Paper 2015/893

Robust Authenticated Encryption and the Limits of Symmetric Cryptography

Christian Badertscher, Christian Matt, Ueli Maurer, Phillip Rogaway, and Björn Tackmann

Abstract

Robust authenticated encryption (RAE) is a primitive for symmetric encryption that allows to flexibly specify the ciphertext expansion, i.e., how much longer the ciphertext is compared to the plaintext. For every ciphertext expansion, RAE aims at providing the best-possible authenticity and confidentiality. To investigate whether this is actually achieved, we characterize exactly the guarantees symmetric cryptography can provide for any given ciphertext expansion. Our characterization reveals not only that RAE reaches the claimed goal, but also, contrary to prior belief, that one cannot achieve full confidentiality without ciphertext expansion. This provides new insights into the limits of symmetric cryptography. Moreover, we provide a rigorous treatment of two previously only informally stated additional features of RAE; namely, we show how redundancy in the message space can be exploited to improve the security and we analyze the exact security loss if multiple messages are encrypted with the same nonce.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Major revision. 15th IMA International Conference on Cryptography and Coding, 2015
Keywords
Authenticated EncryptionComposabilityConstructive CryptographyLower Bounds
Contact author(s)
christian badertscher @ inf ethz ch
History
2018-09-28: revised
2015-09-15: received
See all versions
Short URL
https://ia.cr/2015/893
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/893,
      author = {Christian Badertscher and Christian Matt and Ueli Maurer and Phillip Rogaway and Björn Tackmann},
      title = {Robust Authenticated Encryption and the Limits of Symmetric Cryptography},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/893},
      year = {2015},
      url = {https://eprint.iacr.org/2015/893}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.