fast and secure updatable encryption
play

Fast and Secure Updatable Encryption August 10, 2020 1 Norwegian - PowerPoint PPT Presentation

Feb 20, 2023 •105 likes •578 views

Fast and Secure Updatable Encryption August 10, 2020 1 Norwegian University of Science and Technology (NTNU), Norway 2 Bergische Universitt Wuppertal, Germany 1 Colin Boyd 1 Gareth T. Davies 2 Kristian Gjsteen 1 Yao Jiang 1 Table of contents

  1. Fast and Secure Updatable Encryption August 10, 2020 1 Norwegian University of Science and Technology (NTNU), Norway 2 Bergische Universität Wuppertal, Germany 1 Colin Boyd 1 Gareth T. Davies 2 Kristian Gjøsteen 1 Yao Jiang 1

  2. Table of contents 1. Updatable Encryption 2. Security Properties 3. Relations 4. UE Constructions 5. Summary 2

  3. Updatable Encryption

  4. Problem Motivation: Outsourcing k 0 C 0 Enc k 0 ( m ) = C 0 3

  5. Problem Motivation: Outsourcing k 0 C 0 Dec k 0 ( C 0 ) = m 0 • Threats: Key compromise 3

  6. Problem Motivation: Outsourcing k 0 k 1 C 0 C 1 • Threats: Key compromise • Solution: Key rotation 3

  7. Key Rotation: a standard approach k 0 k 1 C 0 4

  8. Key Rotation: a standard approach k 0 k 1 m = Dec k 0 ( C 0 ) 4

  9. Key Rotation: a standard approach k 0 k 0 k 1 Enc k 1 ( m ) = C 1 4

  10. Key Rotation: a standard approach k 0 k 0 k 1 C 1 C 1 • Download and re-upload is infeasible even for moderate storage requirements 4

  11. Key Rotation: Updatable Encryption (UE) ∆ 1 C 0 ∆ 1 C 1 k 0 k 1 • Key Homomorphic PRFs and their Applications Boneh, Lewi, Montgomery, Raghunathan; CRYPTO ’13 (+ ePrint 2015/220) 5

  12. Key Rotation: Updatable Encryption (UE) ∆ 1 C 0 ∆ 1 C 1 k 0 k 1 • Client only ever needs to store one key • fresh encryptions, updated ciphertexts and tokens should all reveal nothing about plaintext • Key Homomorphic PRFs and their Applications Boneh, Lewi, Montgomery, Raghunathan; CRYPTO ’13 (+ ePrint 2015/220) 5

  13. What Is Realistic? • Security properties: confjdentiality and integrity • What an attacker can possibly do? • What is the right security notion for UE? • Users do encryption, then server(s) update ciphertexts for millions of users • Encryption and update must be effjcient 6 Lehmann, Tackmann; Eurocrypt ’18 • Updatable Encryption with Post-Compromise Security

  14. Security Properties

  15. Epoch-based Corruptions C 3 k 5 k 6 k 7 … k n C 0 C 1 C 2 C 4 k 3 C 5 C 6 C n 7 • Directly obtained information: • Adversary adaptively corrupts keys and tokens • Adversary can asks for ciphertexts • Inferred information (Assume bi-directionality): 0 k 4 k 2 n 1 2 3 4 5 6 7 k 1 … … k 0 • Adversary can use this information to trivially win a security game! ∆ 1 ∆ 2 ∆ 3 ∆ 4 ∆ 5 ∆ 6 ∆ 7 C 7 … • C i + 1 and ∆ i + 1 is enough to compute C i • k i + 1 and ∆ i + 1 is enough to compute k i • k i and k i + 1 is enough to compute ∆ i + 1

  16. Confidentiality: a motivating example k 0 C 0 Enc k 0 ( Contact A ) = C 0 8

  17. Confidentiality: a motivating example ∆ 1 k 1 k 0 ∆ 1 C ′ C 0 0 ∆ 1 8

  18. Confidentiality: a motivating example k 1 C ′ C 0 ∆ 1 0 8

  19. Confidentiality: a motivating example k 1 C ′ C ′ C 1 C 1 Enc k 1 ( Contact B ) = C 1 0 0 • Which ciphertext is the newest? • How many ciphertexts are recently added? 8

  20. Prior notions: Indistinguishability of Encryptions ( IND - ENC ) C e C m C e C e m C b 9 e C C e • Challenger checks for trivial wins Lehmann, Tackmann; Eurocrypt ’18 • Updatable Encryption with Post-Compromise Security O . Enc O . Dec m 0 , m 1 O . Next e → e + 1 A IND - ENC $ ( e , key / token ) ← − { 0 , 1 } ˜ O . Corr C ˜ ˜ e ← Enc ( m b ) k e / ∆ e C ˜ O . Upd b ′ ˜ O . Upd ˜ ˜ Only in CCA games does an adversary have access to O . Dec

  21. Prior notions: Indistinguishability of Updates ( IND - UPD ) C e C m C e C e m C b 10 e C C e • Challenger checks for trivial wins Lehmann, Tackmann; Eurocrypt ’18 • Updatable Encryption with Post-Compromise Security O . Enc O . Dec C 0 , C 1 O . Next e → e + 1 A IND - UPD $ ( e , key / token ) ← − { 0 , 1 } ˜ O . Corr C ˜ ˜ e ← Upd ( C b ) k e / ∆ e C ˜ O . Upd b ′ ˜ O . Upd ˜ ˜ Only in CCA games does an adversary have access to O . Dec

  22. What else do we want to achieve? 11 • None of the prior notions capture our journalist motivating example. • Can we fjnd a notion captures a ciphertext freshly created is indistinguishable from an updated ciphertext?

  23. A New Notion for Updatable Encryption ( IND - UE ) C e 12 C m C e C e m C C C e b e • Challenger checks for trivial wins Scheme that leaks epoch number of original upload can be e - 1 IND - ENC and IND - UPD but not IND - UE O . Enc O . Dec m , C ˜ O . Next e → e + 1 $ A IND - UE ← − { 0 , 1 } ( e , key / token ) ˜ O . Corr if b = 0 : ˜ e ← Enc ( m ) C ˜ C ˜ k e / ∆ e if b = 1 : ˜ e ← Upd ( C ˜ e − 1 ) C ˜ O . Upd b ′ ˜ O . Upd ˜ ˜ Only in CCA games does an adversary have access to O . Dec IND-ENC + IND-UPD ⇏ IND-UE

  24. Ciphertext integrity 13 C e C C e m Klooß, Lehmann and Rupp; Eurocrypt ’19 e O . Enc ˜ C ˜ O . Next e → e + 1 m ′ ← Dec (˜ A INT - CTXT e ) C ˜ ( e , key / token ) if m ′ ̸ = ⊥ : A wins O . Corr k e / ∆ e if m ′ = ⊥ : A loses O . Upd • Challenger checks for trivial wins ∗ • CPA + CTXT = ⇒ CCA? • (R)CCA secure updatable encryption with integrity protection

  25. Relations

  26. Relations among IND - ENC , IND - UPD and IND - UE 14 +detIND-UPD-CCA IND-ENC-CCA detIND-UPD-CCA IND-ENC-CPA detIND-UE-CCA +detIND-UPD-CPA IND-ENC-CPA detIND-UPD-CPA IND-ENC-CPA detIND-UE-CPA +randIND-UPD-CPA IND-ENC-CPA randIND-UE-CPA \ \ \ IND-ENC-CPA randIND-UPD-CPA \

  27. Relations among CPA, CTXT and CCA 15 CPA + CTXT = ⇒ CCA for UE IND-ENC-CPA + INT-CTXT = ⇒ IND-ENC-CCA det IND-UPD-CPA + INT-CTXT = ⇒ det IND-UPD-CCA det IND-UE-CPA + INT-CTXT = ⇒ det IND-UE-CCA

  28. UE Constructions

  29. Secure Homomorphic Ideal-cipher Nonce-based Encryption ( SHINE ) SHINE . Enc : SHINE . Dec : N || m N || m π π − 1 Exp k 1 Exp 1 / k 1 C C C = π (N || m ) k 1 N || m = π − 1 ( C 1 / k 1 ) 16

  30. Secure Homomorphic Ideal-cipher Nonce-based Encryption ( SHINE ) N || m N || m π π − 1 Exp k 1 ∆ 2 = k 2 / k 1 Exp 1 / k 2 Exp ∆ 2 SHINE . Upd : C 1 C 2 C 1 = π (N || m ) k 1 C 2 = π (N || m ) k 2 16

  31. OK, but is it secure? 17 • How can we embed the challenge, with deterministic updates and adaptive security? • Partition epoch set into air-gapped segments (‘fjrewalls’) Lehmann, Tackmann; Eurocrypt ’18 • (R)CCA secure updatable encryption with integrity protection Klooß, Lehmann and Rupp; Eurocrypt ’19 • Updatable Encryption with Post-Compromise Security

  32. Firewalls: cryptographic separation C 5 k 7 … k n C 0 C 1 C 2 C 3 C 4 C 6 k 5 C n 18 k 5 k 6 k 2 • Firewalls (insulated region) defjnition: • No key inside fjrewalls is corrupted • Tokens ‘on’ the fjrewalls are not corrupted • All tokens inside fjrewalls are corrupted 0 k 6 k 4 k 3 1 2 3 4 5 6 7 … n • Separate keys, tokens and ciphertexts using fjrewalls … k 0 k 1 k 2 ∆ 4 ∆ 1 ∆ 2 ∆ 3 ∆ 4 ∆ 5 ∆ 6 ∆ 7 ∆ 3 ∆ 5 C 7 …

  33. OK, but is it secure? 19 • How can we embed the challenge, with deterministic updates and adaptive security? • Partition epoch set into air-gapped segments (‘fjrewalls’) • Hybrid argument across insulated regions • Embed the challenge in the i -th insulated region. Lehmann, Tackmann; Eurocrypt ’18 • (R)CCA secure updatable encryption with integrity protection Klooß, Lehmann and Rupp; Eurocrypt ’19 • Updatable Encryption with Post-Compromise Security

  34. Hybrid argument across insulated regions 1st 0 1 2 2nd 3 4 3rd 5 6 7 . . . n N th ∆ 1 ∆ 1 ∆ 2 ∆ 3 ∆ 4 ∆ 5 ∆ 5 ∆ 6 ∆ 7 ∆ 7 . . . k 0 k 1 k 2 k 3 k 4 k 5 k 6 k 7 . . . k N k 2 k 6 k 7 C 0 C 1 C 2 tw C 3 C 4 C 5 C 6 tw C 7 . . . C N tw L L L L L L • Game 0 20

  35. Hybrid argument across insulated regions 1st 0 1 2 2nd 3 4 3rd 5 6 7 . . . n N th ∆ 1 ∆ 1 ∆ 2 ∆ 3 ∆ 4 ∆ 5 ∆ 5 ∆ 6 ∆ 7 ∆ 7 . . . k 0 k 1 k 2 k 3 k 4 k 5 k 6 k 7 . . . k N k 2 k 6 k 7 C 0 C 1 C 2 tw C 3 C 4 C 5 C 6 tw C 7 . . . C N tw R R L L L L • Game 1 20

  36. Hybrid argument across insulated regions 1st 0 1 2 2nd 3 4 3rd 5 6 7 . . . n N th ∆ 1 ∆ 1 ∆ 2 ∆ 3 ∆ 4 ∆ 5 ∆ 5 ∆ 6 ∆ 7 ∆ 7 . . . k 0 k 1 k 2 k 3 k 4 k 5 k 6 k 7 . . . k N k 2 k 6 k 7 C 0 C 1 C 2 tw C 3 C 4 C 5 C 6 tw C 7 . . . C N tw R R R L L L • Game 2 20

  37. Hybrid argument across insulated regions 1st 0 1 2 2nd 3 4 3rd 5 6 7 . . . n N th ∆ 1 ∆ 1 ∆ 2 ∆ 3 ∆ 4 ∆ 5 ∆ 5 ∆ 6 ∆ 7 ∆ 7 . . . k 0 k 1 k 2 k 3 k 4 k 5 k 6 k 7 . . . k N k 2 k 6 k 7 C 0 C 1 C 2 tw C 3 C 4 C 5 C 6 tw C 7 . . . C N tw R R R R R L • Game 3 20

  38. Hybrid argument across insulated regions 1st 0 1 2 2nd 3 4 3rd 5 6 7 . . . n N th ∆ 1 ∆ 1 ∆ 2 ∆ 3 ∆ 4 ∆ 5 ∆ 5 ∆ 6 ∆ 7 ∆ 7 . . . k 0 k 1 k 2 k 3 k 4 k 5 k 6 k 7 . . . k N k 2 k 6 k 7 C 0 C 1 C 2 tw C 3 C 4 C 5 C 6 tw C 7 . . . C N tw R R R R R R • Game N 20

  39. OK, but is it secure? 21 Assuming DDH, and in the ideal cipher model SHINE is det IND - UE - CPA Secure

  40. SHINE0 SHINE0 . Enc : SHINE0 . Dec : N || m || 0 t N ′ || m ′ || Z = 0 t ? π π − 1 Exp k 1 Exp 1 / k 1 C C 22

  41. OK, but is it secure? 23 Assuming DDH, and in the ideal cipher model SHINE is INT - CTXT Secure Assuming CDH, and in the ideal cipher model Assuming DDH and CDH, and in the ideal cipher model SHINE is det IND - UE - CPA Secure SHINE is det IND - UE - CCA Secure

Recommend

Updatable Encryption & Key Rotation Anja Lehmann IBM Research Zurich (R)CCA Secure

Updatable Encryption & Key Rotation Anja Lehmann IBM Research Zurich (R)CCA Secure

Updatable Encryption & Key Rotation Anja Lehmann IBM Research Zurich (R)CCA Secure Updatable Encryption with Integrity Protection. EUROCRYPT 2019 M Klooss, A Lehmann, A Rupp Updatable Encryption with Post-Compromise Security. EUROCRYPT

1.08k views • 46 slides
Updatable Encryption with Post-Compromise Security Anja Lehmann & Bjrn Tackmann IBM

Updatable Encryption with Post-Compromise Security Anja Lehmann & Bjrn Tackmann IBM

Updatable Encryption with Post-Compromise Security Anja Lehmann & Bjrn Tackmann IBM Research Zurich Motivation | Outsourced Storage Data owner stores encrypted data at (untrusted) data host symmetric encryption Proactive

763 views • 24 slides
Self-Updatable Encryption: Time Constrained Access Control with Hidden Attributes and Better

Self-Updatable Encryption: Time Constrained Access Control with Hidden Attributes and Better

Self-Updatable Encryption: Time Constrained Access Control with Hidden Attributes and Better Efficiency ASIACRYPT 2013 Kwangsu Lee, Seung Geol Choi, Dong Hoon Lee, Jong Hwan Park and Moti Yung Korea University, US Naval Academy, Korea

993 views • 26 slides
Fast Cryptographic Primitives & Circular-Secure Encryption Based on Hard Learning Problems

Fast Cryptographic Primitives & Circular-Secure Encryption Based on Hard Learning Problems

Fast Cryptographic Primitives & Circular-Secure Encryption Based on Hard Learning Problems Benny Applebaum, David Cash, Chris Peikert, Amit Sahai Princeton University, Georgia Tech, SRI international, UCLA CRYPTO 2009 Learning Noisy Linear

352 views • 33 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Improving Speed and Security in Updatable Encryption Schemes Dan Boneh Saba Eskandarian

Improving Speed and Security in Updatable Encryption Schemes Dan Boneh Saba Eskandarian

Improving Speed and Security in Updatable Encryption Schemes Dan Boneh Saba Eskandarian Sam Kim Maurice Shih Stanford University Stanford University Stanford University Cisco Systems Key Rotation Key Rotation Good Reasons to

1.2k views • 109 slides
Walsh Spectrum Analysis on Sampling Distributions Fast Software Encryption - FSE 2017 (Rump

Walsh Spectrum Analysis on Sampling Distributions Fast Software Encryption - FSE 2017 (Rump

Walsh Spectrum Analysis on Sampling Distributions Fast Software Encryption - FSE 2017 (Rump Session) Speaker: Yi LU (EPFL, Ph.D.) Selmer Center for Secure and Reliable Communications, Department of Informatics, University of Bergen (UiB),

648 views • 8 slides
Improving Speed and Security in Updatable Encryption Systems Dan Boneh Saba Eskandarian

Improving Speed and Security in Updatable Encryption Systems Dan Boneh Saba Eskandarian

Improving Speed and Security in Updatable Encryption Systems Dan Boneh Saba Eskandarian Sam Kim Maurice Shih Stanford University Stanford University Stanford University Cisco Systems Key Rotation Key Rotation Good Reasons to

1.5k views • 97 slides
Public-Key Cryptography Lecture 12 CCA Secure PKE Hybrid Encryption CCA Secure PKE In SKE, to get

Public-Key Cryptography Lecture 12 CCA Secure PKE Hybrid Encryption CCA Secure PKE In SKE, to get

Public-Key Cryptography Lecture 12 CCA Secure PKE Hybrid Encryption CCA Secure PKE In SKE, to get CCA security, we used a MAC Bob would accept only messages from Alice But in PKE, Bob wants to receive messages from Eve as well! But only if it is

336 views • 14 slides
Secure Searching of Biomarkers Using Hybrid GSW Encryption Scheme Jung Hee Cheon, Miran Kim,

Secure Searching of Biomarkers Using Hybrid GSW Encryption Scheme Jung Hee Cheon, Miran Kim,

Secure Searching of Biomarkers Using Hybrid GSW Encryption Scheme Secure Searching of Biomarkers Using Hybrid GSW Encryption Scheme Jung Hee Cheon, Miran Kim, Yongsoo Song Seoul National University, South Korea iDASH Privacy & Security

283 views • 12 slides
Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information Security Group Overview 1. Application scenarios. 2. Deterministic encryption and search. 3. OPE/ORE and range queries. 4. Analysing access pattern

877 views • 48 slides
CCA-Secure Keyed-Fully Homomorphic Encryption Junzuo Lai, Robert H. Deng, Changshe Ma, Kouichi

CCA-Secure Keyed-Fully Homomorphic Encryption Junzuo Lai, Robert H. Deng, Changshe Ma, Kouichi

Introduction CCA-Secure Keyed-Fully Homomorphic Encryption Junzuo Lai, Robert H. Deng, Changshe Ma, Kouichi Sakurai and Jian Weng 1 / 26 Introduction Outline Background Related Work CCA-Secure Keyed-Fully Homomorphic Encryption Conclusion

686 views • 26 slides
MOBICEAL: TOWARDS SECURE AND PRACTICAL PLAUSIBLY DENIABLE ENCRYPTION ON MOBILE DEVICES Bing

MOBICEAL: TOWARDS SECURE AND PRACTICAL PLAUSIBLY DENIABLE ENCRYPTION ON MOBILE DEVICES Bing

MOBICEAL: TOWARDS SECURE AND PRACTICAL PLAUSIBLY DENIABLE ENCRYPTION ON MOBILE DEVICES Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li, Wen- Tao Zhu, Yangguang Tian, Zhan Wang and Albert Ching OVERVIEW 1. What is Plausibly Deniable Encryption

657 views • 28 slides
Homomorphic Encryption Based Secure Genome Data Analysis Miran Kim and Kristin Lauter

Homomorphic Encryption Based Secure Genome Data Analysis Miran Kim and Kristin Lauter

Homomorphic Encryption Based Secure Genome Data Analysis Miran Kim and Kristin Lauter Seoul National University Microsoft Research iDASH Privacy&Security Workshop, March 16, 2015 1 / 16 Secure Outsourcing GWAS 2 / 16 Minor

622 views • 24 slides
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure

580 views • 47 slides
Adaptively Simulation-Secure Attribute-Hiding Predicate Encryption by Pratish Datta 1 joint work

Adaptively Simulation-Secure Attribute-Hiding Predicate Encryption by Pratish Datta 1 joint work

Adaptively Simulation-Secure Attribute-Hiding Predicate Encryption by Pratish Datta 1 joint work with Tatsuaki Okamoto 1 and Katsuyuki Takashima 2 1 NTT Secure Platform Laboratories 3-9-11 Midori-cho, Musashino-shi, Tokyo, 180-8585 Japan 2

611 views • 29 slides
How to Search on Encrypted Data SENY KAMARA MICROSOFT RESEARCH Encryption 2 Gen ( 1 k )

How to Search on Encrypted Data SENY KAMARA MICROSOFT RESEARCH Encryption 2 Gen ( 1 k )

How to Search on Encrypted Data SENY KAMARA MICROSOFT RESEARCH Encryption 2 Gen ( 1 k ) K Secure Communiation Enc ( K , m ) c Dec (K, c ) m Alice Bob Eve Encryption 3 Gen ( 1 k ) K Secure Storage Enc (

1.42k views • 84 slides
Efficient KDM-CCA Secure Public-Key Encryption for Polynomial Functions Shuai Han, Shengli Liu,

Efficient KDM-CCA Secure Public-Key Encryption for Polynomial Functions Shuai Han, Shengli Liu,

Efficient KDM-CCA Secure Public-Key Encryption for Polynomial Functions Shuai Han, Shengli Liu, and Lin Lyu 1. Shanghai Jiao Tong University 2. State Key Laboratory of Cryptology 3. Westone Cryptologic Research Center Asiacrypt 2016, Hanoi,

950 views • 73 slides
Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh,

Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh,

Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology New Security Challenges Current computer

411 views • 26 slides
AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological University, Katholieke Universiteit Leuven Presented at DIAC 1 Classification of Authenticated Encryption AEGIS Design rationale

635 views • 19 slides
Fast Software Encryption (and Decryption)? Rumpsession FSE 2007 SPEED Software Performance

Fast Software Encryption (and Decryption)? Rumpsession FSE 2007 SPEED Software Performance

Do you care about Fast Software Encryption (and Decryption)? Rumpsession FSE 2007 SPEED Software Performance Enhancement for Encryption and Decryption June 11. & 12. 2007 Amsterdam An ECRYPT/VAMPIRE workshop on software speeds for

300 views • 4 slides
Backward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates Hyung Tae Lee

Backward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates Hyung Tae Lee

Backward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates Hyung Tae Lee Chonbuk National University, Republic of Korea June 14, 2019@ Workshop on Modern Trends in Cryptography Table of contents 1. Introduction 2.

537 views • 25 slides
Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng Zhou University of Connecticut Joint work with Juan Garay (AT&T) and Daniel Wichs (NYU) CRYPTO 2009 Outline Background New Approach

789 views • 36 slides
Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure

Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure

Introduction Specification for COFB Hardware Implementation Results of COFB-AES Conclusions References Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure Platform laboratories, Japan) Tetsu Iwata

470 views • 35 slides

More recommend