Cryptology ePrint Archive: Report 2016/290

Nonce-Based Cryptography: Retaining Security when Randomness Fails

Mihir Bellare and Björn Tackmann

Abstract: We take nonce-based cryptography beyond symmetric encryption, developing it as a broad and practical way to mitigate damage caused by failures in randomness, whether inadvertent (bugs) or malicious (subversion). We focus on definitions and constructions for nonce-based public-key encryption and briefly treat nonce-based signatures. We introduce and construct hedged extractors as a general tool in this domain. Our nonce-based PKE scheme guarantees that if the adversary wants to violate IND-CCA security then it must do both of the following: (1) fully compromise the RNG (2) penetrate the sender system to exfiltrate a seed used by the sender

Category / Keywords: public-key cryptography / public-key cryptography, digital signatures, randomness extraction, mass surveillance

Original Publication (with minor differences): IACR-EUROCRYPT-2016

Date: received 15 Mar 2016

Contact author: btackmann at eng ucsd edu

Available format(s): PDF | BibTeX Citation

Version: 20160317:161615 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]