unconditionally secure chaffing and winnowing for multiple use
Download
Skip this Video
Download Presentation
Unconditionally Secure Chaffing-and-Winnowing for Multiple Use

Loading in 2 Seconds...

play fullscreen
1 / 31

Unconditionally Secure Chaffing-and-Winnowing for Multiple Use - PowerPoint PPT Presentation


  • 61 Views
  • Uploaded on

Unconditionally Secure Chaffing-and-Winnowing for Multiple Use. Wataru Kitada 1 , Goichiro Hanaoka 2 , Kanta Matsuura 1 , Hideki Imai 2 1. IIS, the University of Tokyo 2. RCIS, AIST. Overview of This Work. We show:.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Unconditionally Secure Chaffing-and-Winnowing for Multiple Use' - kendra


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
unconditionally secure chaffing and winnowing for multiple use

Unconditionally Secure Chaffing-and-Winnowing for Multiple Use

Wataru Kitada1, Goichiro Hanaoka2, Kanta Matsuura1, Hideki Imai2

1. IIS, the University of Tokyo2. RCIS, AIST

overview of this work
Overview of This Work

We show:

  • Detailed analysis of Chaffing-and-Winnowing (C&W) under multiple-use setting
  • More efficient Chaffing-and-Winnowing
    • C&W for n-time use from n-spoofing secure A-code
    • practical C&W from A-code with a specific property
contents
Contents
  • Overview
  • Unconditionally Secure C&W for Multiple Use
  • C&W with one authentication tag
  • Future Work and Conclusion
slide4

Overview

    • Chaffing and Winnowing
    • Previous Work
    • Our Contribution
  • Unconditionally Secure C&W for Multiple Use
  • C&W with one authentication tag
  • Future Work and Conclusion
chaffing and winnowing c w
Chaffing-and-Winnowing (C&W)
  • A technique to achieve confidentiality without using encryption when sending data over an insecure channel.
  • Proposed by R. Rivest

“Chaffing and winnowing: confidentiality without encryption” http://theory.lcs.mit.edu/~rivest/publications.html

basic idea
Basic Idea
  • Send plaintext directly
  • No encryption is performed
  • Send dummies with the plaintext. chaff
  • Only one of the plaintext is authentic, the other ones are dummies
  • Receiver can distinguish plaintext (wheat) from dummies (chaff). winnow
  • Being able to distinguish plaintext from dummies would require an adversary to know the secret key.
chaffing and winnowing
Chaffing-and-Winnowing
  • Example
    • Authentication code (A-code) : Ak(M)
    • Plaintext: “Hi Bob”

“Hi Bob”

(“Hi Bob”,A1),(“Hi Larry”,A2)

ComputeAk(“Hi Bob”) and Ak(“Hi Larry”)CompareAk(“Hi Bob”) and A1,Ak(“Hi Larry”) and A2

A1=Ak(“Hi Bob”)A2=Ak’(“Hi Larry”)

previous work
Previous Work
  • Bellare and Boldyreva, ASIACRYPT 2000
    • Showed the security of C&W in the computationally secure setting
  • Hanaoka et al., AAECC 2006 (HHHWI06)
    • Showed the security of C&W in the unconditinally secure setting
main result of hhhwi06
Main Result of HHHWI06

We can achieve:

Theorem 1

Impersonation- secure A-code

Perfectly secure encryption

C&W

Theorem 2

Impersonation- and substitution- secure A-code

Perfectly secure andNon-Malleableencryption

C&W

related work
Related Work
  • Stinson, manuscript, 2006
    • “Unconditionally secure chaffing and winnowing with short authentication tags”
    • construct C&W from short authentication tags

Impersonation- secureA-code

with short tag

Perfectly secure encryption

C&W

our contribution
Our Contribution
  • Our work is extension of HHHWI06
    • HHHWI06 only consider the case in one-time use
  • Then, we extend for multiple use
    • In other words, to generalize the HHHWI06
    • Detailed analysis of C&W under multiple-use setting
      • construct unconditionally secure C&W for multiple use
      • show C&W with one authentication tag
one time multiple use
One-time/Multiple Use

One-time use

Multiple use

slide13

Overview

  • Unconditionally Secure C&W for Multiple Use
    • Security Notions
    • Our Result
    • Construction and Comparison
  • C&W with one authentication tag
  • Future Work and Conclusion
security on a code
Security on A-code

n-Spoofing

Impersonation

Substitution

perfect security
Perfect Security

n-Perfect Security (n-PS)

Perfect Security

non malleability 1 2
Non-Malleability (1/2)
  • An adversary is given n ciphertexts
  • Corresponding plaintexts are
  • Non-Malleability:
    • inability to generate a ciphertextwhose plaintext is related to
      • for example
    • Definition
non malleability 2 2
Non-Malleability (2/2)

n-Non-Malleability (n-NM)

Non-Malleability

our results 1 3
Our Results (1/3)
  • Construct unconditionally secure C&W for multiple use
    • from n-spoofing secure A-code to n-perfectly secure (n-PS) encryption
    • from (n+1)-spoofing secure A-code to n-perfectly secure (n-PS) and n-Non-Malleable (n-NM) encryption
our results 2 3
Our Results (2/3)

n-spoofing secure A-code

n-PS encryption

C&W

(n+1)-spoofing secure A-code

n-PS andn-NM encryption

C&W

our results 3 3
Our Results (3/3)

HHHWI06

Imp A-code

n-spoofing secure A-code

PS encryption

n-PS encryption

C&W

C&W

Our Result

Imp and Sub A-code

(n+1)-spoofing secure A-code

PS and NMencryption

n-PS andn-NMencryption

C&W

C&W

slide23

Overview

  • Unconditionally Secure C&W for Multiple Use
  • C&W with one authentication tag
  • Future Work and Conclusion
overview 1 2
Overview (1/2)
  • C&W with one authentication tag
    • If the underlying A-code has a specific property, we can construct C&W with one authentication tag

n-Spf A-code with a specific property

n-PS encryption with one tag

C&W

(n+1)-Spf A-code with a specific property

n-PS andn-NM encryption with one tag

C&W

overview 2 2
Overview (2/2)
  • From this result, we can see that theseA-codes can be seen as conventional encryptions
    • we prove that to send one tag corresponding to the message is secure

Authentication

Encryption

Can be seen as

the specific property
The specific property
  • “For all a, there exists at least one k such that, for all m, Ak(m)=a”
  • There exists an example of an A-code which is n-Spoofing secure and has this property

For example:

comparison1
Comparison

The construction with one tag is practical

slide29

Overview

  • Unconditionally Secure C&W for Multiple Use
  • C&W with one authentication tag
  • Future Work and Conclusion
future work
Future Work
  • Remove the restriction that(like Stinson’s work)
    • In [Stinson’06], C&W is constructed from A-code with short tags (more weak A-code)
    • [Stinson’06]D.R. Stinson, “Unconditionally secure chaffing and winnowing with short authentication tags,” Cryptology ePrint Archive, Report 2006/189, 2006.
conclusion
Conclusion
  • Detailed analysis of C&W under multiple-use setting
    • from n-Spf secure A-code to n-PS encryption
    • from (n+1)-Spf secure A-code to n-PS and n-NM encryption
  • More efficient Chaffing-and-Winnowing
    • C&W for n-time use from n-spoofing secure A-code
    • practical C&W from A-code with a specific property
      • provide same function as conventional encryption
ad