Analysis and Design of Authenticated Encryption Schemes

认证加密方案的分析与设计

• 批准号: RGPIN-2015-05913
• 负责人: Youssef, Amr
• 金额: $ 2.19万
• 依托单位: Concordia University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2018
• 资助国家: 加拿大
• 起止时间: 2018-01-01 至 2019-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=669402
• 关键词: Analysis; Design; Authenticated; Encryption; Schemes

While in most people's minds confidentiality is the primary goal of cryptography, message authentication is arguably as important. Cryptographers have long realized the importance of the privacy and integrity goals. However, the traditional approach to tackle the problem of achieving confidentiality and integrity has been to consider these two goals in isolation; security researchers designed encryption schemes to protect the privacy of digital communication and they independently designed message authentication codes to protect its integrity.  Recently, there have been a series of disastrous attacks resulting from the wrong application of confidentiality and authenticity primitives. Consequently, and following the National Institute for Standards and Technology (NIST) Advanced Encryption Standard (AES) competition, the European Union eStream competition, and the NIST SHA-3 hash function competition, a new Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) funded by NIST was announced. While being relatively new, this competition has provided a boost to the cryptographic research community to consider the analysis and design of authenticated encryption (AE) primitives. In the first phase of this competition, which started in March 2014, 57 submissions were received. Since this competition has been opened, AE schemes are probably the most frequently visited and challenging topic in the area of symmetric key cryptology.******There are mainly two approaches to design an integrated AE algorithm. The first is to use a block cipher in a special mode. The second, and arguably more efficient approach, is to design a dedicated AE algorithm where the message is used to update the state of the underlying cipher and message authentication can be achieved almost for free. In this research project, we plan to focus on schemes constructed using the latter approach. ***The objective of this project is to investigate the design, analysis and implementation of efficient families of provably secure (against a predefined set of cryptanalytic attacks) dedicated AE schemes. In particular, we plan to (i) Apply state of the art cryptanalytic attacks and automated cryptanalysis tools to the AE schemes submitted to the CAESAR competition, (ii) Investigate different construction methods for AE schemes including new designs whose underlying primitives are based on  AES-like primitives and the recently proposed cryptographic Duplex/Sponge-based constructions (the recently selected hash function standard is a Sponge-based construction) (iii) Establish a criteria for quantifying the AE scheme resistance against different attacks, including side channel attacks, and apply this knowledge to the design of an efficient, secure, nonce misuse resistant, parallelizable and online AE which can be optimized to operate within resource constrained environments.**

虽然在大多数人的心目中，机密性是密码学的主要目标，但消息身份验证可以说同样重要。密码学家早就意识到隐私和完整性目标的重要性。然而，解决保密性和完整性问题的传统方法一直是孤立地考虑这两个目标；安全研究人员设计了加密方案来保护数字通信的隐私，他们独立地设计了消息认证码来保护其完整性。最近，由于错误应用机密性和真实性原语，发生了一系列灾难性的攻击。因此，继国家标准与技术研究所(NIST)高级加密标准(AES)竞赛、欧盟eStream竞赛和NIST SHA-3散列函数竞赛之后，由NIST资助的新的认证加密竞赛：安全性、适用性和健壮性(CAESAR)宣布。虽然这是一个相对较新的竞赛，但它为密码学研究社区提供了一个推动，让他们考虑分析和设计认证加密(AE)原语。在2014年3月开始的第一阶段比赛中，共收到57份参赛作品。自本次竞赛开始以来，AE方案可能是对称密钥密码学领域中访问最频繁和最具挑战性的话题。第一种是在特殊模式下使用分组密码。第二种方法，可以说是更有效的方法，是设计一种专用的AE算法，其中消息被用来更新底层密码的状态，并且消息身份验证几乎可以免费实现。在这个研究项目中，我们计划专注于使用后一种方法构建的方案。*这个项目的目标是研究高效的可证明安全的(对抗一组预定义的密码分析攻击)专用AE方案的设计、分析和实现。特别是，我们计划(I)将最先进的密码分析攻击和自动密码分析工具应用于提交给Caesar竞赛的AE方案，(Ii)研究用于AE方案的不同构造方法，包括其底层原语基于类AES原语的新设计和最近提出的基于密码双工/海绵的构造(最近选择的散列函数标准是基于海绵的构造)(Iii)建立用于量化AE方案对包括侧信道攻击在内的不同攻击的抵抗力的标准，并将这些知识应用于设计高效、安全、抗一次性误用、可并行和在线的AE，可优化以在资源受限的环境中运行。**