用短密钥反复愚弄一个无界的对手:蜂蜜加密的视角

Xinze Li, Qiang Tang, Zhenfeng Zhang
{"title":"用短密钥反复愚弄一个无界的对手:蜂蜜加密的视角","authors":"Xinze Li, Qiang Tang, Zhenfeng Zhang","doi":"10.4230/LIPIcs.ITC.2021.23","DOIUrl":null,"url":null,"abstract":"This article is motivated by the classical results from Shannon that put the simple and elegant one-time pad away from practice: key length has to be as large as message length and the same key could not be used more than once. In particular, we consider encryption algorithm to be defined relative to specific message distributions in order to trade for unconditional security. Such a notion named honey encryption (HE) was originally proposed for achieving best possible security for password based encryption where secrete key may have very small amount of entropy. Exploring message distributions as in HE indeed helps circumvent the classical restrictions on secret keys.We give a new and very simple honey encryption scheme satisfying the unconditional semantic security (for the targeted message distribution) in the standard model (all previous constructions are in the random oracle model, even for message recovery security only). Our new construction can be paired with an extremely simple yet “tighter” analysis, while all previous analyses (even for message recovery security only) were fairly complicated and require stronger assumptions. We also show a concrete instantiation further enables the secret key to be used for encrypting multiple messages. 2012 ACM Subject Classification Security and privacy → Cryptography; Theory of computation → Cryptographic primitives","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":"26 1","pages":"23:1-23:21"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Fooling an Unbounded Adversary with a Short Key, Repeatedly: The Honey Encryption Perspective\",\"authors\":\"Xinze Li, Qiang Tang, Zhenfeng Zhang\",\"doi\":\"10.4230/LIPIcs.ITC.2021.23\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This article is motivated by the classical results from Shannon that put the simple and elegant one-time pad away from practice: key length has to be as large as message length and the same key could not be used more than once. In particular, we consider encryption algorithm to be defined relative to specific message distributions in order to trade for unconditional security. Such a notion named honey encryption (HE) was originally proposed for achieving best possible security for password based encryption where secrete key may have very small amount of entropy. Exploring message distributions as in HE indeed helps circumvent the classical restrictions on secret keys.We give a new and very simple honey encryption scheme satisfying the unconditional semantic security (for the targeted message distribution) in the standard model (all previous constructions are in the random oracle model, even for message recovery security only). Our new construction can be paired with an extremely simple yet “tighter” analysis, while all previous analyses (even for message recovery security only) were fairly complicated and require stronger assumptions. We also show a concrete instantiation further enables the secret key to be used for encrypting multiple messages. 2012 ACM Subject Classification Security and privacy → Cryptography; Theory of computation → Cryptographic primitives\",\"PeriodicalId\":6403,\"journal\":{\"name\":\"2007 IEEE International Test Conference\",\"volume\":\"26 1\",\"pages\":\"23:1-23:21\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 IEEE International Test Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4230/LIPIcs.ITC.2021.23\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE International Test Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4230/LIPIcs.ITC.2021.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

摘要

本文的灵感来自Shannon的经典结果,该结果使简单而优雅的一次性键盘远离实践:密钥长度必须与消息长度一样大,并且同一个密钥不能使用多次。特别是,我们认为加密算法是相对于特定的消息分布来定义的,以便获得无条件的安全性。这种被称为蜂蜜加密(HE)的概念最初是为了实现基于密码的加密的最佳安全性而提出的,其中秘密密钥可能具有非常小的熵。在HE中研究消息分布确实有助于规避密匙的经典限制。我们给出了一种新的非常简单的蜂蜜加密方案,满足标准模型中的无条件语义安全(针对目标消息分发)(之前的所有结构都在随机oracle模型中,甚至仅针对消息恢复安全)。我们的新结构可以与极其简单但“更严格”的分析相匹配,而之前的所有分析(甚至仅针对消息恢复安全性)都相当复杂,需要更强的假设。我们还展示了一个具体的实例,该实例进一步支持将密钥用于加密多条消息。2012 ACM主题分类安全与隐私→密码学;计算理论→密码学原语
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Fooling an Unbounded Adversary with a Short Key, Repeatedly: The Honey Encryption Perspective
This article is motivated by the classical results from Shannon that put the simple and elegant one-time pad away from practice: key length has to be as large as message length and the same key could not be used more than once. In particular, we consider encryption algorithm to be defined relative to specific message distributions in order to trade for unconditional security. Such a notion named honey encryption (HE) was originally proposed for achieving best possible security for password based encryption where secrete key may have very small amount of entropy. Exploring message distributions as in HE indeed helps circumvent the classical restrictions on secret keys.We give a new and very simple honey encryption scheme satisfying the unconditional semantic security (for the targeted message distribution) in the standard model (all previous constructions are in the random oracle model, even for message recovery security only). Our new construction can be paired with an extremely simple yet “tighter” analysis, while all previous analyses (even for message recovery security only) were fairly complicated and require stronger assumptions. We also show a concrete instantiation further enables the secret key to be used for encrypting multiple messages. 2012 ACM Subject Classification Security and privacy → Cryptography; Theory of computation → Cryptographic primitives
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信