Authenticated encryption

Authenticated encryption

Authenticated Encryption (AE) is a term used to describe encryption systems which simultaneously protect confidentiality and authenticity (integrity) of communications. These goals have long been studied, but they have only recently enjoyed a high level of interest from cryptographers due to the complexity of implementing systems for privacy and authentication separately in a single application.

In addition to protecting message integrity and confidentiality, authenticated encryption can provide plaintext awareness and security against chosen ciphertext attack. In these attacks, an adversary attempts to gain an advantage against a cryptosystem (e.g., information about the secret decryption key) by submitting carefully chosen ciphertexts to some "decryption oracle" and analyzing the decrypted results. Authenticated encryption schemes can recognize improperly-constructed ciphertexts and refuse to decrypt them. This in turn prevents the attacker from requesting the decryption of any ciphertext unless he generated it correctly using the encryption algorithm, which would imply that he already knows the plaintext. Implemented correctly, this removes the usefulness of the decryption oracle, by preventing an attacker from gaining useful information that he does not already possess.

Many specialized authenticated encryption modes have been developed for use with symmetric block ciphers. However, authenticated encryption can be generically constructed by combining an encryption scheme and a Message Authentication Code (MAC), provided that the encryption scheme is semantically secure under chosen plaintext attack and the MAC function is unforgeable under chosen message attack. Bellare and Namprempre (2000) analyzed three compositions of these primitives, and demonstrated that encrypting a message and subsequently applying a MAC to the ciphertext implies security against adaptive chosen ciphertext attack, provided that both functions meet the required properties.

ee also

* CCM mode
* CWC mode
* OCB mode
* EAX mode
* GCM Mode

=References=
* Citation
first = M. | last = Bellare | first2 = C. | last2 = Namprempre
title = Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm
journal = Extended abstract in Advances in Cryptology: Asiacrypt 2000 Proceedings
series = Lecture Notes in Computer Science | volume = 1976 | editor = T. Okamoto | publisher = Springer-Verlag | year = 2000


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Authenticated Identity Body — or AIB is a way of sharing authenticated identity among parties in a network, allowing a party in a SIP transaction to cryptographically sign the headers that assert the identity of the originator of a message, and provide some other headers… …   Wikipedia

  • Password-authenticated key agreement — In cryptography, a password authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party s knowledge of a password. Contents 1 Types 2 Brief history 3 See also …   Wikipedia

  • AEAD block cipher modes of operation — Authenticated Encryption with Associated Data (AEAD) is a class of block cipher modes which encrypt (parts of) the message and authenticate the message simultaneously. Interest in these modes was sparked by the publication of Charanjit Jutla s… …   Wikipedia

  • Block cipher modes of operation — This article is about cryptography. For method of operating , see modus operandi. In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.[1][2] A block cipher by itself… …   Wikipedia

  • OCB mode — (Offset Codebook Mode) is a mode of operation for cryptographic block ciphers. Contents 1 Encryption and authentication 2 Performance 3 Patents 4 See also …   Wikipedia

  • EAX mode — is a mode of operation for cryptographic block ciphers. It is an Authenticated Encryption with Associated Data (AEAD) algorithm designed to simultaneously protect both authentication and privacy of the message (Authenticated encryption) with a… …   Wikipedia

  • VEST — High Level Structure of VEST General Designers Sean O Neil First published June 13, 2005 Cipher deta …   Wikipedia

  • CCM mode — (Counter with CBC MAC) is a mode of operation for cryptographic block ciphers. It is an authenticated encryption algorithm designed to provide both authentication and privacy. CCM mode is only defined for block ciphers with a block length of 128… …   Wikipedia

  • Key Wrap — constructions are a class of symmetric encryption algorithms designed to encapsulate (encrypt) cryptographic key material. The Key Wrap algorithms are intended for applications such as (a) protecting keys while in untrusted storage, or (b)… …   Wikipedia

  • IEEE P1619 — is an Institute of Electrical and Electronics Engineers (IEEE) standardization project for encryption of stored data, but more generically refers to the work of the IEEE P1619 Security in Storage Working Group (SISWG), which includes a family of… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”