Unconditionally secure chaffing and winnowing for multiple use
Download
1 / 31

Unconditionally Secure Chaffing-and-Winnowing for Multiple Use - PowerPoint PPT Presentation


  • 61 Views
  • Uploaded on

Unconditionally Secure Chaffing-and-Winnowing for Multiple Use. Wataru Kitada 1 , Goichiro Hanaoka 2 , Kanta Matsuura 1 , Hideki Imai 2 1. IIS, the University of Tokyo 2. RCIS, AIST. Overview of This Work. We show:.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Unconditionally Secure Chaffing-and-Winnowing for Multiple Use' - kendra


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Unconditionally secure chaffing and winnowing for multiple use

Unconditionally Secure Chaffing-and-Winnowing for Multiple Use

Wataru Kitada1, Goichiro Hanaoka2, Kanta Matsuura1, Hideki Imai2

1. IIS, the University of Tokyo2. RCIS, AIST


Overview of this work
Overview of This Work Use

We show:

  • Detailed analysis of Chaffing-and-Winnowing (C&W) under multiple-use setting

  • More efficient Chaffing-and-Winnowing

    • C&W for n-time use from n-spoofing secure A-code

    • practical C&W from A-code with a specific property


Contents
Contents Use

  • Overview

  • Unconditionally Secure C&W for Multiple Use

  • C&W with one authentication tag

  • Future Work and Conclusion


Unconditionally secure chaffing and winnowing for multiple use

  • Overview Use

    • Chaffing and Winnowing

    • Previous Work

    • Our Contribution

  • Unconditionally Secure C&W for Multiple Use

  • C&W with one authentication tag

  • Future Work and Conclusion


Chaffing and winnowing c w
Chaffing-and-Winnowing (C&W) Use

  • A technique to achieve confidentiality without using encryption when sending data over an insecure channel.

  • Proposed by R. Rivest

    “Chaffing and winnowing: confidentiality without encryption” http://theory.lcs.mit.edu/~rivest/publications.html


Basic idea
Basic Idea Use

  • Send plaintext directly

  • No encryption is performed

  • Send dummies with the plaintext. chaff

  • Only one of the plaintext is authentic, the other ones are dummies

  • Receiver can distinguish plaintext (wheat) from dummies (chaff). winnow

  • Being able to distinguish plaintext from dummies would require an adversary to know the secret key.


Chaffing and winnowing
Chaffing-and-Winnowing Use

  • Example

    • Authentication code (A-code) : Ak(M)

    • Plaintext: “Hi Bob”

“Hi Bob”

(“Hi Bob”,A1),(“Hi Larry”,A2)

ComputeAk(“Hi Bob”) and Ak(“Hi Larry”)CompareAk(“Hi Bob”) and A1,Ak(“Hi Larry”) and A2

A1=Ak(“Hi Bob”)A2=Ak’(“Hi Larry”)


Previous work
Previous Work Use

  • Bellare and Boldyreva, ASIACRYPT 2000

    • Showed the security of C&W in the computationally secure setting

  • Hanaoka et al., AAECC 2006 (HHHWI06)

    • Showed the security of C&W in the unconditinally secure setting


Main result of hhhwi06
Main Result of HHHWI06 Use

We can achieve:

Theorem 1

Impersonation- secure A-code

Perfectly secure encryption

C&W

Theorem 2

Impersonation- and substitution- secure A-code

Perfectly secure andNon-Malleableencryption

C&W


Related work
Related Work Use

  • Stinson, manuscript, 2006

    • “Unconditionally secure chaffing and winnowing with short authentication tags”

    • construct C&W from short authentication tags

Impersonation- secureA-code

with short tag

Perfectly secure encryption

C&W


Our contribution
Our Contribution Use

  • Our work is extension of HHHWI06

    • HHHWI06 only consider the case in one-time use

  • Then, we extend for multiple use

    • In other words, to generalize the HHHWI06

    • Detailed analysis of C&W under multiple-use setting

      • construct unconditionally secure C&W for multiple use

      • show C&W with one authentication tag


One time multiple use
One-time/Multiple Use Use

One-time use

Multiple use


Unconditionally secure chaffing and winnowing for multiple use

  • Overview Use

  • Unconditionally Secure C&W for Multiple Use

    • Security Notions

    • Our Result

    • Construction and Comparison

  • C&W with one authentication tag

  • Future Work and Conclusion


Security on a code
Security on A-code Use

n-Spoofing

Impersonation

Substitution


Perfect security
Perfect Security Use

n-Perfect Security (n-PS)

Perfect Security


Non malleability 1 2
Non-Malleability (1/2) Use

  • An adversary is given n ciphertexts

  • Corresponding plaintexts are

  • Non-Malleability:

    • inability to generate a ciphertextwhose plaintext is related to

      • for example

    • Definition


Non malleability 2 2
Non-Malleability (2/2) Use

n-Non-Malleability (n-NM)

Non-Malleability


Our results 1 3
Our Results (1/3) Use

  • Construct unconditionally secure C&W for multiple use

    • from n-spoofing secure A-code to n-perfectly secure (n-PS) encryption

    • from (n+1)-spoofing secure A-code to n-perfectly secure (n-PS) and n-Non-Malleable (n-NM) encryption


Our results 2 3
Our Results (2/3) Use

n-spoofing secure A-code

n-PS encryption

C&W

(n+1)-spoofing secure A-code

n-PS andn-NM encryption

C&W


Our results 3 3
Our Results (3/3) Use

HHHWI06

Imp A-code

n-spoofing secure A-code

PS encryption

n-PS encryption

C&W

C&W

Our Result

Imp and Sub A-code

(n+1)-spoofing secure A-code

PS and NMencryption

n-PS andn-NMencryption

C&W

C&W




Unconditionally secure chaffing and winnowing for multiple use

  • Overview Use

  • Unconditionally Secure C&W for Multiple Use

  • C&W with one authentication tag

  • Future Work and Conclusion


Overview 1 2
Overview (1/2) Use

  • C&W with one authentication tag

    • If the underlying A-code has a specific property, we can construct C&W with one authentication tag

n-Spf A-code with a specific property

n-PS encryption with one tag

C&W

(n+1)-Spf A-code with a specific property

n-PS andn-NM encryption with one tag

C&W


Overview 2 2
Overview (2/2) Use

  • From this result, we can see that theseA-codes can be seen as conventional encryptions

    • we prove that to send one tag corresponding to the message is secure

Authentication

Encryption

Can be seen as


The specific property
The specific property Use

  • “For all a, there exists at least one k such that, for all m, Ak(m)=a”

  • There exists an example of an A-code which is n-Spoofing secure and has this property

For example:



Comparison1
Comparison Use

The construction with one tag is practical


Unconditionally secure chaffing and winnowing for multiple use

  • Overview Use

  • Unconditionally Secure C&W for Multiple Use

  • C&W with one authentication tag

  • Future Work and Conclusion


Future work
Future Work Use

  • Remove the restriction that(like Stinson’s work)

    • In [Stinson’06], C&W is constructed from A-code with short tags (more weak A-code)

    • [Stinson’06]D.R. Stinson, “Unconditionally secure chaffing and winnowing with short authentication tags,” Cryptology ePrint Archive, Report 2006/189, 2006.


Conclusion
Conclusion Use

  • Detailed analysis of C&W under multiple-use setting

    • from n-Spf secure A-code to n-PS encryption

    • from (n+1)-Spf secure A-code to n-PS and n-NM encryption

  • More efficient Chaffing-and-Winnowing

    • C&W for n-time use from n-spoofing secure A-code

    • practical C&W from A-code with a specific property

      • provide same function as conventional encryption