Abstract
At CRYPTO 2000, Desai proposed a simple and faster AONT based on the CTR mode of encryption (called, CTRT) and proved its security in the ideal cipher model. Though AES-128 whose key length \(k=128\) and block length \(l=128\) can be used in CTRT as a block cipher, AES-256 cannot be used in CTRT due to its intrinsic restriction of \(k \le l\). According to a recent ECRYPT-CSA report, AES-256 is strongly recommended rather than AES-128 for long term protection (security for thirty to fifty years) and post-quantum security. In this paper, we propose an extended CTRT (named as XCTRT) suitable for AES-256. By thoroughly evaluating all the tricky cases, we prove that XCTRT is secure in the ideal cipher model under the same AONT security definition of Desai. Also, we discuss the security result of XCTRT in concrete parameter settings. After showing performance measurements of XCTRT, we can say that our XCTRT has high speed encoding/decoding performance and is quite practical to be deployed in the real-world applications (e.g., cloud storage service).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This indicates that XCTRT complements CTRT with respect to the usage of AES. That is, AES-128 can be used in CTRT and AES-256 can be used in XCTRT.
- 2.
The only unknown term in \(K = y[1] \oplus \cdots \oplus y[j] \oplus \cdots \oplus y[m]\) is y[j].
- 3.
Though resistance to side-channel attacks lies outside the scope of this paper, it might be interesting to consider such property for software/hardware implementations of XCTRT.
- 4.
Only when the input size is 512 KB, the speed of encoding is quite slower than that of decoding. As a future work, we’d like to clarify an exact reason of this strange phenomenon.
References
IBM Cloud Object Storage. https://www.ibm.com/cloud/object-storage
Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053428
Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the 1979 AFIPS National Computer Conference, pp. 313–317. AFIPS Press (1979)
Boyko, V.: On the security properties of OAEP as an all-or-nothing transform. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 503–518. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_32
Chen, L., Laing, T.M., Martin, K.M.: Revisiting and extending the AONT-RS scheme: a robust computationally secure secret sharing scheme. In: Joye, M., Nitaj, A. (eds.) AFRICACRYPT 2017. LNCS, vol. 10239, pp. 40–57. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57339-7_3
Desai, A.: The security of all-or-nothing encryption: protecting against exhaustive key search. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 359–375. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_23
ECRYPT-CSA: Algorithms, Key Size and Protocols Report, February 2018. http://www.ecrypt.eu.org/csa/documents/D5.4-FinalAlgKeySizeProt.pdf
FIPS PUB 197: Advanced Encryption Standard (AES), November 2001. https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/fips-197.pdf
Microsoft: Cryptography API: Next Generation. https://docs.microsoft.com/en-us/windows/desktop/seccng/cng-portal
Reed, I.S., Solomon, G.: Polynomial codes over certain finite fields. J. Soc. Ind. Appl. Math. 8(2), 300–304 (1960)
Resch, J.K., Plank, J.S.: AONT-RS: blending security and performance in dispersed storage systems. In: FAST 2011, pp. 191–202. USENIX (2011)
Rivest, R.L.: All-or-nothing encryption and the package transform. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 210–218. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052348
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Shin, S. et al. (2020). An Extended CTRT for AES-256. In: You, I. (eds) Information Security Applications. WISA 2019. Lecture Notes in Computer Science(), vol 11897. Springer, Cham. https://doi.org/10.1007/978-3-030-39303-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-39303-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-39302-1
Online ISBN: 978-3-030-39303-8
eBook Packages: Computer ScienceComputer Science (R0)