Sciweavers

CCS
2010
ACM

On the soundness of authenticate-then-encrypt: formalizing the malleability of symmetric encryption

13 years 11 months ago
On the soundness of authenticate-then-encrypt: formalizing the malleability of symmetric encryption
A communication channel from an honest sender A to an honest receiver B can be described as a system with three interfaces labeled A, B, and E (the adversary), respectively, where the security properties of the channel are characterized by the capabilities provided at the E-interface. A security mechanism, such as encryption or a message authentication code (MAC), can be seen as the transformation of a certain type of channel into a stronger type of channel, where the term "transformation" refers to a natural simulation-based definition. For example, the main purpose of a MAC can be regarded as transforming an insecure into an authenticated channel, and encryption then corresponds to transforming an authenticated into a fully secure channel; this is the well-known Encrypt-then-Authenticate (EtA) paradigm. In the dual paradigm, Authenticate-then-Encrypt (AtE), encryption first transforms an insecure into a confidential channel, and a MAC transforms this into a secure channel....
Ueli Maurer, Björn Tackmann
Added 06 Dec 2010
Updated 06 Dec 2010
Type Conference
Year 2010
Where CCS
Authors Ueli Maurer, Björn Tackmann
Comments (0)