| 摘要: |
| 在线密码是众多密码方案如认证加密方案等中使用的重要组件。考虑到运算性能和安全性, Hash-ECB-Hash结构为构造并行计算的且在选择密文攻击下安全的在线密码提供了潜在的可能性。本文我们从分析在线密码POE开始, POE是到目前为止已有文献中唯一使用Hash-ECB-Hash结构的在线密码,然而, POE中哈希层使用的哈希函数的AXU抗碰撞性质不能像它声称的那样保证其安全性。Nandi给出了一种有效的区分攻击,仅需一次加密询问。为了防止对POE的攻击,其哈希层的分量函数在同一和不同加密询问的输出之间碰撞概率都应该是可忽略的。然后我们针对哈希层提出了在线泛哈希函数(OUHF)的概念来满足这种条件,包括OAU函数和OAXU函数,并且证明如果哈希层使用OAU函数且底层分组密码是在选择密文攻击下安全的,则Hash-ECB-Hash结构在选择密文攻击下也是安全的。我们给出了几种OAU函数的构造,包括CFB和CBC模式,还给出了两种新的构造,其一是基于有限域上乘法函数的构造MCFB,另一种是使用输入输出异或链接方式的构造XCH。之后,基于CCA安全的在线密码OC,通过添加Nonce、关联数据、认证码的生成等处理过程到在线密码中,我们构造了一个简单的在线认证加密方案OAE[OC]。然后我们对在线认证加密方案的安全性重新定义,并使用归约证明技术论证了其安全性,包括机密性和完整性。最后,我们总结了从在线密码到在线认证加密方案的一些设计理念。 |
| 关键词: 在线密码 POE Hash-ECB-Hash结构 在线泛哈希函数 在线认证加密方案 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2026.01.14 |
| Received:December 02, 2020Revised:January 25, 2021 |
| 基金项目:国家自然科学基金(No.61732021,No.61472415); 国家重点研发计划(No.2018YFA0704704,No.2018YFB0803801)资助。 |
|
| Revisiting Construction of Online Cipher in Hash-ECB-Hash Structure |
| LIU Gang,WANG Peng,WEI Rong,YE Dingfeng |
| State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;Beijing Satellite Information Engineer Institute, Beijing 100086, China |
| Abstract: |
| Online cipher is an important primitive in many cryptographic schemes, such as authenticated encryption schemes. Considering performance and security, the Hash-ECB-Hash structure provides a potential way to construct parallelizable and CCA secure online cipher. In this paper, we start from the analysis of online cipher POE, which is the only instantiation of Hash-ECB-Hash structure in the literature. However, the AXU property of hash function in the hash layer cannot guarantee the security of POE as it claimed. Nandi gave an efficient distinguishing attack which needs just one encryption query. In order to thwart the attack to POE, the output-collision probability of the component function of the hash layer should be negligible in both same and different encryption queries. Then we propose a new concept of online universal hash function(OUHF) including online almost universal(OAU) and online almost XOR universal(OAXU) hash functions for the hash layer to meet the condition and prove that the Hash-ECB-Hash structure is CCA secure if the hash layer is online almost universal(OAU) and the underlying block cipher is CCA secure. We give several concrete constructions of OAU hash functions, including the CFB and CBC modes. We also give two new constructions,one named MCFB based on finite field multiplication function, and another construction named XCH by chaining the operation XOR of input and output. After that, using the online cipher OC with CCA secure, we give a new and simple construction of online authenticated encryption schemes OAE[OC] by adding the processes of dealing with nonce, the associated data and tag generating to the online cipher. Then we revisit the security notions of online authenticated encryption and prove our scheme is secure for its privacy and integrity using the technique of reduction proof. Finally, we conclude some ideas in the design from online cipher to online authenticated encryption schemes. |
| Key words: online cipher POE Hash-ECB-Hash structure online universal hash function online authenticated encryption |
