Your search keyword '"Yasushi Osaki"' showing total 2 results

1. Security of Hash-then-CBC Key Wrapping Revisited

Author

Tetsu Iwata and Yasushi Osaki

Subjects

Key Wrap, Theoretical computer science, Computer science, business.industry, Applied Mathematics, Distributed computing, Hash function, Skew, Plaintext, Data_CODINGANDINFORMATIONTHEORY, Encryption, Computer Graphics and Computer-Aided Design, Variable (computer science), Mode (computer interface), Known-plaintext attack, Signal Processing, Electrical and Electronic Engineering, business

Abstract

Key wrapping schemes are used to encrypt data of high entropy, such as cryptographic keys. There are two known security definitions for key wrapping schemes. One captures the security against chosen plaintext attacks (called DAE-security), and the other captures known plaintext attacks (called AKW-security). In this paper, we revisit the security of Hash-then-CBC key wrapping schemes. At SKEW 2011, Osaki and Iwata showed that the U CC -then-CBC key wrapping scheme, a key wrapping scheme that uses the U CC hash function and the CBC mode, has provable AKW-security. In this paper, we show that the scheme achieves the stronger notion of DAE-security. We also show our proof in the variable input length setting, where the adversary is allowed making queries of varying lengths. To handle such a setting, we generalize the previous definition of the U CC hash function to the variable input length setting, and show an efficient construction that meets the definition. We next consider linear-then-CBC, 2nd-preimage-resistant-then-CBC, and universal-then-CBC schemes. At SAC 2009, Gennaro and Halevi noted that these schemes do not achieve DAE-security. However, details were not presented, and we show concrete and efficient chosen plaintext attacks on these schemes, and confirm that they do not achieve DAE-security.

Published

2013

2. Further More on Key Wrapping

Author

Tetsu Iwata and Yasushi Osaki

Subjects

Theoretical computer science, Universal hashing, Applied Mathematics, Hash function, MDC-2, Computer Graphics and Computer-Aided Design, Secure Hash Standard, SHA-2, Signal Processing, Cryptographic hash function, Hash chain, Electrical and Electronic Engineering, Double hashing, Computer Science::Cryptography and Security, Mathematics

Abstract

Constructing a secure and efficient key wrapping scheme is demanding, and the scheme based on a universal hash function and an elementary encryption mode like ECB and CBC modes is potential for a practical use. However, at SAC 2009, Gennaro and Halevi showed that a key wrapping scheme using a universal hash function and ECB mode (a HtECB scheme) is broken, and the security of a scheme based on a universal hash function and CBC mode (a HtCBC scheme) has been left as an open problem. In this paper, we first generalize classical notions of universal and uniform hash functions, and propose a total of four new notions of the keyed hash function. We then prove that HtECB and HtCBC schemes are secure key wrapping schemes if the universal hash function satisfies uniformity and our notions, where the result on the HtCBC scheme gives a partial answer to the open problem. Then we discuss a basic problem of identifying relations between various notions of a keyed hash function, and point out that a monic polynomial hash function satisfies all the new notions.

Published

2012