A Generic Method to Extend Message Space of a Strong Pseudorandom Permutation
Let E be a strong pseudorandom permutation (or SPRP) secure enciphering scheme (i.e., a length-preserving encryption scheme) which can only encrypt messages of size multiple of n, the block size of the underlying block cipher. There are several such constructions, e.g., CBC mode or cipher block chaining mode. In this paper we present how a secure enciphering scheme <img border=0 src="../../../../../img/revistas/cys/v12n3/a4s1.jpg">can be obtained which can encrypt any messages of size at least n based on E and some other cryptographic objects such as weak pseudorandom function (or WPRF) and a universal hash function. So <img border=0 src="../../../../../img/revistas/cys/v12n3/a4s1.jpg">can encrypt messages which might contain incomplete message blocks. Since an enciphering scheme is a length preserving encryption algorithm, one can not use a padding rule to handle the incomplete message block. In 2007, Ristenpart and Rogaway first proposed a secure method known as XLS (eXtension by Latin Squares). It needs two invocations of a block cipher e whose key is chosen independently of the key of E. The SPRP security of XLS is based on the SPRP security of the block cipher e. Our proposed enciphering scheme is SPRP and it needs only one invocation of a WPRF and two invocations of a universal hash function. Any SPRP construction, e.g., a secure block cipher, is a WPRF. Moreover, there are other several efficient constructions for universal hash functions and WPRF which are not SPRP. Thus, we are able to replace SPRP security by two weaker security notions to extend the domain of a secure enciphering scheme.
| Main Author: | |
|---|---|
| Format: | Digital revista |
| Language: | English |
| Published: |
Instituto Politécnico Nacional, Centro de Investigación en Computación
2009
|
| Online Access: | http://www.scielo.org.mx/scielo.php?script=sci_arttext&pid=S1405-55462009000100004 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Let E be a strong pseudorandom permutation (or SPRP) secure enciphering scheme (i.e., a length-preserving encryption scheme) which can only encrypt messages of size multiple of n, the block size of the underlying block cipher. There are several such constructions, e.g., CBC mode or cipher block chaining mode. In this paper we present how a secure enciphering scheme <img border=0 src="../../../../../img/revistas/cys/v12n3/a4s1.jpg">can be obtained which can encrypt any messages of size at least n based on E and some other cryptographic objects such as weak pseudorandom function (or WPRF) and a universal hash function. So <img border=0 src="../../../../../img/revistas/cys/v12n3/a4s1.jpg">can encrypt messages which might contain incomplete message blocks. Since an enciphering scheme is a length preserving encryption algorithm, one can not use a padding rule to handle the incomplete message block. In 2007, Ristenpart and Rogaway first proposed a secure method known as XLS (eXtension by Latin Squares). It needs two invocations of a block cipher e whose key is chosen independently of the key of E. The SPRP security of XLS is based on the SPRP security of the block cipher e. Our proposed enciphering scheme is SPRP and it needs only one invocation of a WPRF and two invocations of a universal hash function. Any SPRP construction, e.g., a secure block cipher, is a WPRF. Moreover, there are other several efficient constructions for universal hash functions and WPRF which are not SPRP. Thus, we are able to replace SPRP security by two weaker security notions to extend the domain of a secure enciphering scheme. |
|---|