Sources
Help build the largest human-edited directory on the web.
Submit a site - Become an editor
Wikipedia. Licensed under the GNU Free Documentation License.
Are you an expert in this subject? Join the discussion and share your knowledge at Wikipedia.org.
Authenticated encryption
From Wikipedia, the free encyclopedia
Authenticated Encryption (AE) is a term used to describe encryption systems which simultaneously protect confidentiality and authenticity (integrity) of communications. These goals have long been studied, but they have only recently enjoyed a high level of interest from cryptographers due to the complexity of implementing systems for privacy and authentication separately in a single application.
In addition to protecting message integrity and confidentiality, authenticated encryption can provide plaintext awareness and security against chosen ciphertext attack. In these attacks, an adversary attempts to gain an advantage against a cryptosystem (e.g., information about the secret decryption key) by submitting carefully chosen ciphertexts to some "decryption oracle" and analyzing the decrypted results. Authenticated encryption schemes can recognize improperly-constructed ciphertexts and refuse to decrypt them. This in turn prevents the attacker from requesting the decryption of any ciphertext unless he generated it correctly using the encryption algorithm, which would imply that he already knows the plaintext. Implemented correctly, this removes the usefulness of the decryption oracle, by preventing an attacker from gaining useful information that he does not already possess.
Many specialized authenticated encryption modes have been developed for use with symmetric block ciphers. However, authenticated encryption can be generically constructed by combining an encryption scheme and a Message Authentication Code (MAC), provided that the encryption scheme is semantically secure under chosen plaintext attack and the MAC function is unforgeable under chosen message attack. Bellare and Namprempre (2000) analyzed three compositions of these primitives, and demonstrated that encrypting a message and subsequently applying a MAC to the ciphertext implies security against adaptive chosen ciphertext attack, provided that both functions meet the required properties.
- M. Bellare and C. Namprempre, Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm. Extended abstract in Advances in Cryptology - Asiacrypt 2000 Proceedings, Lecture Notes in Computer Science Vol. 1976, T. Okamoto ed, Springer-Verlag, 2000.
 |
This cryptography-related article is a stub. You can help Wikipedia by expanding it. |
| Hash algorithms: Gost-Hash | HAS-160 | HAS-V | HAVAL | MDC-2 | MD2 | MD4 | MD5 | N-Hash | RadioGatún | RIPEMD | SHA family | Snefru | Tiger | VEST | WHIRLPOOL | crypt(3) DES |
| MAC algorithms: DAA | CBC-MAC | HMAC | OMAC/CMAC | PMAC | UMAC | Poly1305-AES | VEST |
| Authenticated encryption modes: CCM | EAX | GCM | OCB | VEST Attacks: Birthday attack | Collision attack | Preimage attack | Rainbow table | Brute force attack |
| Standardization: CRYPTREC | NESSIE Misc: Avalanche effect | Hash collision | Hash functions based on block ciphers |
| History of cryptography | Cryptanalysis | Cryptography portal | Topics in cryptography |
| Symmetric-key algorithm | Block cipher | Stream cipher | Public-key cryptography | Cryptographic hash function | Message authentication code | Random numbers |