Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation.

Similar documents
Post-Quantum Security of the Fujisaki-Okamoto (FO) and OAEP Transforms

Semantic Security and Indistinguishability in the Quantum World

A Generic Hybrid Encryption Construction in the Quantum Random Oracle Model

On Post-Quantum Cryptography

CTR mode of operation

CPA-Security. Definition: A private-key encryption scheme

Modern Cryptography Lecture 4

Symmetric Encryption

SYMMETRIC ENCRYPTION. Mihir Bellare UCSD 1

Notes for Lecture A can repeat step 3 as many times as it wishes. We will charge A one unit of time for every time it repeats step 3.

Block ciphers And modes of operation. Table of contents

Question 2.1. Show that. is non-negligible. 2. Since. is non-negligible so is μ n +

THE RANK METHOD AND APPLICATIONS TO POST- QUANTUM CRYPTOGRAPHY

Post-quantum security models for authenticated encryption

CS 6260 Applied Cryptography

Validating IGE Mode of Block Cipher from Quantum Adversaries

SYMMETRIC ENCRYPTION. Syntax. Example: OTP. Correct decryption requirement. A symmetric encryption scheme SE = (K, E, D) consists of three algorithms:

Random Oracles in a Quantum World

BEYOND POST QUANTUM CRYPTOGRAPHY

Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model. Shuichi Katsumata (The University of Tokyo /AIST) Takashi Yamakawa (NTT)

(Tightly) QCCA-Secure Key-Encapsulation Mechanism in the Quantum Random Oracle Model

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

A Domain Extender for the Ideal Cipher

Block Ciphers/Pseudorandom Permutations

Lecture 9 - Symmetric Encryption

On the power of non-adaptive quantum chosen-ciphertext attacks

Lecture 6. Winter 2018 CS 485/585 Introduction to Cryptography. Constructing CPA-secure ciphers

CPSC 91 Computer Security Fall Computer Security. Assignment #3 Solutions

Block encryption of quantum messages

CS 6260 Applied Cryptography

Models and analysis of security protocols 1st Semester Symmetric Encryption Lecture 5

Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World. Dan Boneh and Mark Zhandry Stanford University

Quantum-secure symmetric-key cryptography based on Hidden Shifts

CSA E0 235: Cryptography March 16, (Extra) Lecture 3

Practice Final Exam Winter 2017, CS 485/585 Crypto March 14, 2017

Identity-based encryption

Secure Signatures and Chosen Ciphertext Security in a Post-Quantum World

Symmetric Encryption. Adam O Neill based on

On the security of Jhanwar-Barua Identity-Based Encryption Scheme

CLASSICAL CRYPTOSYSTEMS IN A QUANTUM WORLD

III. Pseudorandom functions & encryption

A survey on quantum-secure cryptographic systems

U.C. Berkeley CS276: Cryptography Luca Trevisan February 5, Notes for Lecture 6

Lecture 5, CPA Secure Encryption from PRFs

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL. Mark Zhandry Stanford University

2 Message authentication codes (MACs)

Solution of Exercise Sheet 7

Quantum Chosen-Ciphertext Attacks against Feistel Ciphers

A Lower Bound on the Key Length of Information-Theoretic Forward-Secure Storage Schemes

Practical Fully Homomorphic Encryption without Noise Reduction

Short Exponent Diffie-Hellman Problems

A block cipher enciphers each block with the same key.

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Modern symmetric-key Encryption

Secure Indexes* Eu-Jin Goh Stanford University 15 March 2004

Pr[C = c M = m] = Pr[C = c] Pr[M = m] Pr[M = m C = c] = Pr[M = m]

Frequency-hiding Dependency-preserving Encryption for Outsourced Databases

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Breaking Symmetric Cryptosystems Using Quantum Algorithms

EME : extending EME to handle arbitrary-length messages with associated data

Quantum-Secure Message Authentication Codes

On Quantum Indifferentiability

Simple SK-ID-KEM 1. 1 Introduction

A Note on Quantum-Secure PRPs

Technische Universität München (I7) Winter 2013/14 Dr. M. Luttenberger / M. Schlund SOLUTION. Cryptography Endterm

Models and analysis of security protocols 1st Semester Symmetric Encryption Lecture 5

Building Quantum-One-Way Functions from Block Ciphers: Davies-Meyer and Merkle-Damgård Constructions

Online Cryptography Course. Using block ciphers. Review: PRPs and PRFs. Dan Boneh

An efficient variant of Boneh-Gentry-Hamburg's identity-based encryption without pairing

Security of Random Feistel Schemes with 5 or more Rounds

Fang Song. Joint work with Sean Hallgren and Adam Smith. Computer Science and Engineering Penn State University

INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator

A Pseudo-Random Encryption Mode

Lecture 7: CPA Security, MACs, OWFs

Cryptology. Scribe: Fabrice Mouhartem M2IF

ZCZ: Achieving n-bit SPRP Security with a Minimal Number of Tweakable-block-cipher Calls

Introduction to Cryptology. Lecture 3

Unforgeable quantum encryption. Christian Majenz Joint work with Gorjan Alagic and Tommaso Gagliardoni

Modes of Operations for Wide-Block Encryption

1 Number Theory Basics

Improving Upon the TET Mode of Operation

Provable-Security Approach begins with [GM82] Classical Approach. Practical Cryptography: Provable Security as a Tool for Protocol Design

Lecture 13: Private Key Encryption

Applied cryptography

CONSTRUCTIONS SECURE AGAINST RECEIVER SELECTIVE OPENING AND CHOSEN CIPHERTEXT ATTACKS

Smooth Projective Hash Function and Its Applications

G /G Introduction to Cryptography November 4, Lecture 10. Lecturer: Yevgeniy Dodis Fall 2008

Searchable encryption & Anonymous encryption

Leakage-Resilient Symmetric Encryption via Re-keying

Outline. The Game-based Methodology for Computational Security Proofs. Public-Key Cryptography. Outline. Introduction Provable Security

Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World

Notes on Property-Preserving Encryption

Report on Learning with Errors over Rings-based HILA5 and its CCA Security

Gentry IBE Paper Reading

Lectures 2+3: Provable Security

Quantum Collision-Finding in Non-Uniform Random Functions

Fully Secure (Doubly-)Spatial Encryption under Simpler Assumptions

UvA-DARE (Digital Academic Repository) Semantic security and indistinguishability in the quantum world Gagliardoni, T.; Hülsing, A.; Schaffner, C.

Quantum Differential and Linear Cryptanalysis

The Indistinguishability of the XOR of k permutations

Transcription:

OFB, CTR, In CBC, Ehsan Ebrahimi Targhi, Gelo Noel Tabia, Dominique Unruh University of Tartu February 4, 2016

Table of contents In CBC 1 2 3 4 In CBC PRF under quantum 5 6

Being optimistic about the emergence of computer we want to evaluate the classical crypto-systems under by quantum adversaries. We analyze the cipher modes of operation. These modes are chosen as per the recommendations in 2013 ENISA[2] 1 report on encryption algorithms. In CBC 1 European Union Agency for Network and Information Security 2013.

In CBC Mode of Classical Standard (quantum) IND-qCPA? operation IND-CPA? IND-CPA? (with PRF) (with qprf) ECB no no no no CBC yes yes no yes CFB yes yes no yes OFB yes yes yes yes CTR yes yes yes yes XTS unknown unknown no in spirit unknown Table: Summary of our results. No in spirit means that there is an using superposition queries that does not formally violate IND-qCPA.

Standard Security [4] 2 In CBC 2 Mark Zhandry, FOCS 2012.

Security [4] 3 In CBC 3 Mark Zhandry, FOCS 2012.

IND-CPA Model In CBC

IND-qCPA Model[1] 4 In CBC 4 Dan Boneh and Mark Zhandry, CRYPTO 2013.

In CBC

We need to show that output of using a qprf is indistinguishable from truly random string. Define Enc i,h CBC (M). In CBC

In CBC Use O2H lemma to show that the distinguishing probability by any quantum adversary is negligible.

One way to hiding (O2H)[3] 5 In CBC 5 Dominique Unruh, eprint 2013.

Construction of Block cipher for CBC In CBC BC is a standard secure PRF for any quantum adversary given classical access to it and quantum access to H. BC has a collision such that x x : x (k 1) = x.

Proof Idea:Standard BC In CBC

Proof Idea:Standard BC Idea: to replace E in BC by a random function. if we replace key H(k) of E by a random key k, we can use O2H lemma. we define adversary A O2H and block cipher BC k w with E using random key. In CBC

Proof Idea:Standard BC We have the games as in O2H lemma In CBC

Proof Idea:Standard BC Game G0 is replaced by G2. In CBC

Proof Idea:Standard BC We now replace E by a random function Ẽ In CBC

Proof Idea:Standard BC The only difference between the two games is when same query is queried again. By fundamental lemma of games we get the probability to be negligible. In CBC

on using standard secure PRF In CBC BC has similar structure as function f and hence this weakness can be exploited to get key k.

Dan Boneh and Mark Zhandry. Secure signatures and chosen ciphertext security in a quantum computing world. https://eprint.iacr.org/2013/088, 2013. The definition of IND-qCPA only appear in this eprint, not in the conference version. (ENISA). In CBC Algorithms, key sizes and parameters report - 2013 recommendations. https://www.enisa.europa.eu/activities/identity- and- trust/library/deliverables/algorithms-key-sizes-and-parameters-report, October 2013. Dominique Unruh. Revocable quantum timed-release encryption. IACR Cryptology eprint Archive, 2013:606, 2013. Mark Zhandry. How to construct quantum random functions. In 53rd Annual IEEE Symposium on Foundations of Computer Science, FOCS 2012, New Brunswick, NJ, USA, October 20-23, 2012, pages 679 687. IEEE Computer Society, 2012.

THANK YOU!!! In CBC

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback