McOE: A Foolproof On-Line Authenticated Encryption Scheme

McOE: A Foolproof On-Line Authenticated Encryption Scheme

Abstract: On-Line Authenticated Encryption (OAE) combines confidentiality with data integrity and is on-line computable. Most block cipher-based schemes for Authenticated Encryption can be run online and are provably secure against nonce-respecting adversaries. But they fail badly for more general adversaries. This is not a theoretical observation only – in practice, the reuse of nonces is a frequent issue. In recent years, cryptographers developed misuse-resistant schemes for Authenticated Encryption. These guarantee excellent security even against general adversaries which are allowed to reuse nonces. Their disadvantage is that encryption can be performed in an off-line way, only. This paper considers OAE schemes dealing both with nonce-respecting and with general adversaries. It introduces McOE, an efficient design for OAE schemes. The construction is based on a ’simple’ block cipher and is on-line computable. It provably guarantees reasonable security against general adversaries as well as standard security against nonce-respecting adversaries.

Introduction
On-Line Authenticated Encryption (OAE). Application software often requires a network channel that guarantees the privacy and authenticity of data being communicated between two parties. Cryptographic schemes able to meet both of these goals are commonly referred to as Authenticated Encryption (AE) schemes. The ISO/IEC 19772:2009 standard for AE [16] defines generic composition (Encrypt-then-MAC [3]) and five dedicated AE schemes: OCB2 [33], SIV [36] (denoted as “Key Wrap” in [16]), CCM [10], EAX [5], and GCM [29]. To integrate an AE-secure channel most seamlessly into a typical software architecture, application developers expect it to encrypt in an
on-line manner meaning that the i-th ciphertext block can be written before the (i+1)-th plaintext block has to be read. A restriction to off-line encryption, where usually the entire plaintext must be known in advance (or read more than once) is an encumbrance to software architects.

Category : secret-key cryptography / authenticated encryption, online encryption, provable security, misuse resistant.

[non commercial cryptographers] – Download this Papers

Some Words About Cryptographic Key Recognition In Data Streams

Some Words About Cryptographic Key Recognition In Data Streams

Abstract: Search for cryptographic keys in RAM is a new and prospective technology which can be used, primarily, in the computer forensics. In order to use it, a cryptanalyst must solve, at least, two problems: to create a memory dump from target machine and to distinguish target cryptographic keys from other data. The latter leads to a new mathematical task: <<recognition of cryptographic keys in the (random) data stream>>. The complexity of this task significantly depends on target cryptoalgorithm. For some algorithms (i.e. AES or Serpent) this task is trivial but for other ones it may be very hard. In this work we present effective algorithms of expanded key recognition for Blowfish and Twofish. As far as we know this task for these algorithms has never been considered before.

Author : Alexey Chilikov and Evgeny Alekseev

Category : side-channel attacks, live-memory analysis, digital forensics, blowfish, twofish. [non commercial cryptographers]

Download this Papers