How to Encrypt with a Malicious Random Number Generator
نویسندگان
چکیده
Chosen-plaintext attacks on private-key encryption schemes are currently modeled by giving an adversary access to an oracle that encrypts a given message m using random coins that are generated uniformly at random and independently of anything else. This leaves open the possibility of attacks in case the random coins are poorly generated (e.g., using a faulty random number generator), or are under partial adversarial control (e.g., when encryption is done by lightweight devices that may be captured and tampered with). We introduce new notions of security modeling such attacks, propose two concrete schemes meeting our definitions, and show generic transformations for achieving security in this context.
منابع مشابه
Auditing Cryptography: Assessing System Security
Steve Stanek 78.1 Assessing Risk ..................................................................... 1023 78.2 Encryption’s Number-One Problem: Keeping Keys Secret........................................................................... 1024 78.3 Encryption’s Number-One Rule........................................ 1024 78.4 Remember to Encrypt E-Mail ...........................................
متن کاملThe Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?)
We study the question of how to generically compose symmetric encryption and authentication when building “secure channels” for the protection of communications over insecure networks. We show that any secure channels protocol designed to work with any combination of secure encryption (against chosen plaintext attacks) and secure MAC must use the encrypt-then-authenticate method. We demonstrate...
متن کاملOn Sufficient Randomness for Secure Public-Key Cryptosystems
In this paper, we consider what condition is sufficient for random inputs to secure probabilistic public-key encryption schemes. Although a framework given in [16] enables us to discuss uniformly and comprehensively security notions of public-key encryption schemes even for the case where cryptographically weak pseudorandom generator is used as random nonce generator to encrypt single plaintext...
متن کاملLecture 4 , Stretching PRGs , Hashing , Chosen Plaintext Security
Intuition . The intuition is that the ciphertext is indistinguishable from a truly random string of length 2n in eyes of computationally bounded adversaries. And as it is indistinguishable, it practically works like a one-time pad. Indeed, since k is chosen randomly, so g(k) will also generate a pseudo random number therefore we can substitute it to a one-time pad encryption where we had a trul...
متن کاملDeveloping a Strong Cipher
The vigenere is weak because of key periodicity, but the fake one-time pad based on a random number generator removes that periodicity. This fake one-time pad, however, requires seed-based random number generation and it is therefore a mathematical linear sequence, which lends itself to various flaws as well. I propose that the vigenere can be modified from its base implementation, without rely...
متن کامل