Unconditionally secure chaffing and winnowing for multiple use
This presentation is the property of its rightful owner.
Sponsored Links
1 / 31

Unconditionally Secure Chaffing-and-Winnowing for Multiple Use PowerPoint PPT Presentation


  • 38 Views
  • Uploaded on
  • Presentation posted in: General

Unconditionally Secure Chaffing-and-Winnowing for Multiple Use. Wataru Kitada 1 , Goichiro Hanaoka 2 , Kanta Matsuura 1 , Hideki Imai 2 1. IIS, the University of Tokyo 2. RCIS, AIST. Overview of This Work. We show:.

Download Presentation

Unconditionally Secure Chaffing-and-Winnowing for Multiple Use

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Unconditionally secure chaffing and winnowing for multiple use

Unconditionally Secure Chaffing-and-Winnowing for Multiple Use

Wataru Kitada1, Goichiro Hanaoka2, Kanta Matsuura1, Hideki Imai2

1. IIS, the University of Tokyo2. RCIS, AIST


Overview of this work

Overview of This Work

We show:

  • Detailed analysis of Chaffing-and-Winnowing (C&W) under multiple-use setting

  • More efficient Chaffing-and-Winnowing

    • C&W for n-time use from n-spoofing secure A-code

    • practical C&W from A-code with a specific property


Contents

Contents

  • Overview

  • Unconditionally Secure C&W for Multiple Use

  • C&W with one authentication tag

  • Future Work and Conclusion


Unconditionally secure chaffing and winnowing for multiple use

  • Overview

    • Chaffing and Winnowing

    • Previous Work

    • Our Contribution

  • Unconditionally Secure C&W for Multiple Use

  • C&W with one authentication tag

  • Future Work and Conclusion


Chaffing and winnowing c w

Chaffing-and-Winnowing (C&W)

  • A technique to achieve confidentiality without using encryption when sending data over an insecure channel.

  • Proposed by R. Rivest

    “Chaffing and winnowing: confidentiality without encryption” http://theory.lcs.mit.edu/~rivest/publications.html


Basic idea

Basic Idea

  • Send plaintext directly

  • No encryption is performed

  • Send dummies with the plaintext. chaff

  • Only one of the plaintext is authentic, the other ones are dummies

  • Receiver can distinguish plaintext (wheat) from dummies (chaff). winnow

  • Being able to distinguish plaintext from dummies would require an adversary to know the secret key.


Chaffing and winnowing

Chaffing-and-Winnowing

  • Example

    • Authentication code (A-code) : Ak(M)

    • Plaintext: “Hi Bob”

“Hi Bob”

(“Hi Bob”,A1),(“Hi Larry”,A2)

ComputeAk(“Hi Bob”) and Ak(“Hi Larry”)CompareAk(“Hi Bob”) and A1,Ak(“Hi Larry”) and A2

A1=Ak(“Hi Bob”)A2=Ak’(“Hi Larry”)


Previous work

Previous Work

  • Bellare and Boldyreva, ASIACRYPT 2000

    • Showed the security of C&W in the computationally secure setting

  • Hanaoka et al., AAECC 2006 (HHHWI06)

    • Showed the security of C&W in the unconditinally secure setting


Main result of hhhwi06

Main Result of HHHWI06

We can achieve:

Theorem 1

Impersonation- secure A-code

Perfectly secure encryption

C&W

Theorem 2

Impersonation- and substitution- secure A-code

Perfectly secure andNon-Malleableencryption

C&W


Related work

Related Work

  • Stinson, manuscript, 2006

    • “Unconditionally secure chaffing and winnowing with short authentication tags”

    • construct C&W from short authentication tags

Impersonation- secureA-code

with short tag

Perfectly secure encryption

C&W


Our contribution

Our Contribution

  • Our work is extension of HHHWI06

    • HHHWI06 only consider the case in one-time use

  • Then, we extend for multiple use

    • In other words, to generalize the HHHWI06

    • Detailed analysis of C&W under multiple-use setting

      • construct unconditionally secure C&W for multiple use

      • show C&W with one authentication tag


One time multiple use

One-time/Multiple Use

One-time use

Multiple use


Unconditionally secure chaffing and winnowing for multiple use

  • Overview

  • Unconditionally Secure C&W for Multiple Use

    • Security Notions

    • Our Result

    • Construction and Comparison

  • C&W with one authentication tag

  • Future Work and Conclusion


Security on a code

Security on A-code

n-Spoofing

Impersonation

Substitution


Perfect security

Perfect Security

n-Perfect Security (n-PS)

Perfect Security


Non malleability 1 2

Non-Malleability (1/2)

  • An adversary is given n ciphertexts

  • Corresponding plaintexts are

  • Non-Malleability:

    • inability to generate a ciphertextwhose plaintext is related to

      • for example

    • Definition


Non malleability 2 2

Non-Malleability (2/2)

n-Non-Malleability (n-NM)

Non-Malleability


Our results 1 3

Our Results (1/3)

  • Construct unconditionally secure C&W for multiple use

    • from n-spoofing secure A-code to n-perfectly secure (n-PS) encryption

    • from (n+1)-spoofing secure A-code to n-perfectly secure (n-PS) and n-Non-Malleable (n-NM) encryption


Our results 2 3

Our Results (2/3)

n-spoofing secure A-code

n-PS encryption

C&W

(n+1)-spoofing secure A-code

n-PS andn-NM encryption

C&W


Our results 3 3

Our Results (3/3)

HHHWI06

Imp A-code

n-spoofing secure A-code

PS encryption

n-PS encryption

C&W

C&W

Our Result

Imp and Sub A-code

(n+1)-spoofing secure A-code

PS and NMencryption

n-PS andn-NMencryption

C&W

C&W


Construction

Construction


Comparison

Comparison


Unconditionally secure chaffing and winnowing for multiple use

  • Overview

  • Unconditionally Secure C&W for Multiple Use

  • C&W with one authentication tag

  • Future Work and Conclusion


Overview 1 2

Overview (1/2)

  • C&W with one authentication tag

    • If the underlying A-code has a specific property, we can construct C&W with one authentication tag

n-Spf A-code with a specific property

n-PS encryption with one tag

C&W

(n+1)-Spf A-code with a specific property

n-PS andn-NM encryption with one tag

C&W


Overview 2 2

Overview (2/2)

  • From this result, we can see that theseA-codes can be seen as conventional encryptions

    • we prove that to send one tag corresponding to the message is secure

Authentication

Encryption

Can be seen as


The specific property

The specific property

  • “For all a, there exists at least one k such that, for all m, Ak(m)=a”

  • There exists an example of an A-code which is n-Spoofing secure and has this property

For example:


Construction1

Construction


Comparison1

Comparison

The construction with one tag is practical


Unconditionally secure chaffing and winnowing for multiple use

  • Overview

  • Unconditionally Secure C&W for Multiple Use

  • C&W with one authentication tag

  • Future Work and Conclusion


Future work

Future Work

  • Remove the restriction that(like Stinson’s work)

    • In [Stinson’06], C&W is constructed from A-code with short tags (more weak A-code)

    • [Stinson’06]D.R. Stinson, “Unconditionally secure chaffing and winnowing with short authentication tags,” Cryptology ePrint Archive, Report 2006/189, 2006.


Conclusion

Conclusion

  • Detailed analysis of C&W under multiple-use setting

    • from n-Spf secure A-code to n-PS encryption

    • from (n+1)-Spf secure A-code to n-PS and n-NM encryption

  • More efficient Chaffing-and-Winnowing

    • C&W for n-time use from n-spoofing secure A-code

    • practical C&W from A-code with a specific property

      • provide same function as conventional encryption


  • Login