NationMaster - Encyclopedia: Authenticated encryption

Authenticated Encryption (AE) is a term used to describe encryption systems which simultaneously protect confidentiality and authenticity (integrity) of communications. These goals have long been studied, but they have only recently enjoyed a high level of interest from cryptographers due to the complexity of implementing systems for privacy and authentication separately in a single application. â€œCipherâ€ redirects here. ... Confidentiality has been defined by the International Organization for Standardization (ISO) as ensuring that information is accessible only to those authorized to have access and is one of the cornerstones of Information security. ... Look up authenticity, authentic in Wiktionary, the free dictionary. ... Pre-19th century Leone Battista Alberti, polymath/universal genius, inventor of polyalphabetic substitution (see frequency analysis for the significance of this -- missed by most for a long time and dumbed down in the Vigenère cipher), and what may have been the first mechanical encryption aid. ... Authentication (from Greek Î±Ï…Î¸ÎµÎ½Ï„Î¹ÎºÏŒÏ‚; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. ...

In addition to protecting message integrity and confidentiality, authenticated encryption can provide plaintext awareness and security against chosen ciphertext attack. In these attacks, an adversary attempts to gain an advantage against a cryptosystem (e.g., information about the secret decryption key) by submitting carefully chosen ciphertexts to some "decryption oracle" and analyzing the decrypted results. Authenticated encryption schemes can recognize improperly-constructed ciphertexts and refuse to decrypt them. This in turn prevents the attacker from requesting the decryption of any ciphertext unless he generated it correctly using the encryption algorithm, which would imply that he already knows the plaintext. Implemented correctly, this removes the usefulness of the decryption oracle, by preventing an attacker from gaining useful information that he does not already possess. Plaintext-awareness is a notion of security for public-key encryption. ... A chosen ciphertext attack is an attack on a cryptosystem in which the cryptanalyst chooses ciphertext and causes it to be decrypted with an unknown key. ...

Many specialized authenticated encryption modes have been developed for use with symmetric block ciphers. However, authenticated encryption can be generically constructed by combining an encryption scheme and a Message Authentication Code (MAC), provided that the encryption scheme is semantically secure under chosen plaintext attack and the MAC function is unforgeable under chosen message attack. Bellare and Namprempre (2000) analyzed three compositions of these primitives, and demonstrated that encrypting a message and subsequently applying a MAC to the ciphertext implies security against adaptive chosen ciphertext attack, provided that both functions meet the required properties. Encryption Decryption In cryptography, a block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. ... A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ... Semantic security is a widely-used definition for security in an asymmetric key encryption algorithm. ... A chosen plaintext attack is any form of cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts. ... An adaptive chosen ciphertext attack is an interactive form of chosen ciphertext attack in which an attacker sends a number of ciphertexts to be decrypted, then uses the results of these decryptions to select subsequent ciphertexts. ...

See also

CCM mode (Counter with CBC-MAC) is a mode of operation for cryptographic block ciphers. ... In cryptography, CWC Mode (Carter-Wegman + CTR mode) is an AEAD block cipher mode of operation designed by Tadayoshi Kohno, John Viega and Doug Whiting. ... OCB mode (Offset Codebook Mode) is a mode of operation for cryptographic block ciphers. ... EAX mode is a mode of operation for cryptographic block ciphers. ... GCM mode (Galois/Counter Mode) is a mode of operation for symmetric key cryptographic block ciphers. ...

References

Categories: Cryptography stubs | Cryptography In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ... A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ... GOST R 34. ... HAS-160 is a cryptographic hash function designed for use with the Korean KCDSA digital signature algorithm. ... In cryptography, HAS-V is a cryptographic hash function with a variable output length. ... HAVAL is a variable-length cryptographic hash function. ... In cryptography, MDC-2 (Modification Detection Code 2, sometimes called Meyer-Schilling) is a cryptographic hash function with a 128-bit hash value. ... Message Digest Algorithm 2 (MD2) is a cryptographic hash function developed by Ronald Rivest in 1989. ... MD4 is a message digest algorithm (the fourth in a series) designed by Professor Ronald Rivest of MIT in 1990. ... In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. ... In cryptography, N-Hash is a cryptographic hash function based on the FEAL round function, and is now considered insecure. ... PANAMA is a cryptographic primitive which can be used both as a hash function and a stream cipher. ... RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest) is a 160-bit message digest algorithm (and cryptographic hash function) developed in Europe by Hans Dobbertin, Antoon Bosselaers and Bart Preneel, and first published in 1996. ... The SHA (Secure Hash Algorithm) hash functions refer to five FIPS-approved algorithms for computing a condensed digital representation (known as a message digest) that is, to a high degree of probability, unique for a given input data sequence (the message). ... Snefru is a cryptographic hash function invented by Ralph Merkle which supports 128-bit and 256-bit output. ... In cryptography, Tiger is a cryptographic hash function designed by Ross Anderson and Eli Biham in 1996 with a view for efficiency on 64-bit platforms. ... VEST (Very Efficient Substitution Transposition) ciphers are a set of families of general-purpose hardware-dedicated ciphers that support single pass authenticated encryption and can operate as collision-resistant hash functions. ... Saltstraumen whirlpool A whirlpool in a glass of water A whirlpool is a large, swirling body of water produced by ocean tides. ... crypt(1) is a Unix utility command while crypt(3) is an unrelated standard library function. ... The Data Authentication Algorithm (DAA) is a former U.S. government standard for producing cryptographic message authentication codes. ... CBC-MAC stands for Cipher Block Chaining Message Authentication Code. ... A keyed-hash message authentication code, or HMAC, is a type of message authentication code (MAC) calculated using a cryptographic hash function in combination with a secret key. ... OMAC (One-key MAC) is a message authentication code constructed from a block cipher much like the PMAC algorithm. ... PMAC, which stands for Parallelizable MAC, is a message authentication code algorithm. ... UMAC - Wikipedia /**/ @import /skins-1. ... Poly1305-AES is a secure hash function written by Daniel J. Bernstein External links Poly1305-AES Categories: Cryptography stubs | Cryptographic hash functions ... VEST (Very Efficient Substitution Transposition) ciphers are a set of families of general-purpose hardware-dedicated ciphers that support single pass authenticated encryption and can operate as collision-resistant hash functions. ... CCM mode (Counter with CBC-MAC) is a mode of operation for cryptographic block ciphers. ... In cryptography, CWC Mode (Carter-Wegman + CTR mode) is an AEAD block cipher mode of operation designed by Tadayoshi Kohno, John Viega and Doug Whiting. ... EAX mode is a mode of operation for cryptographic block ciphers. ... GCM mode (Galois/Counter Mode) is a mode of operation for symmetric key cryptographic block ciphers. ... OCB mode (Offset Codebook Mode) is a mode of operation for cryptographic block ciphers. ... VEST (Very Efficient Substitution Transposition) ciphers are a set of families of general-purpose hardware-dedicated ciphers that support single pass authenticated encryption and can operate as collision-resistant hash functions. ... In computer science, a hash collision is a situation that occurs when two distinct inputs into a hash function produce identical outputs. ... A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox, making use of a space-time tradeoff. ... A collision attack on a cryptographic hash tries to find two different inputs that will produce the same hash value, i. ... In cryptography, a preimage attack on a cryptographic hash differs from a collision attack. ... A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function, often a cryptographic hash function. ... The EFFs US$250,000 DES cracking machine contained over 1,800 custom chips and could brute force a DES key in a matter of days â€” the photograph shows a DES Cracker circuit board fitted with several Deep Crack chips. ... CRYPTREC is the Cryptography Research and Evaluation Committee set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. ... NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a European research project funded from 2000–2003 to identify secure cryptographic primitives. ... This article is about cryptography; for other meanings, see snowball effect. ... In computer science, a hash collision is a situation that occurs when two distinct inputs into a hash function produce identical outputs. ... In cryptography, there are several methods to use a block cipher to build a cryptographic hash function. ... The German Lorenz cipher machine, used in World War II for encryption of very high-level general staff messages Cryptography (or cryptology; derived from Greek ÎºÏÏ…Ï€Ï„ÏŒÏ‚ kryptÃ³s hidden, and the verb Î³ÏÎ¬Ï†Ï‰ grÃ¡fo write or Î»ÎµÎ³ÎµÎ¹Î½ legein to speak) is the study of message secrecy. ... The history of cryptography dates back thousands of years. ... Cryptanalysis (from the Greek kryptÃ³s, hidden, and analÃ½ein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so. ... This article is intended to be an analytic glossary, or alternatively, an organized collection of annotated pointers. ... This article does not cite any references or sources. ... Encryption Decryption In cryptography, a block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. ... The operation of A5/1, a LFSR-based stream cipher used to encrypt mobile phone conversations. ... A big random number is used to make a public-key pair. ... In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ... A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ... A cryptographically secure pseudo-random number generator (CSPRNG) is a pseudo-random number generator (PRNG) with properties that make it suitable for use in cryptography. ...

Encyclopedia > Authenticated encryption

See also

References