International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Nonces Are Noticed: AEAD Revisited

Authors:
Mihir Bellare
Ruth Ng
Björn Tackmann
Download:
DOI: 10.1007/978-3-030-26948-7_9 (login may be required)
Search ePrint
Search Google
Abstract: We draw attention to a gap between theory and usage of nonce-based symmetric encryption, under which the way the former treats nonces can result in violation of privacy in the latter. We bridge the gap with a new treatment of nonce-based symmetric encryption that modifies the syntax (decryption no longer takes a nonce), upgrades the security goal (asking that not just messages, but also nonces, be hidden) and gives simple, efficient schemes conforming to the new definitions. We investigate both basic security (holding when nonces are not reused) and advanced security (misuse resistance, providing best-possible guarantees when nonces are reused).
Video from CRYPTO 2019
BibTeX
@article{crypto-2019-29862,
  title={Nonces Are Noticed: AEAD Revisited},
  booktitle={Advances in Cryptology – CRYPTO 2019},
  series={Lecture Notes in Computer Science},
  publisher={Springer},
  volume={11692},
  pages={235-265},
  doi={10.1007/978-3-030-26948-7_9},
  author={Mihir Bellare and Ruth Ng and Björn Tackmann},
  year=2019
}