TY - CHAP
T1 - Single-path authenticated-encryption scheme based on universal hashing
AU - Furuya, Soichi
AU - Sakurai, Kouichi
PY - 2003
Y1 - 2003
N2 - An authenticated-encryption scheme is frequently used to provide a communication both with confidentiality and integrity. For stream ciphers, i.e., an encryption scheme using a cryptographic pseudorandom-number generator, this objective can be achieved by the simple combination of encryption and MAC generation. This naive approach, however, introduces the following drawbacks; the implementation is likely to require two scans of the data, and independent keys for the encryption and MAC generations must be exchanged. The single-path construction of an authenticated-encryption scheme for a stream cipher is advantageous in these two aspects but non-trivial design. In this paper we propose a single-path authenticated-encryption scheme with provable security. This scheme is based on one of the well-known ∈-almost-universal hash functions, the evaluation hash. The encryption and decryption of the scheme can be calculated by single-path operation on a plaintext and a ciphertext. We analyze the security of the proposed scheme and give a security proof, which claims that the security of the proposed scheme can be reduced to that of an underlying PRNG in the indistinguishability from random bits. The security model we use, real-or-random, is one of the strongest notions amongst the four well-known notions for confidentiality, and an encryption scheme with real-or-random sense security can be efficiently reduced to the other three security notions. We also note that the security of the proposed scheme is tight.
AB - An authenticated-encryption scheme is frequently used to provide a communication both with confidentiality and integrity. For stream ciphers, i.e., an encryption scheme using a cryptographic pseudorandom-number generator, this objective can be achieved by the simple combination of encryption and MAC generation. This naive approach, however, introduces the following drawbacks; the implementation is likely to require two scans of the data, and independent keys for the encryption and MAC generations must be exchanged. The single-path construction of an authenticated-encryption scheme for a stream cipher is advantageous in these two aspects but non-trivial design. In this paper we propose a single-path authenticated-encryption scheme with provable security. This scheme is based on one of the well-known ∈-almost-universal hash functions, the evaluation hash. The encryption and decryption of the scheme can be calculated by single-path operation on a plaintext and a ciphertext. We analyze the security of the proposed scheme and give a security proof, which claims that the security of the proposed scheme can be reduced to that of an underlying PRNG in the indistinguishability from random bits. The security model we use, real-or-random, is one of the strongest notions amongst the four well-known notions for confidentiality, and an encryption scheme with real-or-random sense security can be efficiently reduced to the other three security notions. We also note that the security of the proposed scheme is tight.
UR - http://www.scopus.com/inward/record.url?scp=35248895918&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=35248895918&partnerID=8YFLogxK
U2 - 10.1007/3-540-36492-7_8
DO - 10.1007/3-540-36492-7_8
M3 - Chapter
AN - SCOPUS:35248895918
SN - 9783540006220
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 94
EP - 109
BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
A2 - Nyberg, Kaisa
A2 - Heys, Howard
PB - Springer Verlag
ER -