All Questions
Tagged with symmetric authenticated-encryption
30
questions
2
votes
2
answers
109
views
Can you use ChaCha20 as one-time pad?
My knowledge of cryptography nothing beyond basic so I am by no means an expert, but I do know a bit of undergraduate mathematics including number theory.
I know that stream ciphers like ChaCha20 is ...
- 21
2
votes
1
answer
612
views
How does SMB authentication work?
When I learned about the inner workings of the TLS protocol and what exactly it protects a connection against, I was surprised to learn that even asymmetric encryption can be defeated by a MITM attack ...
- 151
2
votes
1
answer
145
views
Sponge Duplex authenticated encryption with nonce reuse or no nonce
With a Sponge permutation in a Duplex construction for authenticated encryption.
illustration example: ascon; actual interest if relevant: keccak
Suppose there is no associated data and there is no ...
- 33
7
votes
1
answer
1k
views
TLS 1.3 - Why have no encrypt-then-MAC modes been specified?
I have been scratching my head for a while why TLS 1.3 does not include any encrypt-then-MAC (EtM) modes. All the previous problems in TLS have been caused by MAC then and encrypt. Whereas encrypt ...
- 123
8
votes
2
answers
422
views
Lack of response to CAESAR competition
Why is there so little response (e.g. implementation in crypto libraries, programs...) after the end of the CAESAR competition? As far as I can see, there is no shift from AES-GCM to any of the CAESAR ...
- 995
1
vote
1
answer
154
views
How to properly guarantee authentication, confidentiality, and replay-resistance for multiple messages using a pre-shared key?
I have a device that needs to communicate with another host and exchange fixed-length messages.
All traffic should be encrypted and authenticated, and it should be resistant to replay attacks. ...
- 131
3
votes
1
answer
251
views
Key Encryption: Does it need to be Authenticated?
Alice wants to store files $m_i$ on Bob's untrusted cloud storage platform, with the additional restriction that she can only store one master key $k$ herself.
She encrypts the files with keys $k_i$ ...
2
votes
0
answers
321
views
Is the following derived MAC where the output is XOR'ed with the key secure?
Hey I'm wondering if the following scheme is secure or not , I tried reductions and some tries to prove that it not must be secure but I feel completely stuck .
More details:
It's just any reduction ...
- 73
1
vote
1
answer
135
views
Encrypting h(k) for defeating partition oracle attacks
Is encrypting $h(k)$ (or even just $k$) and verifying it before checking the MAC enough to defeat partition oracle attacks and thus make the whole scheme robust/committing (without depending on ...
- 77
-1
votes
1
answer
65
views
Encryption on one AES mode and decrypting on another, where both use HMAC
Let's say there are 2 ciphers, $enc$ and $dec$, where:
$enc$ will encrypt the data, and $dec$ will decrypt it.
Both $enc$ and $dec$ must be an AES cipher.
$enc$ and $dec$ will use the same key $k$ ...
- 105
0
votes
1
answer
169
views
Using HMAC with AES modes that do NOT require padding [closed]
I'm trying to use HMAC with AES modes that do not require any sort of padding.
Although I am aware that modes like AES-GCM and ...
- 105
3
votes
1
answer
936
views
Which is the best algorithm for large scale file encryption other than AES?
I've been looking for a fast, powerful and robust algorithm for encrypting large files with authentication .
I would like to implement the algorithm on my own without using third party software. I've ...
- 1,030
1
vote
1
answer
175
views
Are the signcryption and the authenticated encryption same?
The signcryption and the authenticated encryption are both the combine of encryption and authentication with three natural composition (i.e., EtS, StE, E&S). I am not sure that if they are the ...
- 1,622
2
votes
1
answer
237
views
Commitment based on authencticated encryption
Let $(E,D)$ be the encryption/decryption of an authenticated encryption scheme. Consider the following commitment scheme.
Generate a random key $k$. Commit to $m$ by sending $c=E_k(m)$.
Reveal $m$ by ...
- 461
0
votes
4
answers
2k
views
Why do one-time pads not provide message authentication?
It is often said that one-time pads do not provide message authentication. But, if you and I have a one-time symmetric key, and I send you a message, and it is not complete gibberish, is that itself ...
- 25