Paper 2018/126

Onion-AE: Foundations of Nested Encryption

Phillip Rogaway and Yusi Zhang

Abstract

Nested symmetric encryption is a well-known technique for low-latency communication privacy. But just what problem does this technique aim to solve? In answer, we provide a provable-security treatment for onion authenticated-encryption (onion-AE). Extending the conventional notion for authenticated-encryption, we demand indistinguishability from random bits and time-of-exit authenticity verification. We show that the encryption technique presently used in Tor does not satisfy our definition of onion-AE security, but that a construction by Mathewson (2012), based on a strong, tweakable, wideblock PRP, does do the job. We go on to discuss three extensions of onion-AE, giving defini- tions to handle inbound flows, immediate detection of authenticity errors, and corrupt ORs.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Published elsewhere. PETS 2018, Issue 2
Keywords
Anonymityauthenticated encryptiononion routingprivacyoracle silencingprovable securityTor
Contact author(s)
ysizhang @ ucdavis edu
History
2018-02-05: received
Short URL
https://ia.cr/2018/126
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/126,
      author = {Phillip Rogaway and Yusi Zhang},
      title = {Onion-AE: Foundations of Nested Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2018/126},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/126}},
      url = {https://eprint.iacr.org/2018/126}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.