Paper 2016/290

Nonce-Based Cryptography: Retaining Security when Randomness Fails

Mihir Bellare and Björn Tackmann

Abstract

We take nonce-based cryptography beyond symmetric encryption, developing it as a broad and practical way to mitigate damage caused by failures in randomness, whether inadvertent (bugs) or malicious (subversion). We focus on definitions and constructions for nonce-based public-key encryption and briefly treat nonce-based signatures. We introduce and construct hedged extractors as a general tool in this domain. Our nonce-based PKE scheme guarantees that if the adversary wants to violate IND-CCA security then it must do both of the following: (1) fully compromise the RNG (2) penetrate the sender system to exfiltrate a seed used by the sender

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A minor revision of an IACR publication in EUROCRYPT 2016
Keywords
public-key cryptographydigital signaturesrandomness extractionmass surveillance
Contact author(s)
btackmann @ eng ucsd edu
History
2016-03-17: received
Short URL
https://ia.cr/2016/290
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/290,
      author = {Mihir Bellare and Björn Tackmann},
      title = {Nonce-Based Cryptography: Retaining Security when Randomness Fails},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/290},
      year = {2016},
      url = {https://eprint.iacr.org/2016/290}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.