Skip to main content
SpringerLink
Log in

Compactly Committing Authenticated Encryption Using Encryptment and Tweakable Block Cipher

  • Conference paper
  • First Online:
Selected Areas in Cryptography – SAC 2023 (SAC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14201))

Included in the following conference series:

  • 116 Accesses

Abstract

Message franking is a feature of end-to-end encrypted messaging introduced by Facebook that enables users to report abusive contents in a verifiable manner. Grubbs et al. (CRYPTO 2017) formalized a symmetric-key primitive usable for message franking, called compactly committing authenticated encryption with associated data (ccAEAD), and presented schemes with provable security. Dodis et al. (CRYPTO 2018) proposed a core building block for ccAEAD, called encryptment, and presented a generic construction of ccAEAD combining encryptment and conventional AEAD. We show that ccAEAD can be built on encryptment and a tweakable block cipher (TBC), leading to simpler and more efficient constructions of ccAEAD than Dodis et al.’s methods. Our construction, called EnCryptment-then-TBC (ECT), is secure under a new but feasible assumption on the ciphertext integrity of encryptment. We also formalize the notion of remotely keyed ccAEAD (RK ccAEAD) and show that our ECT works as RK ccAEAD. RK ccAEAD was first considered by Dodis et al. as a useful variant of ccAEAD when it is implemented on a platform consisting of a trusted module and an untrusted (leaking) module. However, its feasibility was left open. Our work is the first to show its feasibility with a concrete scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The second method of Dodis et al. has also larger bandwidth than ours for the existence of tag. A concrete comparison is not possible as it is nonce-based.

References

  1. Albertini, A., Duong, T., Gueron, S., Kölbl, S., Luykx, A., Schmieg, S.: How to abuse and fix authenticated encryption without key commitment. In: Butler, K.R.B., Thomas, K. (eds.) 31st USENIX Security Symposium, USENIX Security 2022, pp. 3291–3308. USENIX Association (2022). https://www.usenix.org/conference/usenixsecurity22/presentation/albertini

  2. Bellare, M., Hoang, V.T.: Efficient schemes for committing authenticated encryption. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13276, pp. 845–875. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-07085-3_29

  3. Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_41

    Chapter  Google Scholar 

  4. Bellizia, D., et al.: Mode-level vs. implementation-level physical security in symmetric cryptography. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 369–400. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56784-2_13

    Chapter  Google Scholar 

  5. Berti, F., Guo, C, Pereira, O., Peters, T., Standaert, F-X.,: TEDT, a leakage-resistant AEAD mode for high physical security applications. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(1), 256–320 (2020). https://doi.org/10.13154/tches.v2020.i1.256-320

  6. Berti, F., Pereira, O., Standaert, F.-X.: Reducing the cost of authenticity with leakages: a \(\sf CIML2 {-secure \sf AE}\) scheme with one call to a strongly protected tweakable block cipher. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2019. LNCS, vol. 11627, pp. 229–249. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23696-0_12

    Chapter  Google Scholar 

  7. Blaze, M.: High-bandwidth encryption with low-bandwidth smartcards. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 33–40. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-60865-6_40

    Chapter  Google Scholar 

  8. Blaze, M., Feigenbaum, J., Naor, M.: A formal treatment of remotely keyed encryption. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 251–265. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054131

    Chapter  Google Scholar 

  9. Chan, J., Rogaway, P.: On committing authenticated-encryption. In: Atluri, V., Pietro, R.D., Jensen, C.D., Meng, W. (eds.) ESORICS 2022. LNCS, vol. 13555, pp. 275–294. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-17146-8_14

  10. Chen, L., Tang, Q.: People who live in glass houses should not throw stones: targeted opening message franking schemes. Cryptology ePrint Archive, Report 2018/994 (2018). https://eprint.iacr.org/2018/994

  11. Dobraunig, C., et al.: Isap v2.0. IACR Trans. Symm. Cryptol. 2020(S1), 390–416 (2020). https://doi.org/10.13154/tosc.v2020.iS1.390-416

  12. Dodis, Y., An, J.H.: Concealment and its applications to authenticated encryption. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 312–329. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_19

    Chapter  Google Scholar 

  13. Dodis, Y., Grubbs, P., Ristenpart, T., Woodage, J.: Fast message franking: from invisible salamanders to encryptment. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 155–186. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_6

    Chapter  Google Scholar 

  14. Dodis, Y., Grubbs, P., Ristenpart, T., Woodage, J.: Fast message franking: from invisible salamanders to encryptment. Cryptology ePrint Archive, Paper 2019/016 (2019). https://eprint.iacr.org/2019/016

  15. Facebook: Facebook messenger. https://www.messenger.com. Accessed 09 Oct 2022

  16. Facebook: Messenger secret conversations. Technical Whitepaper (2016). https://about.fb.com/wp-content/uploads/2016/07/messenger-secret-conversations-technical-whitepaper.pdf

  17. Farshim, P., Orlandi, C., Rosie, R.: Security of symmetric primitives under incorrect usage of keys. IACR Trans. Symm. Cryptol. 2017(1), 449–473 (2017). https://doi.org/10.13154/tosc.v2017.i1.449-473

  18. Grubbs, P., Lu, J., Ristenpart, T.: Message franking via committing authenticated encryption. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 66–97. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_3

    Chapter  Google Scholar 

  19. Hirose, S.: Compactly committing authenticated encryption using tweakable block cipher. In: Kutylowski, M., Zhang, J., Chen, C. (eds.) NSS 2020. LNCS, vol. 12570, pp. 187–206. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-030-65745-1_11

  20. Huang, Q., Yang, G., Wong, D.S., Susilo, W.: Efficient strong designated verifier signature schemes without random oracle or with non-delegatability. Int. J. Inf. Secur. 10(6), 373–385 (2011). https://doi.org/10.1007/s10207-011-0146-1

    Article  Google Scholar 

  21. Huguenin-Dumittan, L., Leontiadis, I.: A message franking channel. In: Yu, Yu., Yung, M. (eds.) Inscrypt 2021. LNCS, vol. 13007, pp. 111–128. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88323-2_6

    Chapter  Google Scholar 

  22. Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_13

    Chapter  Google Scholar 

  23. Jakobsson, M., Stern, J.P., Yung, M.: Scramble all, encrypt small. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 95–111. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48519-8_8

    Chapter  Google Scholar 

  24. Katz, J., Yung, M.: Complete characterization of security notions for probabilistic private-key encryption. In: Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing, pp. 245–254 (2000)

    Google Scholar 

  25. Len, J., Grubbs, P., Ristenpart, T.: Partitioning oracle attacks. In: Bailey, M., Greenstadt, R. (eds.) 30th USENIX Security Symposium, USENIX Security 2021, pp. 195–212. USENIX Association (2021). https://www.usenix.org/conference/usenixsecurity21/presentation/len

  26. Leontiadis, I., Vaudenay, S.: Private message franking with after opening privacy. Cryptology ePrint Archive, Report 2018/938 (2018). https://eprint.iacr.org/2018/938

  27. Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_3

    Chapter  Google Scholar 

  28. Liskov, M.D., Rivest, R.L., Wagner, D.A.: Tweakable block ciphers. J. Cryptol. 24(3), 588–613 (2011). https://doi.org/10.1007/s00145-010-9073-y

    Article  MathSciNet  Google Scholar 

  29. Lucks, S.: On the security of remotely keyed encryption. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 219–229. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052349

    Chapter  Google Scholar 

  30. Lucks, S.: Accelerated remotely keyed encryption. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 112–123. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48519-8_9

    Chapter  Google Scholar 

  31. Naito, Y., Sasaki, Y., Sugawara, T.: Secret can be public: low-memory AEAD mode for high-order masking. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13509, pp. 315–345. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-15982-4_11

  32. Shen, Y., Peters, T., Standaert, F., Cassiers, G., Verhamme, C.: Triplex: an efficient and one-pass leakage-resistant mode of operation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022(4), 135–162 (2022). https://doi.org/10.46586/tches.v2022.i4.135-162

  33. Signal Foundation: Signal. https://signal.org/. Accessed 09 Oct 2022

  34. Tyagi, N., Grubbs, P., Len, J., Miers, I., Ristenpart, T.: Asymmetric message franking: content moderation for metadata-private end-to-end encryption. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 222–250. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_8

    Chapter  Google Scholar 

  35. WhatsApp: WhatsApp Messenger. https://www.whatsapp.com. Accessed 09 Oct 2022

  36. Yamamuro, H., Hara, K., Tezuka, M., Yoshida, Y., Tanaka, K.: Forward secure message franking. In: Park, J.H., Seo, S. (eds.) ICISC 2021. LNCS, vol. 13218, pp. 339–358. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-031-08896-4_18

Download references

Acknowledgements

The authors thank Akiko Inoue for fruitful discussions. The first author was supported by JSPS KAKENHI Grant Number 21K11885.

Author information

Authors and Affiliations

  1. University of Fukui, Fukui, Japan

    Shoichi Hirose

  2. NEC, Kawasaki, Japan

    Kazuhiko Minematsu

  3. Yokohama National University, Yokohama, Japan

    Kazuhiko Minematsu

Authors
  1. Shoichi Hirose
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kazuhiko Minematsu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shoichi Hirose .

Editor information

Editors and Affiliations

  1. University Paris 8, Paris, France

    Claude Carlet

  2. University of New Brunswick, Fredericton, NB, Canada

    Kalikinkar Mandal

  3. University of Leuven and University of Bergen, Heverlee, Belgium

    Vincent Rijmen

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hirose, S., Minematsu, K. (2024). Compactly Committing Authenticated Encryption Using Encryptment and Tweakable Block Cipher. In: Carlet, C., Mandal, K., Rijmen, V. (eds) Selected Areas in Cryptography – SAC 2023. SAC 2023. Lecture Notes in Computer Science, vol 14201. Springer, Cham. https://doi.org/10.1007/978-3-031-53368-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-53368-6_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-53367-9

  • Online ISBN: 978-3-031-53368-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation