Please use this identifier to cite or link to this item: http://dspace.iitrpr.ac.in:8080/xmlui/handle/123456789/2538
Full metadata record
DC FieldValueLanguage
dc.contributor.authorChang, D.-
dc.contributor.authorDatta, N.-
dc.contributor.authorDutta, A.-
dc.contributor.authorMennink, B.-
dc.contributor.authorNandi, M.-
dc.contributor.authorSanadhya, S.-
dc.contributor.authorSibleyras, F.-
dc.date.accessioned2021-08-28T09:55:46Z-
dc.date.available2021-08-28T09:55:46Z-
dc.date.issued2021-08-28-
dc.identifier.urihttp://localhost:8080/xmlui/handle/123456789/2538-
dc.description.abstractAuthenticated encryption schemes are usually expected to offer confidentiality and authenticity. In case of release of unverified plaintext (RUP), an adversary gets separated access to the decryption and verification functionality, and has more power in breaking the scheme. Andreeva et al. (ASIACRYPT 2014) formalized RUP security using plaintext awareness, informally meaning that the decryption functionality gives no extra power in breaking confidentiality, and INT-RUP security, covering authenticity in case of RUP. We describe a single, unified model, called AERUP security, that ties together these notions: we prove that an authenticated encryption scheme is AERUP secure if and only if it is conventionally secure, plaintext aware, and INT-RUP secure. We next present ANYDAE, a generalization of SUNDAE of Banik et al. (ToSC 2018/3). ANYDAE is a lightweight deterministic scheme that is based on a block cipher with block size n and arbitrary mixing functions that all operate on an n-bit state. It is particularly efficient for short messages, it does not rely on a nonce, and it provides maximal robustness to a lack of secure state. Whereas SUNDAE is not secure under release of unverified plaintext (a fairly simple attack can be mounted in constant time), ANYDAE is. We make handy use of the AERUP security model to prove that ANYDAE achieves both conventional security as RUP security, provided that certain modest conditions on the mixing functions are met. We describe two simple instances, called MONDAE and TUESDAE, that conform to these conditions and that are competitive with SUNDAE, in terms of efficiency and optimality.en_US
dc.language.isoen_USen_US
dc.subjectauthenticated encryptionen_US
dc.subjectrelease of unverified plaintexten_US
dc.subjectAERUPen_US
dc.subjectgeneralizationen_US
dc.subjectSUNDAEen_US
dc.subjectANYDAEen_US
dc.subjectMONDAEen_US
dc.subjectTUESDAEen_US
dc.titleRelease of unverified plaintext: tight unified model and application to ANYDAEen_US
dc.typeArticleen_US
Appears in Collections:Year-2019

Files in This Item:
File Description SizeFormat 
Full Text.pdf630.07 kBAdobe PDFView/Open    Request a copy


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.