### Compactly Committing Authenticated Encryption Using Encryptment and Tweakable Block Cipher

##### Abstract

Facebook introduced message franking to enable users to report abusive content verifiably in end-to-end encrypted messaging. Grubbs et al. formalized the underlying primitive called compactly committing authenticated encryption with associated data (ccAEAD) and presented schemes with provable security. Dodis et al. proposed a core building block called encryptment and presented a generic construction of ccAEAD with encryptment and standard AEAD. This paper first proposes to use a tweakable block cipher instead of AEAD for the generic construction of Dodis et al. In the security analysis of the proposed construction, its ciphertext integrity is shown to require a new but feasible assumption on the ciphertext integrity of encryptment. Then, this paper formalizes remotely keyed ccAEAD (RK ccAEAD) and shows that the proposed construction works as RK ccAEAD. Finally, the confidentiality of the proposed construction as RK ccAEAD is shown to require a new variant of confidentiality for encryptment. The problem of remotely keyed encryption was posed by Blaze in 1996. It is now related to the problem of designing a cryptographic scheme using a trusted module and/or with leakage resiliency.

Available format(s)
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Authenticated encryption Commitment Tweakable block cipher Remotely keyed encryption
Contact author(s)
hrs_shch @ u-fukui ac jp
k-minematsu @ nec com
History
2022-12-02: approved
See all versions
Short URL
https://ia.cr/2022/1670

CC BY

BibTeX

@misc{cryptoeprint:2022/1670,
author = {Shoichi Hirose and Kazuhiko Minematsu},
title = {Compactly Committing Authenticated Encryption Using Encryptment and Tweakable Block Cipher},
howpublished = {Cryptology ePrint Archive, Paper 2022/1670},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/1670}},
url = {https://eprint.iacr.org/2022/1670}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.