A Provable-Security Treatment of the Key-Wrap Problem

14 years 3 months ago

Download www.iacr.org

Abstract. We give a provable-security treatment for the key-wrap problem, providing definitions, constructions, and proofs. We suggest that key-wrap's goal is security in the sense of deterministic authenticated-encryption (DAE), a notion that we put forward. We also provide an alternative notion, a pseudorandom injection (PRI), which we prove to be equivalent. We provide a DAE construction, SIV, analyze its concrete security, develop a blockcipher-based instantiation of it, and suggest that the method makes a desirable alternative to the schemes of the X9.102 draft standard. The construction incorporates a method to turn a PRF that operates on a string into an equally efficient PRF that operates on a vector of strings, a problem of independent interest. Finally, we consider IVbased authenticated-encryption (AE) schemes that are maximally forgiving of repeated IVs, a goal we formalize as misuse-resistant AE. We show that a DAE scheme with a vector-valued header, such as SIV, direc...

Phillip Rogaway, Thomas Shrimpton

Real-time Traffic

Cryptology | EUROCRYPT 2006 | Key-wrap Problem | Key-wrap's Goal | Provable-security Treatment |

claim paper

Post Info
More Details (n/a)

Added	22 Aug 2010
Updated	22 Aug 2010
Type	Conference
Year	2006
Where	EUROCRYPT
Authors	Phillip Rogaway, Thomas Shrimpton

Comments (0)

Sciweavers

A Provable-Security Treatment of the Key-Wrap Problem

Cryptology | EUROCRYPT 2006 | Key-wrap Problem | Key-wrap's Goal | Provable-security Treatment |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers