التفاصيل البيبلوغرافية
| العنوان: |
A weakness in OCB3 used with short nonces allowing for a break of authenticity and confidentiality. |
| المؤلفون: |
Liénardy, Jean1 (AUTHOR) jean.lienardy@mil.be, Lafitte, Frédéric1 (AUTHOR) frederic.lafitte@mil.be |
| المصدر: |
Information Processing Letters. Jan2024, Vol. 183, pN.PAG-N.PAG. 1p. |
| مصطلحات موضوعية: |
*CONFIDENTIAL communications, *PUBLIC key cryptography, TRUST |
| مستخلص: |
OCB3 is a mature and provably secure authenticated encryption mode of operation which allows for associated data (AEAD). This note reports a small flaw in the security proof of OCB3 that may cause a loss of security in practice, even if OCB3 is correctly implemented in a trustworthy and nonce-respecting module. The flaw is present when OCB3 is used with short nonces. It has security implications that are worse than nonce-repetition as confidentiality and authenticity are lost until the key is changed. The flaw is due to an implicit condition in the security proof and to the way OCB3 processes nonces. Different ways to fix the mode are presented. • OCB3 is the latest in a series of AE algorithms designed to provide proven security in the concrete security framework. • We point out an implicit assumption in the security proof that may cause some compliant implementations to lose all security. • We investigate the security implications and argue why OCB3's specification documents should be updated accordingly. [ABSTRACT FROM AUTHOR] |
|
Copyright of Information Processing Letters is the property of Elsevier B.V. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) |
| قاعدة البيانات: |
Business Source Index |
