
How to construct pseudorandom permutations from pseudorandom functions

SIAM Journal on Computing - Special issue on cryptography
Non-malleable cryptography

STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
Complete characterization of security notions for probabilistic private-key encryption

STOC '00 Proceedings of the thirty-second annual ACM symposium on Theory of computing
The security of the cipher block chaining message authentication code

Journal of Computer and System Sciences
Handbook of Applied Cryptography

Handbook of Applied Cryptography
UMAC: Fast and Secure Message Authentication

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Non-malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
LFSR-based Hashing and Authentication

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Bucket Hashing and its Application to Fast Message Authentication

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Keying Hash Functions for Message Authentication

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Universal Hashing and Multiple Authentication

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Does Encryption with Redundancy Provide Authenticity?

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
MMH: Software Message Authentication in the Gbit/Second Rates

FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
A Concrete Security Treatment of Symmetric Encryption

FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Message Authentication with Manipulation Detection Code

SP '83 Proceedings of the 1983 IEEE Symposium on Security and Privacy

On the Security of CTR + CBC-MAC

SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Does Encryption with Redundancy Provide Authenticity?

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
On the Security of Joint Signature and Encryption

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
FPGA Intrinsic PUFs and Their Use for IP Protection

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
A provable-security treatment of the key-wrap problem

EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
The low-call diet: authenticated encryption for call counting HSM users

CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

A popular paradigm for achieving privacy plus authenticity is to append some "redundancy" to the data before encrypting. We investigate the security of this paradigm at both a general and a specific level. We consider various possible notions of privacy for the base encryption scheme, and for each such notion we provide a condition on the redundancy function that is necessary and sufficient to ensure authenticity of the encryption-with-redundancy scheme. We then consider the case where the base encryption scheme is a variant of CBC called NCBC, and find sufficient conditions on the redundancy functions for NCBC encryption-with-redundancy to provide authenticity. Our results highlight an important distinction between public redundancy functions, meaning those that the adversary can compute, and secret ones, meaning those that depend on the shared key between the legitimate parties.