ABSTRACT
We introduce identity-based format-preserving encryption (IB-FPE) as a way to localize and limit the damage to format-preserving encryption (FPE) from key exposure. We give definitions, relations between them, generic attacks and two transforms of FPE schemes to IB-FPE schemes. As a special case, we introduce and cover identity-based tweakable blockciphers. We apply all this to analyze DFF, an FPE scheme proposed to NIST for standardization.
Supplemental Material
- Michel Abdalla and Mihir Bellare 2000. Increasing the Lifetime of a Key: a Comparative Analysis of the Security of Re-keying Techniques. In ASIACRYPT 2000 (LNCS), Tatsuaki Okamoto (Ed.), Vol. Vol. 1976. Springer, Heidelberg, 546--559. Google ScholarCross Ref
- Mihir Bellare, Alexandra Boldyreva, and Silvio Micali. 2000. Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements EUROCRYPT 2000 (LNCS), Bart Preneel (Ed.), Vol. Vol. 1807. Springer, Heidelberg, 259--274.Google Scholar
- Mihir Bellare, Ran Canetti, and Hugo Krawczyk. 1996. Pseudorandom functions revisited: The cascade construction and its concrete security 37th FOCS. IEEE Computer Society Press, 514--523.Google Scholar
- Mihir Bellare, Anand Desai, Eric Jokipii, and Phillip Rogaway 1997. A Concrete Security Treatment of Symmetric Encryption 38th FOCS. IEEE Computer Society Press, 394--403.Google Scholar
- Mihir Bellare, Rafael Dowsley, Brent Waters, and Scott Yilek 2012. Standard Security Does Not Imply Security against Selective-Opening EUROCRYPT 2012 (LNCS), David Pointcheval and Thomas Johansson (Eds.), Vol. Vol. 7237. Springer, Heidelberg, 645--662.Google Scholar
- Mihir Bellare and Viet Tung Hoang 2017. Identity-Based Format-Preserving Encryption. Cryptology ePrint Archive. (2017). Full version of this paper.Google Scholar
- Mihir Bellare, Viet Tung Hoang, and Stefano Tessaro. 2016. Message-Recovery Attacks on Feistel-Based Format Preserving Encryption ACM CCS 16, Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi (Eds.). ACM Press, 444--455.Google Scholar
- Mihir Bellare, Dennis Hofheinz, and Scott Yilek. 2009. Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening. In EUROCRYPT 2009 (LNCS), Antoine Joux (Ed.), Vol. Vol. 5479. Springer, Heidelberg, 1--35. Google ScholarDigital Library
- Mihir Bellare, Ted Krovetz, and Phillip Rogaway. 1998. Luby-Rackoff Backwards: Increasing Security by Making Block Ciphers Non-invertible EUROCRYPT'98 (LNCS), Kaisa Nyberg (Ed.), Vol. Vol. 1403. Springer, Heidelberg, 266--280.Google Scholar
- Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers 2009. Format-Preserving Encryption. In SAC 2009 (LNCS), Michael J. Jacobson Jr., Vincent Rijmen, and Reihaneh Safavi-Naini (Eds.), Vol. Vol. 5867. Springer, Heidelberg, 295--312. Google ScholarDigital Library
- Mihir Bellare and Phillip Rogaway 2006. The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs EUROCRYPT 2006 (LNCS), Serge Vaudenay (Ed.), Vol. Vol. 4004. Springer, Heidelberg, 409--426.Google Scholar
- Eli Biham. 2002. How to decrypt or even substitute DES-encrypted messages in $2^28$ steps. Inform. Process. Lett. Vol. 84, 3 (2002), 117--124. Google ScholarDigital Library
- John Black and Phillip Rogaway 2002. Ciphers with Arbitrary Finite Domains. In CT-RSA 2002 (LNCS), Bart Preneel (Ed.), Vol. Vol. 2271. Springer, Heidelberg, 114--130. Google ScholarCross Ref
- Dan Boneh and Matthew K. Franklin 2001. Identity-Based Encryption from the Weil Pairing. CRYPTO 2001 (LNCS), Joe Kilian (Ed.), Vol. Vol. 2139. Springer, Heidelberg, 213--229. Google ScholarCross Ref
- Wei Dai, Viet Tung Hoang, and Stefano Tessaro 2017. Information-theoretic Indistinguishability via the Chi-Squared Method CRYPTO 2017. Springer, 497--523.Google Scholar
- Anand Desai and Sara Miner 2000. Concrete security characterizations of PRFs and PRPs: Reductions and applications ASIACRYPT 2000 (LNCS), Tatsuaki Okamoto (Ed.), Vol. Vol. 1976. Springer, Heidelberg, 503--516.Google Scholar
- F. Betül Durak and Serge Vaudenay 2017. Breaking and Repairing the FF3 Format Preserving Encryption over Small Domain CRYPTO 2017. Springer, 679--707.Google Scholar
- Cynthia Dwork, Moni Naor, Omer Reingold, and Larry J. Stockmeyer 1999. Magic Functions 40th FOCS. IEEE Computer Society Press, 523--534.Google Scholar
- Morris Dworkin. 2016. Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption. NIST Special Publication 800--38G (Mar. 2016). http://dx.doi.org/10.6028/NIST.SP.800--38G.Google ScholarCross Ref
- Morris Dworkin and Ray Perlner 2015. Analysis of VAES3 (FF2). Cryptology ePrint Archive, Report 2015/306. (2015). http://eprint.iacr.org/2015/306.Google Scholar
- Viet Tung Hoang, Ben Morris, and Phillip Rogaway. 2012. An Enciphering Scheme Based on a Card Shuffle. In CRYPTO 2012 (LNCS), Reihaneh Safavi-Naini and Ran Canetti (Eds.), Vol. Vol. 7417. Springer, Heidelberg, 1--13.Google ScholarDigital Library
- Dennis Hofheinz, Vanishree Rao, and Daniel Wichs 2016. Standard Security Does Not Imply Indistinguishability Under Selective Opening TCC 2016-B, Part II (LNCS), Martin Hirt and Adam D. Smith (Eds.), Vol. Vol. 9986. Springer, Heidelberg, 121--145. https://doi.org/10.1007/978-3-662-53644-5_5Google Scholar
- Tetsu Iwata. 2006. New Blockcipher Modes of Operation with Beyond the Birthday Bound Security FSE 2006 (LNCS), Matthew J. B. Robshaw (Ed.), Vol. Vol. 4047. Springer, Heidelberg, 310--327.Google Scholar
- Tetsu Iwata, Bart Mennink, and Damian Vizár. 2016. CENC is Optimally Secure. Cryptology ePrint Archive, Report 2016/1087. (2016). http://eprint.iacr.org/2016/1087.Google Scholar
- Jooyoung Lee, Atul Luykx, Bart Mennink, and Kazuhiko Minematsu. 2017. Connecting tweakable and multi-key blockcipher security. Designs, Codes and Cryptography (Mar 2017).Google Scholar
Index Terms
- Identity-Based Format-Preserving Encryption
Recommendations
Identity-based universal re-encryption for mixnets
In order to provide anonymity, universal cryptosystems have been used in various applications, including mixnets with multiple receivers. Unlike ordinary re-encryption cryptosystems, universal cryptosystems for re-encryption of ciphertexts do not ...
New identity-based key-insulated convertible multi-authenticated encryption scheme
Elaborating on the merits of convertible multi-authenticated encryption (CMAE) schemes and key-insulated systems, we propose a novel identity-based key-insulated convertible multi-authenticated encryption scheme (IB-KI-CMAE), which can effectively ...
On the security of two identity-based conditional proxy re-encryption schemes
If the original ciphertext in a PRE scheme is malleable, this scheme might not obtain chosen-ciphertext security.We presented some attacks to Liang et al.'s schemes, which fail to achieve chosen-ciphertext security. Proxy re-encryption allows a semi-...
Comments