Abstract
Message franking is a feature of end-to-end encrypted messaging introduced by Facebook that enables users to report abusive contents in a verifiable manner. Grubbs et al. (CRYPTO 2017) formalized a symmetric-key primitive usable for message franking, called compactly committing authenticated encryption with associated data (ccAEAD), and presented schemes with provable security. Dodis et al. (CRYPTO 2018) proposed a core building block for ccAEAD, called encryptment, and presented a generic construction of ccAEAD combining encryptment and conventional AEAD. We show that ccAEAD can be built on encryptment and a tweakable block cipher (TBC), leading to simpler and more efficient constructions of ccAEAD than Dodis et al.’s methods. Our construction, called EnCryptment-then-TBC (ECT), is secure under a new but feasible assumption on the ciphertext integrity of encryptment. We also formalize the notion of remotely keyed ccAEAD (RK ccAEAD) and show that our ECT works as RK ccAEAD. RK ccAEAD was first considered by Dodis et al. as a useful variant of ccAEAD when it is implemented on a platform consisting of a trusted module and an untrusted (leaking) module. However, its feasibility was left open. Our work is the first to show its feasibility with a concrete scheme.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The second method of Dodis et al. has also larger bandwidth than ours for the existence of tag. A concrete comparison is not possible as it is nonce-based.
References
Albertini, A., Duong, T., Gueron, S., Kölbl, S., Luykx, A., Schmieg, S.: How to abuse and fix authenticated encryption without key commitment. In: Butler, K.R.B., Thomas, K. (eds.) 31st USENIX Security Symposium, USENIX Security 2022, pp. 3291–3308. USENIX Association (2022). https://www.usenix.org/conference/usenixsecurity22/presentation/albertini
Bellare, M., Hoang, V.T.: Efficient schemes for committing authenticated encryption. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13276, pp. 845–875. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-07085-3_29
Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_41
Bellizia, D., et al.: Mode-level vs. implementation-level physical security in symmetric cryptography. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 369–400. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56784-2_13
Berti, F., Guo, C, Pereira, O., Peters, T., Standaert, F-X.,: TEDT, a leakage-resistant AEAD mode for high physical security applications. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(1), 256–320 (2020). https://doi.org/10.13154/tches.v2020.i1.256-320
Berti, F., Pereira, O., Standaert, F.-X.: Reducing the cost of authenticity with leakages: a \(\sf CIML2 {-secure \sf AE}\) scheme with one call to a strongly protected tweakable block cipher. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2019. LNCS, vol. 11627, pp. 229–249. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23696-0_12
Blaze, M.: High-bandwidth encryption with low-bandwidth smartcards. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 33–40. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-60865-6_40
Blaze, M., Feigenbaum, J., Naor, M.: A formal treatment of remotely keyed encryption. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 251–265. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054131
Chan, J., Rogaway, P.: On committing authenticated-encryption. In: Atluri, V., Pietro, R.D., Jensen, C.D., Meng, W. (eds.) ESORICS 2022. LNCS, vol. 13555, pp. 275–294. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-17146-8_14
Chen, L., Tang, Q.: People who live in glass houses should not throw stones: targeted opening message franking schemes. Cryptology ePrint Archive, Report 2018/994 (2018). https://eprint.iacr.org/2018/994
Dobraunig, C., et al.: Isap v2.0. IACR Trans. Symm. Cryptol. 2020(S1), 390–416 (2020). https://doi.org/10.13154/tosc.v2020.iS1.390-416
Dodis, Y., An, J.H.: Concealment and its applications to authenticated encryption. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 312–329. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_19
Dodis, Y., Grubbs, P., Ristenpart, T., Woodage, J.: Fast message franking: from invisible salamanders to encryptment. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 155–186. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_6
Dodis, Y., Grubbs, P., Ristenpart, T., Woodage, J.: Fast message franking: from invisible salamanders to encryptment. Cryptology ePrint Archive, Paper 2019/016 (2019). https://eprint.iacr.org/2019/016
Facebook: Facebook messenger. https://www.messenger.com. Accessed 09 Oct 2022
Facebook: Messenger secret conversations. Technical Whitepaper (2016). https://about.fb.com/wp-content/uploads/2016/07/messenger-secret-conversations-technical-whitepaper.pdf
Farshim, P., Orlandi, C., Rosie, R.: Security of symmetric primitives under incorrect usage of keys. IACR Trans. Symm. Cryptol. 2017(1), 449–473 (2017). https://doi.org/10.13154/tosc.v2017.i1.449-473
Grubbs, P., Lu, J., Ristenpart, T.: Message franking via committing authenticated encryption. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 66–97. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_3
Hirose, S.: Compactly committing authenticated encryption using tweakable block cipher. In: Kutylowski, M., Zhang, J., Chen, C. (eds.) NSS 2020. LNCS, vol. 12570, pp. 187–206. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-030-65745-1_11
Huang, Q., Yang, G., Wong, D.S., Susilo, W.: Efficient strong designated verifier signature schemes without random oracle or with non-delegatability. Int. J. Inf. Secur. 10(6), 373–385 (2011). https://doi.org/10.1007/s10207-011-0146-1
Huguenin-Dumittan, L., Leontiadis, I.: A message franking channel. In: Yu, Yu., Yung, M. (eds.) Inscrypt 2021. LNCS, vol. 13007, pp. 111–128. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88323-2_6
Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_13
Jakobsson, M., Stern, J.P., Yung, M.: Scramble all, encrypt small. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 95–111. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48519-8_8
Katz, J., Yung, M.: Complete characterization of security notions for probabilistic private-key encryption. In: Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing, pp. 245–254 (2000)
Len, J., Grubbs, P., Ristenpart, T.: Partitioning oracle attacks. In: Bailey, M., Greenstadt, R. (eds.) 30th USENIX Security Symposium, USENIX Security 2021, pp. 195–212. USENIX Association (2021). https://www.usenix.org/conference/usenixsecurity21/presentation/len
Leontiadis, I., Vaudenay, S.: Private message franking with after opening privacy. Cryptology ePrint Archive, Report 2018/938 (2018). https://eprint.iacr.org/2018/938
Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_3
Liskov, M.D., Rivest, R.L., Wagner, D.A.: Tweakable block ciphers. J. Cryptol. 24(3), 588–613 (2011). https://doi.org/10.1007/s00145-010-9073-y
Lucks, S.: On the security of remotely keyed encryption. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 219–229. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052349
Lucks, S.: Accelerated remotely keyed encryption. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 112–123. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48519-8_9
Naito, Y., Sasaki, Y., Sugawara, T.: Secret can be public: low-memory AEAD mode for high-order masking. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13509, pp. 315–345. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-15982-4_11
Shen, Y., Peters, T., Standaert, F., Cassiers, G., Verhamme, C.: Triplex: an efficient and one-pass leakage-resistant mode of operation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022(4), 135–162 (2022). https://doi.org/10.46586/tches.v2022.i4.135-162
Signal Foundation: Signal. https://signal.org/. Accessed 09 Oct 2022
Tyagi, N., Grubbs, P., Len, J., Miers, I., Ristenpart, T.: Asymmetric message franking: content moderation for metadata-private end-to-end encryption. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 222–250. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_8
WhatsApp: WhatsApp Messenger. https://www.whatsapp.com. Accessed 09 Oct 2022
Yamamuro, H., Hara, K., Tezuka, M., Yoshida, Y., Tanaka, K.: Forward secure message franking. In: Park, J.H., Seo, S. (eds.) ICISC 2021. LNCS, vol. 13218, pp. 339–358. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-031-08896-4_18
Acknowledgements
The authors thank Akiko Inoue for fruitful discussions. The first author was supported by JSPS KAKENHI Grant Number 21K11885.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Hirose, S., Minematsu, K. (2024). Compactly Committing Authenticated Encryption Using Encryptment and Tweakable Block Cipher. In: Carlet, C., Mandal, K., Rijmen, V. (eds) Selected Areas in Cryptography – SAC 2023. SAC 2023. Lecture Notes in Computer Science, vol 14201. Springer, Cham. https://doi.org/10.1007/978-3-031-53368-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-53368-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-53367-9
Online ISBN: 978-3-031-53368-6
eBook Packages: Computer ScienceComputer Science (R0)