Turning Online Ciphers Off
نویسندگان
چکیده
CAESAR has caused a heated discussion regarding the merits of one-pass encryption and online ciphers. The latter is a keyed, length preserving function which outputs ciphertext blocks as soon as the respective plaintext block is received. The immediacy of an online cipher gives a clear performance advantage, yet it comes at a price. Since ciphertext blocks cannot depend on later plaintext blocks, diffusion and hence security is limited. We show how one can attain the best of both worlds by providing provably secure constructions, achieving full cipher security, based on applying an online cipher and reordering blocks. Explicitly, we show that with just two calls to the online cipher, security up to the birthday bound is both attainable and maximal. Moreover, we demonstrate that three calls to the online cipher suffice to obtain beyond birthday bound security, and (for suitably long messages) arbitrarily strong security. As part of our investigation, we extend an observation by Rogaway and Zhang, highlighting the close relationship between online ciphers and tweakable blockciphers with variable-length tweaks.
منابع مشابه
Revisiting Turning Online Cipher Off
In [1], a class of constructions was defined based on layers of secure online ciphers interleaved with simple mixing layers (like reversing and block-shifting). Here we show that an SPRP construction proposed in the work cited is insecure. Howevewr, the same construction is secure under the assumption that the underlying construction is online-but-last ciphers. We include a simpler proof for be...
متن کاملBreaking the Estream Finalists and AES Modes of Operation Faster than Exhaustive Search
Time-memory-data (TMD) trade-off attack is a wellstudied technique that has been applied on many stream and block ciphers. Current TMD attacks by Biryukov-Shamir (BSTMD), Hong-Sarkar (HS-TMD) and Dunkelman-Keller (DKTMD) has been applied to ciphers like Grain-v1 and AES-192/256 modes of operation to break them with online complexity faster than exhaustive search. However, there is still a limit...
متن کاملA General Framework for Guess-and-Determine and Time-Memory-Data Trade-Off Attacks on Stream Ciphers
In this paper, we present a framework for guess-and-determine attack on stream ciphers that relies on guessing part of the internal state and solving for the remaining unknown cipher state based on known keystream bits. We show that this basic attack can always be extended to a Time-Memory-Data (TMD) Trade-Off attack. This allows us to easily extend any guess-and-determine attack to a guess-and...
متن کاملThroughput/code size trade-off for stream ciphers
The profile 1 submissions to the eSTREAM call for stream ciphers aim at achieving a high throughput in software. But, for the embedded systems, the trade-off between the throughput and the code size is more critical. We here study the ROM footprints of several eSTREAM stream ciphers on an ARM920T processor. Most notably we propose some modifications in the implementations of several ciphers whi...
متن کاملCoronavirus and medical education: Getting change and turning to new education paradigm: the need for scaffolding learning in online training
Coronavirus pandemic has caused extensive changes in various fields. Education is one challenging and necessary dimension to be paid attention by policymakers and considered as a necessity. Due to changes in the methods and styles of providing medical education from face-to-face to virtual training, and due to its novelty in our country and several challenges ahead, it is necessary to take meas...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Trans. Symmetric Cryptol.
دوره 2017 شماره
صفحات -
تاریخ انتشار 2015