Sciweavers

EUROCRYPT
2006
Springer

A Provable-Security Treatment of the Key-Wrap Problem

14 years 4 months ago
A Provable-Security Treatment of the Key-Wrap Problem
Abstract. We give a provable-security treatment for the key-wrap problem, providing definitions, constructions, and proofs. We suggest that key-wrap's goal is security in the sense of deterministic authenticated-encryption (DAE), a notion that we put forward. We also provide an alternative notion, a pseudorandom injection (PRI), which we prove to be equivalent. We provide a DAE construction, SIV, analyze its concrete security, develop a blockcipher-based instantiation of it, and suggest that the method makes a desirable alternative to the schemes of the X9.102 draft standard. The construction incorporates a method to turn a PRF that operates on a string into an equally efficient PRF that operates on a vector of strings, a problem of independent interest. Finally, we consider IVbased authenticated-encryption (AE) schemes that are maximally forgiving of repeated IVs, a goal we formalize as misuse-resistant AE. We show that a DAE scheme with a vector-valued header, such as SIV, direc...
Phillip Rogaway, Thomas Shrimpton
Added 22 Aug 2010
Updated 22 Aug 2010
Type Conference
Year 2006
Where EUROCRYPT
Authors Phillip Rogaway, Thomas Shrimpton
Comments (0)