Integrated Encryption Scheme

Integrated Encryption Scheme

Integrated Encryption Scheme (IES) is a hybrid encryption scheme which provides semantic security against an adversary who is allowed to use chosen-plaintext and chosen-ciphertext attacks. The security of the scheme is based on the Diffie–Hellman problem. Two incarnations of the IES are standardized: Discrete Logarithm Integrated Encryption Scheme (DLIES) and Elliptic Curve Integrated Encryption Scheme (ECIES), which is also known as the Elliptic Curve Augmented Encryption Scheme or simply the Elliptic Curve Encryption Scheme. These two incarnations are identical up to the change of an underlying group and so to be concrete we concentrate on the latter.

To send an encrypted message to Bob using ECIES Alice needs the following information:

  • cryptographic suite to be used:
    • KDF, e.g., ANSI-X9.63-KDF with SHA-1 option;
    • MAC, e.g., HMAC-SHA-1-160 with 160-bit keys or HMAC-SHA-1-80 with 80-bit keys;
    • symmetric encryption scheme E, e.g., TDEA in CBC mode or XOR encryption scheme;
  • EC domain parameters: (p,a,b,G,n,h) for a curve over prime field or (m,f(x),a,b,G,n,h) for a curve over binary field;
  • Bob's public key: KB (Bob generates it as follows: KB = kBG, where kB is the private key he chooses at random: k_B \in [1, n-1]);
  • optional shared information: S1 and S2.

To encrypt a message m Alice does the following:

  1. generates a random number r \in [1, n-1] and calculates R = rG;
  2. derives a shared secret: S = Px, where P = (Px,Py) = rKB (and P \ne O);
  3. uses KDF to derive a symmetric encryption and a MAC keys: k_E \| k_M = \textrm{KDF}(S\|S_1);
  4. encrypts the message: c = E(kE;m);
  5. computes the tag of encrypted message and S2: d = \textrm{MAC}(k_M; c \| S_2);
  6. outputs R \| c \| d.

To decrypt the ciphertext R \| c \| d Bob does the following:

  1. derives the shared secret: S = Px, where P = (Px,Py) = kBR (it is the same as the one Alice derived because P = kBR = kBrG = rkBG = rKB), or outputs failed if P = O;
  2. derives keys the same way as Alice did: k_E \| k_M = \textrm{KDF}(S\|S_1);
  3. uses MAC to check the tag and outputs failed if d \ne \textrm{MAC}(k_M; c \| S_2);
  4. uses symmetric encryption scheme to decrypt the message m = E − 1(kE;c).

References


v · d · e Public-key cryptography
Algorithms

Benaloh · Blum–Goldwasser · Cayley–Purser · CEILIDH · Cramer–Shoup · Damgård–Jurik · DH · DSA · EPOC · ECDH · ECDSA · EKE · ElGamal (encryption · signature scheme· GMR · Goldwasser–Micali · HFE · IES · Lamport · McEliece · Merkle–Hellman · MQV · Naccache–Stern · NTRUEncrypt · NTRUSign · Paillier · Rabin · RSA · Okamoto–Uchiyama · Schnorr · Schmidt–Samoa · SPEKE · SRP · STS · Three-pass protocol · XTR
Theory
Standardization

ANS X9F1 · CRYPTREC · IEEE P1363 · NESSIE · NSA Suite B
Topics
v · d · e Cryptography

Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Elliptic Curve Integrated Encryption Scheme — Das Elliptic Curve Integrated Encryption Scheme (ECIES) ist ein hybrides Verschlüsselungsverfahren, dem elliptische Kurven zugrunde liegen. Als Hybridverfahren kombiniert es ein asymmetrisches Verfahren, das zum Versenden eines symmetrischen… …   Deutsch Wikipedia

  • Advanced Encryption Standard — Infobox block cipher name = AES caption = The SubBytes step, one of four stages in a round of AES designers = Vincent Rijmen, Joan Daemen publish date = 1998 derived from = Square derived to = Anubis, Grand Cru related to = certification = AES… …   Wikipedia

  • Data Encryption Standard — The Feistel function (F function) of DES General Designers IBM First publis …   Wikipedia

  • Disk encryption theory — Disk encryption is a special case of data at rest protection when the storage media is a sector addressable device (e.g., a hard disk). This article presents cryptographic aspects of the problem. For discussion of different software packages and… …   Wikipedia

  • IEEE P1363 — is an Institute of Electrical and Electronics Engineers (IEEE) standardization project for public key cryptography. It includes specifications for: Traditional public key cryptography (IEEE Std 1363 2000 and 1363a 2004) Lattice based public key… …   Wikipedia

  • IEEE P1363 — IEEE P1363  проект Института инженеров по электротехнике и электронике (англ. Institute of Electrical and Electronics Engineers, IEEE) по стандартизации криптосистем с открытым ключом. Целью проекта было объединение опыта разработчиков… …   Википедия

  • Elliptic curve cryptography — (ECC) is an approach to public key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz[1] and Victor S. Miller[2] in 1985.… …   Wikipedia

  • Elliptic Curve Cryptography — Elliptische Kurve über Unter Elliptic Curve Cryptography (ECC) oder deutsch Elliptische Kurven Kryptographie versteht man asymmetrische Kryptosysteme, die Operationen auf elliptischen Kurven über endlichen Körpern v …   Deutsch Wikipedia

  • IES — The acronym IES can stand for:* Industrial Engineering Society * Illumination Engineering Society * Impact of Event Scale * Indian Economic Service * Indian Education Society * Indian Educational School * Indian Engineering Service * Infolab… …   Wikipedia

  • Bluetooth — This article is about the electronic protocol. For the medieval King of Denmark, see Harald I of Denmark. Bluetooth logo Bluetooth is a proprietary open wireless technology standard for exchanging data over short distances (using short wavelength …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”