TY - CHAP

T1 - Single-path authenticated-encryption scheme based on universal hashing

AU - Furuya, Soichi

AU - Sakurai, Kouichi

PY - 2003

Y1 - 2003

N2 - An authenticated-encryption scheme is frequently used to provide a communication both with confidentiality and integrity. For stream ciphers, i.e., an encryption scheme using a cryptographic pseudorandom-number generator, this objective can be achieved by the simple combination of encryption and MAC generation. This naive approach, however, introduces the following drawbacks; the implementation is likely to require two scans of the data, and independent keys for the encryption and MAC generations must be exchanged. The single-path construction of an authenticated-encryption scheme for a stream cipher is advantageous in these two aspects but non-trivial design. In this paper we propose a single-path authenticated-encryption scheme with provable security. This scheme is based on one of the well-known ∈-almost-universal hash functions, the evaluation hash. The encryption and decryption of the scheme can be calculated by single-path operation on a plaintext and a ciphertext. We analyze the security of the proposed scheme and give a security proof, which claims that the security of the proposed scheme can be reduced to that of an underlying PRNG in the indistinguishability from random bits. The security model we use, real-or-random, is one of the strongest notions amongst the four well-known notions for confidentiality, and an encryption scheme with real-or-random sense security can be efficiently reduced to the other three security notions. We also note that the security of the proposed scheme is tight.

AB - An authenticated-encryption scheme is frequently used to provide a communication both with confidentiality and integrity. For stream ciphers, i.e., an encryption scheme using a cryptographic pseudorandom-number generator, this objective can be achieved by the simple combination of encryption and MAC generation. This naive approach, however, introduces the following drawbacks; the implementation is likely to require two scans of the data, and independent keys for the encryption and MAC generations must be exchanged. The single-path construction of an authenticated-encryption scheme for a stream cipher is advantageous in these two aspects but non-trivial design. In this paper we propose a single-path authenticated-encryption scheme with provable security. This scheme is based on one of the well-known ∈-almost-universal hash functions, the evaluation hash. The encryption and decryption of the scheme can be calculated by single-path operation on a plaintext and a ciphertext. We analyze the security of the proposed scheme and give a security proof, which claims that the security of the proposed scheme can be reduced to that of an underlying PRNG in the indistinguishability from random bits. The security model we use, real-or-random, is one of the strongest notions amongst the four well-known notions for confidentiality, and an encryption scheme with real-or-random sense security can be efficiently reduced to the other three security notions. We also note that the security of the proposed scheme is tight.

UR - http://www.scopus.com/inward/record.url?scp=35248895918&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=35248895918&partnerID=8YFLogxK

U2 - 10.1007/3-540-36492-7_8

DO - 10.1007/3-540-36492-7_8

M3 - Chapter

AN - SCOPUS:35248895918

SN - 9783540006220

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 94

EP - 109

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

A2 - Nyberg, Kaisa

A2 - Heys, Howard

PB - Springer Verlag

ER -