Nonce-Based Symmetric Encryption

10 years 1 months ago
Nonce-Based Symmetric Encryption
Symmetric encryption schemes are usually formalized so as to make the encryption operation a probabilistic or state-dependent function E of the message M and the key K: the user supplies M and K and the encryption process does the rest, flipping coins or modifying internal state in order to produce a ciphertext C. Here we investigate an alternative syntax for an encryption scheme, where the encryption process E is a deterministic function that surfaces an initialization vector (IV). The user supplies a message M, key K, and initialization vector N, getting back the (one and only) associated ciphertext C = EN K (M). We concentrate on the case where the IV is guaranteed to be a nonce—something that takes on a new value with every message one encrypts. We explore definitions, constructions, and properties for nonce-based encryption. Symmetric encryption with a surfaced IV more directly captures real-word constructions like CBC mode, and encryption schemes constructed to be secure unde...
Phillip Rogaway
Added 01 Jul 2010
Updated 01 Jul 2010
Type Conference
Year 2004
Where FSE
Authors Phillip Rogaway
Comments (0)