On-line Ciphers and the Hash-CBC Constructions

M. Bellare; A. Boldyreva; Lars Ramkilde Knudsen; C. Namprempre

doi:10.1007/s00145-011-9106-1

On-line Ciphers and the Hash-CBC Constructions

M. Bellare, A. Boldyreva, Lars Ramkilde Knudsen, C. Namprempre

Research output: Contribution to journal › Journal article › Research › peer-review

Abstract

We initiate a study of on-line ciphers. These are ciphers that can take input plaintexts of large and varying lengths and will output the i th block of the ciphertext after having processed only the first i blocks of the plaintext. Such ciphers permit length-preserving encryption of a data stream with only a single pass through the data. We provide security definitions for this primitive and study its basic properties. We then provide attacks on some possible candidates, including CBC with fixed IV. We then provide two constructions, HCBC1 and HCBC2, based on a given block cipher E and a family of computationally AXU functions. HCBC1 is proven secure against chosen-plaintext attacks assuming that E is a PRP secure against chosen-plaintext attacks, while HCBC2 is proven secure against chosen-ciphertext attacks assuming that E is a PRP secure against chosen-ciphertext attacks.

Original language	English
Journal	Journal of Cryptology
Volume	25
Issue number	4
Pages (from-to)	640-679
ISSN	0933-2790
DOIs	https://doi.org/10.1007/s00145-011-9106-1
Publication status	Published - 2012

Access to Document

10.1007/s00145-011-9106-1

Fingerprint Dive into the research topics of 'On-line Ciphers and the Hash-CBC Constructions'. Together they form a unique fingerprint.

Cite this

@article{2b69d788b9294f21bdd2c98c20fc168b,

title = "On-line Ciphers and the Hash-CBC Constructions",

abstract = "We initiate a study of on-line ciphers. These are ciphers that can take input plaintexts of large and varying lengths and will output the i th block of the ciphertext after having processed only the first i blocks of the plaintext. Such ciphers permit length-preserving encryption of a data stream with only a single pass through the data. We provide security definitions for this primitive and study its basic properties. We then provide attacks on some possible candidates, including CBC with fixed IV. We then provide two constructions, HCBC1 and HCBC2, based on a given block cipher E and a family of computationally AXU functions. HCBC1 is proven secure against chosen-plaintext attacks assuming that E is a PRP secure against chosen-plaintext attacks, while HCBC2 is proven secure against chosen-ciphertext attacks assuming that E is a PRP secure against chosen-ciphertext attacks.",

author = "M. Bellare and A. Boldyreva and Knudsen, {Lars Ramkilde} and C. Namprempre",

year = "2012",

doi = "10.1007/s00145-011-9106-1",

language = "English",

volume = "25",

pages = "640--679",

journal = "Journal of Cryptology",

issn = "0933-2790",

publisher = "Springer New York",

number = "4",

}

TY - JOUR

T1 - On-line Ciphers and the Hash-CBC Constructions

AU - Bellare, M.

AU - Boldyreva, A.

AU - Knudsen, Lars Ramkilde

AU - Namprempre, C.

PY - 2012

Y1 - 2012

N2 - We initiate a study of on-line ciphers. These are ciphers that can take input plaintexts of large and varying lengths and will output the i th block of the ciphertext after having processed only the first i blocks of the plaintext. Such ciphers permit length-preserving encryption of a data stream with only a single pass through the data. We provide security definitions for this primitive and study its basic properties. We then provide attacks on some possible candidates, including CBC with fixed IV. We then provide two constructions, HCBC1 and HCBC2, based on a given block cipher E and a family of computationally AXU functions. HCBC1 is proven secure against chosen-plaintext attacks assuming that E is a PRP secure against chosen-plaintext attacks, while HCBC2 is proven secure against chosen-ciphertext attacks assuming that E is a PRP secure against chosen-ciphertext attacks.

AB - We initiate a study of on-line ciphers. These are ciphers that can take input plaintexts of large and varying lengths and will output the i th block of the ciphertext after having processed only the first i blocks of the plaintext. Such ciphers permit length-preserving encryption of a data stream with only a single pass through the data. We provide security definitions for this primitive and study its basic properties. We then provide attacks on some possible candidates, including CBC with fixed IV. We then provide two constructions, HCBC1 and HCBC2, based on a given block cipher E and a family of computationally AXU functions. HCBC1 is proven secure against chosen-plaintext attacks assuming that E is a PRP secure against chosen-plaintext attacks, while HCBC2 is proven secure against chosen-ciphertext attacks assuming that E is a PRP secure against chosen-ciphertext attacks.

U2 - 10.1007/s00145-011-9106-1

DO - 10.1007/s00145-011-9106-1

M3 - Journal article

VL - 25

SP - 640

EP - 679

JO - Journal of Cryptology

JF - Journal of Cryptology

SN - 0933-2790

IS - 4

ER -