| 引用本文: |
-
刘刚,王鹏,魏荣,叶顶锋.再论Hash-ECB-Hash结构在线密码的构造[J].信息安全学报,已采用 [点击复制]
- liugang,wangpeng,weirong,yedingfeng.Revisiting Construction of Online Cipher in Hash-ECB-Hash Structure[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 在线密码是众多密码方案如认证加密方案等中使用的重要组件。考虑到运算性能和安全性,Hash-ECB-Hash结构为构造并行计算的且在选择密文攻击下安全的在线密码提供了潜在的可能性。本文我们从分析在线密码POE开始,POE是到目前为止已有文献中唯一使用Hash-ECB-Hash结构的在线密码,然而,POE中哈希层使用的哈希函数的AXU抗碰撞性质不能像它声称的那样保证其安全性。为了防止对POE的攻击,其哈希层的分量函数的输出之间碰撞概率应该是可忽略的。然后我们针对哈希层提出了在线泛哈希函数(OUHF)的概念来满足这种条件,包括OAU函数和OAXU函数,并且证明如果哈希层使用OAU函数且底层分组密码是在选择密文攻击下安全的,则Hash-ECB-Hash结构在选择密文攻击下也是安全的。我们也给出了几种OAU函数的构造,包括CFB和CBC模式,还给出了基于有限域上乘法函数的构造MCFB和使用输入输出异或链接方式的构造XCH。最后,使用安全的在线密码,我们构造了一个简单的在线认证加密方案,并对在线认证加密方案的安全性重新定义,之后证明了其安全性,包括机密性和完整性。 |
| 关键词: 在线密码 POE Hash-ECB-Hash结构 在线泛哈希函数 在线认证加密方案 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2023.06.12 |
| 投稿时间:2020-12-02修订日期:2021-01-25 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目),国家重点基础研究发展计划(973计划) |
|
| Revisiting Construction of Online Cipher in Hash-ECB-Hash Structure |
|
liugang1, wangpeng1, weirong2, yedingfeng1
|
| (1.Institute of Information Engineering, Chinese Academy of Sciences;2.Beijing Statellite Information Engineer Institute) |
| Abstract: |
| Online cipher is an important primitive in many cryptographic schemes, such as authenticated encryption schemes. Con-sidering performance and security, the Hash-ECB-Hash structure provides a potential way to construct parallelizable and CCA secure online cipher. In this paper, we start from the online cipher POE, which is the only instantiation of Hash-ECB-Hash structure in the literature. However, the AXU property of hash function in the hash layer cannot guaran-tee the security of POE as it claimed. In order to thwart the attacks to POE, the output-collision probability of the com-ponent function of the hash layer should be negligible. Then we propose a new concept of online universal hash function (OUHF) including online almost universal (OAU) and online almost XOR universal (OAXU) hash function for the hash layer to meet the condition and prove that the Hash-ECB-Hash structure is CCA secure, if the hash layer is online almost universal (OAU) and the underlying block cipher is CCA secure. We also give several concrete constructions of OAU hash functions, including the CFB and CBC modes. We also give a construction, named MCFB, based on finite field multiplication function and a construction named XCH by chaining the operation XOR of input and output. Using secure online cipher, we construct a simple online authenticated encryption schemes, revisit the security notions of online au-thenticated encryption and prove our scheme is secure for its privacy and integrity. |
| Key words: online cipher POE Hash-ECB-Hash structure online universal hash function online authenticated encryption |
