Onion-AE: Foundations of Nested Encryption
نویسندگان
چکیده
Nested symmetric encryption is a well-known technique for low-latency communication privacy. But just what problem does this technique aim to solve? In answer, we provide a provable-security treatment for onion authenticated-encryption (onion-AE). Extending the conventional notion for authenticated-encryption, we demand indistinguishability from random bits and time-of-exit authenticity verification. We show that the encryption technique presently used in Tor does not satisfy our definition of onion-AE security, but that a construction by Mathewson (2012), based on a strong, tweakable, wideblock PRP, does do the job. We go on to discuss three extensions of onion-AE, giving definitions to handle inbound flows, immediate detection of authenticity errors, and corrupt ORs.
منابع مشابه
Improving Onion Notation
Several different notations are used in the literature of MIX networks to describe the nested encrypted structures now widely known as “onions”. The shortcomings of these notations are described and a new notation is proposed, that as well as having some advantages from a typographical point of view, is also far clearer to read and to reason about. The proposed notation generated a lively debat...
متن کاملUntagging Tor: A Formal Treatment of Onion Encryption
Tor is a primary tool for maintaining anonymity online. It provides a low-latency, circuit-based, bidirectional secure channel between two parties through a network of onion routers, with the aim of obscuring exactly who is talking to whom, even to adversaries controlling part of the network. Tor relies heavily on cryptographic techniques, yet its onion encryption scheme is susceptible to taggi...
متن کاملAn Encrypted In-Memory Column-Store: The Onion Selection Problem
Processing encrypted queries in the cloud has been extended by CryptDB’s approach of adjustable onion encryption. This adjustment of the encryption entails a translation of an SQL query to an equivalent query on encrypted data. We investigate in more detail this translation and in particular the problem of selecting the right onion layer. Our algorithm extends CryptDB’s approach by three new fu...
متن کاملA Formal Treatment of Onion Routing
Anonymous channels are necessary for a multitude of privacy-protecting protocols. Onion routing is probably the best known way to achieve anonymity in practice. However, the cryptographic aspects of onion routing have not been sufficiently explored: no satisfactory definitions of security have been given, and existing constructions have only had ad-hoc security analysis for the most part. We pr...
متن کاملOnion ORAM: A Constant Bandwidth Blowup Oblivious RAM
We present Onion ORAM, an Oblivious RAM (ORAM) with constant worst-case bandwidthblowup that leverages poly-logarithmic server computation to circumvent the logarithmic lowerbound on ORAM bandwidth blowup. Our construction does not require fully homomorphicencryption, but employs an additively homomorphic encryption scheme such as the Damg̊ard-Jurik cryptosystem, or alternatively...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2018 شماره
صفحات -
تاریخ انتشار 2018