Cryptology ePrint Archive: Report 2016/1124
Integrity Analysis of Authenticated Encryption Based on Stream Ciphers
Kazuya Imamura and Kazuhiko Minematsu and Tetsu Iwata
Abstract: We study the security of authenticated encryption based on a stream cipher and a universal hash function. We consider ChaCha20-Poly1305 and generic constructions proposed by Sarkar, where the generic constructions include 14 AEAD (authenticated encryption with associated data) schemes and 3 DAEAD (deterministic AEAD) schemes. In this paper, we analyze the integrity of these schemes both in the standard INT-CTXT notion and in the RUP (releasing unverified plaintext) setting called INT-RUP notion. We present INT-CTXT attacks against 3 out of the 14 AEAD schemes and 1 out of the 3 DAEAD schemes. We then show INT-RUP attacks against 1 out of the 14 AEAD schemes and the 2 remaining DAEAD schemes. We next show that ChaCha20-Poly1305 is provably secure in the INT-RUP notion. Finally, we show that 4 out of the remaining 10 AEAD schemes are provably secure in the INT-RUP notion.
Category / Keywords: secret-key cryptography / authenticated encryption, stream cipher, universal hash function, provable security, integrity, releasing unverified plaintext
Original Publication (with minor differences): ProvSec 2016
Date: received 30 Nov 2016
Contact author: iwata at cse nagoya-u ac jp
Available format(s): PDF | BibTeX Citation
Note: Full version of the ProvSec 2016 paper.
Version: 20161201:050018 (All versions of this report)
Short URL: ia.cr/2016/1124
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]