J. Black and P. Rogaway. Ciphers with arbitrary finite domains. In B. Preneel, editor, Proceedings of the Cryptographer's Track at the RSA Conference 2002.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....variable but that can even support fractional block sizes. An advantage of our construction is that rather than introducing a new cipher whose security may be in doubt [15] it employs any extant block cipher, some of which have withstood extended cryptanalytic scrutiny [27] Black and Rogaway [5] present three methods for encrypting an arbitrary finite domain, using constructions based on any extant block cipher. However, without the name length restrictions introduced (as a side effect) in 5.1, our encryption domain is infinite. 7. Summary and conclusions In this paper, we presented ....

J. Black and P. Rogaway, "Ciphers with Arbitrary Finite Domains", RSA Data Security Conference, Cryptographer's Track, LNCS 1872, Springer-Verlag, Feb 2002.

....as a family of random permutations which are queried via an oracle to encrypt and decrypt. The oracle produces a truly random value for each new query and identical answers if the same query is asked twice; furthermore, for each key, the injectivity is satis ed. In practice, the ideal cipher [4] is instantiated using deterministic symmetric encryption function such as AES [17] Although these encryption functions have been designed with di erent criteria from being an ideal cipher, AES has been designed with unpredictability in mind. Security proofs in these two models together (both ....

J. Black and P. Rogaway. Ciphers with Arbitrary Finite Domains. In Proc. of the RSA Cryptographer's Track (RSA CT '02), LNCS 2271, pages 114130. SpringerVerlag, 2002.

....as a family of random permutations which are queried via an oracle to encrypt and decrypt. The oracle produces a truly random value for each new query and identical answers if the same query is asked twice; furthermore, for each key, the injectivity is satis ed. In practice, the ideal cipher [4] is instantiated using deterministic symmetric encryption function such as AES [17] Although these encryption functions have been designed with di erent criteria from being an ideal cipher, AES has been designed with unpredictability in mind. Security proofs in these two models together (both ....

J. Black and P. Rogaway. Ciphers with Arbitrary Finite Domains. In Proc. of the RSA Cryptographer 's Track (RSA CT '02), LNCS 2271, pages 114-130. Springer-Verlag, 2002. 16

....freshness. A Test query is made to oracle H. The chart specifies how, at the end of the execution, the session key of that oracle should be regarded (fresh or unfresh, and rs fresh or fs unfresh) Notation is described in the accompanying text. ideal cipher for use in practical protocols. See [8]. Working in this model does not render trivial the goals that this paper is interested in, and it helps make for protocols that don t waste any bits. A protocol will always have a clearlyindicated model of computation for which it is intended so, when the protocol is fixed, we do not make ....

....prime order subgroup of this group, or it could be an elliptic curve group. We denote the group operation multiplicatively. The protocol uses a cipher : Password x , where pw A Password for all A Client. There are many concrete constructions that could be used to instantiate such an object; see [8]. In the analysis this is treated as an ideal cipher. Besides the cipher we use a hash function H. It outputs g bits, where g is the length of the session key we are trying to distribute. Accordingly, the session key space K associated to this protocol is 0, 1 t equipped with a uniform ....

J. Black and P. Rogaway. Ciphers with Arbitrary Finite Domains. Manuscript, 2000.

....of the ideal cipher model, by means of a query h(hash; x) which, for shorthand, we denote H(x) The ideal cipher model is very strong (even stronger than the ideal hash model) and yet there are natural and apparently good ways to instantiate an ideal cipher for use in practical protocols. See [8]. Working in this model does not render trivial the goals that this paper is interested in, and it helps make for protocols that don t waste any bits. A protocol will always have a clearlyindicated model of computation for which it is intended so, when the protocol is fixed, we do not make ....

....of this group, or it could be an elliptic curve group. We denote the group operation multiplicatively. The protocol uses a cipher E : Password Theta G C, where pw A 2 Password for all A 2 Client . There are many concrete constructions that could be used to instantiate such an object; see [8]. In the analysis this is treated as an ideal cipher. Besides the cipher we use a hash function H. It outputs bits, where is the length of the session key we are trying to distribute. Accordingly, the session key space SK associated to this protocol is f0; 1g equipped with a uniform ....

J. Black and P. Rogaway. Ciphers with Arbitrary Finite Domains. Manuscript, 2000.

No context found.

J. Black and P. Rogaway. Ciphers with Arbitrary Finite Domains. Manuscript, 2000.

....A Test query is made to oracle Pi i U . The chart specifies how, at the end of the execution, the session key of that oracle should be regarded (fresh or unfresh, and fs fresh or fs unfresh) Notation is described in the accompanying text. ideal cipher for use in practical protocols. See [8]. Working in this model does not render trivial the goals that this paper is interested in, and it helps make for protocols that don t waste any bits. A protocol will always have a clearlyindicated model of computation for which it is intended so, when the protocol is fixed, we do not make ....

....of this group, or it could be an elliptic curve group. We denote the group operation multiplicatively. The protocol uses a cipher E : Password Theta G C, where pw A 2 Password for all A 2 Client . There are many concrete constructions that could be used to instantiate such an object; see [8]. In the analysis this is treated as an ideal cipher. Besides the cipher we use a hash function H . It outputs bits, where is the length of the session key we are trying to distribute. Accordingly, the session key space SK associated to this protocol is f0; 1g equipped with a uniform ....

J. Black and P. Rogaway. Ciphers with Arbitrary Finite Domains. Manuscript, 2000.

No context found.

J. Black and P. Rogaway. Ciphers with arbitrary finite domains. In B. Preneel, editor, Proceedings of the Cryptographer's Track at the RSA Conference 2002.

No context found.

J. Black, P. Rogaway, "Ciphers with arbitrary finite domains," Topics in Cryptology -- CT-RSA 2002.

No context found.

J. Black and P. Rogaway. Ciphers with Arbitrary Finite Domains. In Proc. of the RSA Cryptographer's Track (RSA CT '02), LNCS 2271, pages 114--130. SpringerVerlag, 2002.

No context found.

J. Black and P. Rogaway. Ciphers with Arbitrary Finite Domains. In Proc. of the RSA Cryptographer's Track (RSA CT '02), LNCS 2271, pages 114--130. Springer-Verlag, 2002. [3]

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC