Security of data encapsulation mechanisms in the multi-user setting
Date:
Thursday, May 18, 2017 13:00 - 14:00
Speaker:
Federico Giacon (RUB Bochum)
Location:
Computer Science Room (I01.2OG.)
Series:
Mathematics and CS Seminar
Host:
Krzysztof Pietrzak
Contact:
BONVENTRE-DARTHE Astrid
In practice, public key encryption (PKE) is routinely implemented by combining two cryptographic primitives: a key encapsulation mechanism (KEM) and a data encapsulation mechanism (DEM). The known notion of multi-user security for PKE allows the adversary to query a challenge encryption oracle on related messages addressing different users. We extend this idea to multi-user security notions for KEMs and DEMs, which give rise to a very natural composition theorem. We then expand on the security of deterministic DEMs by studying their resilience against certain generic attacks. The effectiveness of the latter motivates our definition of an augmented data encapsulation mechanism (ADEM): a DEM that takes besides key and message an additional "tag" input for encapsulation. In the corresponding security model the tag is randomly picked during challenge encapsulation, and given to the adversary together with the ciphertext. To provide a better understanding of this principle we propose some ADEM constructions based on the CTR mode of operation using idealized primitives. We analyze the security of our schemes, as well as of standard DEMs, and relate them to each other.