Cryptography Reference
In-Depth Information
-MACs:TowardsMoreSecureandMore
Ecient Constructions of Secure Channels
E
Basel Alomair and Radha Poovendran
Network Security Lab (NSL)
University of Washington-Seattle
{
alomair,rp3
}
@uw.edu
Abstract.
In cryptography, secure channels enable the confidential and
authenticated message exchange between authorized users. A generic ap-
proach of constructing such channels is by combining an encryption prim-
itive with an authentication primitive (MAC). In this work, we introduce
the design of a new cryptographic primitive to be used in the construc-
tion of secure channels. Instead of using general purpose MACs, we pro-
pose the employment of special purpose MACs, named “
E
-MACs”. The
main motive behind this work is the observation that, since the message
must be both encrypted and authenticated, there can be a redundancy
in the computations performed by the two primitives. If this turned out
to be the case, removing such redundancy will improve the eciency
of the overall construction. In addition, computations performed by the
encryption algorithm can be further utilized to improve the security of
the authentication algorithm. In this work, we show how
E
-MACs can
be designed to reduce the amount of computations required by standard
MACs based on universal hash functions, and show how
E
-MACs can be
secured against key-recovery attacks.
Key words:
Confidentiality, authenticity, message authentication code
(MAC), authenticated encryption, encrypt-and-authenticate, universal
hash families
1
Introduction
There are two main approaches for the construction of secure cryptographic
channels: a dedicated approach and a generic approach. In the dedicated ap-
proach, a cryptographic primitive is designed to achieve authenticated encryp-
tion as a standalone system (see, e.g., [6, 18, 23, 32, 35, 45]). In the generic
approach, an authentication primitive is combined with an encryption primitive
to provide message integrity and confidentiality (see, e.g., [14, 21, 51]).
Generic compositions can be constructed in three different ways: encrypt-and-
authenticate (
E
&
A
), encrypt-then-authenticate (
EtA
), and authenticate-then-
encrypt (
AtE
). In the
E
&
A
composition, the plaintext is passed to the encryp-
tion algorithm to get the corresponding ciphertext, the plaintext is passed to the
MAC algorithm to get the corresponding tag, and the resulting ciphertext-tag
Search WWH ::
Custom Search