Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Onion-AE: Foundations of Nested Encryption

Onion-AE: Foundations of Nested Encryption AbstractNested symmetric encryption is a well-known technique for low-latency communication privacy. But just what problem does this technique aim to solve? In answer, we provide a provable-security treatment for onion authenticated-encryption (onion-AE). Extending the conventional notion for authenticated-encryption, we demand indistinguishability from random bits and time-of-exit authenticity verification. We show that the encryption technique presently used in Tor does not satisfy our definition of onion-AE security, but that a construction by Mathewson (2012), based on a strong, tweakable, wideblock PRP, does do the job. We go on to discuss three extensions of onion-AE, giving definitions to handle inbound flows, immediate detection of authenticity errors, and corrupt ORs. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Proceedings on Privacy Enhancing Technologies de Gruyter

Onion-AE: Foundations of Nested Encryption

Download PDF
20 pages

Loading next page...
 
/lp/de-gruyter/onion-ae-foundations-of-nested-encryption-u0Z1xe5YmX
Publisher
de Gruyter
Copyright
© 2018 Phillip Rogaway et al., published by De Gruyter Open
ISSN
2299-0984
eISSN
2299-0984
DOI
10.1515/popets-2018-0014
Publisher site
See Article on Publisher Site

Abstract

AbstractNested symmetric encryption is a well-known technique for low-latency communication privacy. But just what problem does this technique aim to solve? In answer, we provide a provable-security treatment for onion authenticated-encryption (onion-AE). Extending the conventional notion for authenticated-encryption, we demand indistinguishability from random bits and time-of-exit authenticity verification. We show that the encryption technique presently used in Tor does not satisfy our definition of onion-AE security, but that a construction by Mathewson (2012), based on a strong, tweakable, wideblock PRP, does do the job. We go on to discuss three extensions of onion-AE, giving definitions to handle inbound flows, immediate detection of authenticity errors, and corrupt ORs.

Journal

Proceedings on Privacy Enhancing Technologiesde Gruyter

Published: Apr 1, 2018

References

  • Encode - then - encipher encryption : How to exploit nonces or redundancy in plaintexts for efficient cryptography In editor in volume ofLecture in pages Kyoto Japan Heidelberg
    Bellare
  • onion routing In editors th Conference on Communications pages Chicago Illinois USA Nov
    Catalano
  • Anonymity and one - way authentication in key exchange protocols Designs and pages
    Goldberg
  • Anonymity and one - way authentication in key exchange protocols Designs and pages
    Goldberg
  • Goldschlag Hiding routing information Hiding pages
    Reed
  • Goldschlag Anonymous connections onion routing In on Privacy pages Oakland CA
    Syverson
  • Fully non - interactive onion routing with forward - secrecy In editors th International Conference on Applied Cryptography and Network volume ofLecture Notes in Computer pages
    Catalano
  • Feigenbaum Probabilistic analysis of onion routing in a black - box model on Information and System
    Johnson
  • parallelizable enciphering mode In editor in volume ofLecture in pages San CA Feb Heidelberg
    Halevi
  • Goldschlag Onion routing
    Reed
  • analysis Protocols attacks design issues and open problems pages
    Raymond
  • Simplifying game based definitions Correctness adjusted indistinguishability Manuscript
    Rogaway
  • Authenticated - encryption with associated - data In editor th Conference on Communications pages Nov
    Rogaway
  • encryption and chosen ciphertext secure modes of operation In editor Fast volume ofLecture in pages New
    Katz
  • and Robust authenticated encryption AEZ and the problem that it solves In editors in Part volume ofLecture in pages Sofia Heidelberg
    Hoang
  • and Robust authenticated encryption AEZ and the problem that it solves In editors in Part volume ofLecture in pages Sofia Heidelberg
    Hoang
  • Dingledine Tor protocol specification https gitweb torproject org torspec git tree tor spec txt Accessed
    Roger
  • One cell is enough to break tor s anonymity InProceedings of Black Hat Technical Security Conference pages
    Fu
  • Möller Provably secure public - key encryption for length - preserving chaumian mixes In editor Topics in Cryptology volume ofLecture in pages San CA Heidelberg
    Joye
  • Kate Pairing - based onion routing InPrivacy Enhancing Technologies th International PET Ottawa Revised Selected pages
    Zaverucha
  • Building secure cryptographic transforms or how to encrypt and MAC Cryptology ePrint Archive
    Kohno
  • Kate Goldberg Pairing based onion routing with improved forward secrecy Cryptology ePrint Archive Report http eprint iacr org
    Zaverucha
  • and Authenticated encryption in SSH Provably fixing the SSH binary packet protocol In editor th Conference on Computer and Communications pages Washington Nov
    Bellare
  • Tor The second generation onion router Technical report Document
    Dingledine
  • Encode - then - encipher encryption : How to exploit nonces or redundancy in plaintexts for efficient cryptography In editor in volume ofLecture in pages Kyoto Japan Heidelberg
    Bellare
  • Dingledine Tor protocol specification https gitweb torproject org torspec git tree tor spec txt Accessed
    Roger
  • The Raccoons Analysis of the relative severity of tagging attacks http archives seul org or dev Mar msg html Accessed
  • Simplifying game based definitions Correctness adjusted indistinguishability Manuscript
    Rogaway
  • Feigenbaum Probabilistic analysis of onion routing in a black - box model on Information and System
    Johnson
  • and Authenticated encryption in SSH Provably fixing the SSH binary packet protocol In editor th Conference on Computer and Communications pages Washington Nov
    Bellare
  • parallelizable enciphering mode In editor in volume ofLecture in pages San CA Feb Heidelberg
    Halevi
  • Authenticated encryption : Relations among notions and analysis of the generic composition paradigm In editor in volume ofLecture in pages Kyoto Japan Heidelberg
    Bellare
  • encryption and chosen ciphertext secure modes of operation In editor Fast volume ofLecture in pages New
    Katz
  • Kate Goldberg Pairing based onion routing with improved forward secrecy Cryptology ePrint Archive Report http eprint iacr org
    Zaverucha
  • and From stateless to stateful : Generic authentication and authenticated encryption constructions with application to In editor Topics in Cryptology volume ofLecture Notes in pages San CA USA Feb Mar Heidelberg
    Boyd
  • Mohammadi secure and practical onion routing ePrint Archive Report http eprint iacr org
    Backes
  • Goldschlag Hiding routing information Hiding pages
    Reed
  • Goldreich and Goldwasser Incremental cryptography The case of hashing and signing In editor in volume ofLecture in pages Santa CA Aug Heidelberg
    Bellare
  • Mohammadi secure and practical onion routing ePrint Archive Report http eprint iacr org
    Backes
  • One cell is enough to break tor s anonymity InProceedings of Black Hat Technical Security Conference pages
    Fu
  • Extending EME to handle arbitrary - length messages with associated data In editors Progress in Cryptology - th International Conference in Cryptology in India volume ofLecture Notes in pages India
    Halevi
  • and From stateless to stateful : Generic authentication and authenticated encryption constructions with application to In editor Topics in Cryptology volume ofLecture Notes in pages San CA USA Feb Mar Heidelberg
    Boyd
  • Authenticated - encryption with associated - data In editor th Conference on Communications pages Nov
    Rogaway
  • Möller Provably secure public - key encryption for length - preserving chaumian mixes In editor Topics in Cryptology volume ofLecture in pages San CA Heidelberg
    Joye
  • Tor The second generation onion router Technical report Document
    Dingledine
  • Goldschlag Onion routing
    Reed
  • Two improved relay encryption protocols for Tor cells https gitweb torproject org torspec git tree proposals improved relay crypto txt Accessed
    Mathewson
  • Sphinx compact and provably secure mix format In on Privacy pages Oakland CA
    Danezis
  • onion routing In editors th Conference on Communications pages Chicago Illinois USA Nov
    Catalano
  • Kate Pairing - based onion routing InPrivacy Enhancing Technologies th International PET Ottawa Revised Selected pages
    Zaverucha
  • Goldschlag Anonymous connections onion routing In on Privacy pages Oakland CA
    Syverson
  • Authenticated encryption : Relations among notions and analysis of the generic composition paradigm In editor in volume ofLecture in pages Kyoto Japan Heidelberg
    Bellare
  • Universally composable security new paradigm for cryptographic protocols In nd pages Las
    Canetti
  • The Raccoons Analysis of the relative severity of tagging attacks http archives seul org or dev Mar msg html Accessed
  • analysis Protocols attacks design issues and open problems pages
    Raymond
  • Goldreich and Goldwasser Incremental cryptography The case of hashing and signing In editor in volume ofLecture in pages Santa CA Aug Heidelberg
    Bellare
  • Building secure cryptographic transforms or how to encrypt and MAC Cryptology ePrint Archive
    Kohno
  • Fully non - interactive onion routing with forward - secrecy In editors th International Conference on Applied Cryptography and Network volume ofLecture Notes in Computer pages
    Catalano
  • Extending EME to handle arbitrary - length messages with associated data In editors Progress in Cryptology - th International Conference in Cryptology in India volume ofLecture Notes in pages India
    Halevi
  • Sphinx compact and provably secure mix format In on Privacy pages Oakland CA
    Danezis
  • Universally composable security new paradigm for cryptographic protocols In nd pages Las
    Canetti
  • Two improved relay encryption protocols for Tor cells https gitweb torproject org torspec git tree proposals improved relay crypto txt Accessed
    Mathewson