Tight Lower Bound on Linear Authenticated Encryption
نویسنده
چکیده
We show that any scheme to encrypt m blocks of size n bits while assuring message integrity, that apart from using m + k invocations of random functions (from n bits to n bits) and vn bits of randomness, is linear in (GF 2) n , must have k + v at least (log m). This lower bound is proved in a very general model which rules out many promising linear modes of operations for encryption with message integrity. This lower bound is tight as 8] shows a linear scheme to encrypt m blocks while assuring message integrity by using only m + 2 + log m invocations of random permutations.
منابع مشابه
Artemia: a family of provably secure authenticated encryption schemes
Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the in...
متن کاملRSPAE: RFID Search Protocol based on Authenticated Encryption
Search protocols are among the main applications of RFID systems. Since a search protocol should be able to locate a certain tag among many tags, not only it should be secure against RFID threats but also it should be affordable. In this article, an RFID-based search protocol will be presented. We use an encryption technique that is referred to as authenticated encryption in order to boost the ...
متن کاملExact Maximum Expected Differential and Linear Probability for 2-Round Advanced Encryption Standard (AES)
Provable security of a block cipher against differential / linear cryptanalysis is based on the maximum expected differential / linear probability (MEDP / MELP) over T ≥ 2 core rounds. Over the past few years, several results have provided increasingly tight upper and lower bounds in the case T = 2 for the Advanced Encryption Standard (AES). We show that the exact value of the 2-round MEDP / ME...
متن کاملA bound for Feichtinger conjecture
In this paper, using the discrete Fourier transform in the finite-dimensional Hilbert space C^n, a class of nonRieszable equal norm tight frames is introduced and using this class, a bound for Fiechtinger Conjecture is presented. By the Fiechtinger Conjecture that has been proved recently, for given A,C>0 there exists a universal constant delta>0 independent of $n$ such that every C-equal...
متن کاملSecurity Proof of JAMBU under Nonce Respecting and Nonce Misuse Cases
JAMBU is an AEAD mode of operation which entered the third round of CAESAR competition. However, it does not have a security proof like other modes of operation do, and there was a cryptanalysis result that has overthrown the security claim under nonce misuse case by the designers. In this paper, we complement the shortage of the scheme by giving security proofs of JAMBU both under nonce respec...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2002 شماره
صفحات -
تاریخ انتشار 2002