Show simple item record

dc.contributor.author
Maram, Varun
dc.contributor.author
Masny, Daniel
dc.contributor.author
Patranabis, Sikhar
dc.contributor.author
Raghuraman, Srinivasan
dc.date.accessioned
2022-06-22T07:57:17Z
dc.date.available
2022-05-19T16:40:12Z
dc.date.available
2022-05-20T04:56:11Z
dc.date.available
2022-06-22T07:57:17Z
dc.date.issued
2022-06-10
dc.identifier.issn
2519-173X
dc.identifier.other
10.46586/tosc.v2022.i2.379-414
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/548154
dc.identifier.doi
10.3929/ethz-b-000548154
dc.description.abstract
The OCB mode of operation for block ciphers has three variants, OCB1, OCB2 and OCB3. OCB1 and OCB3 can be used as secure authenticated encryption schemes whereas OCB2 has been shown to be classically insecure (Inoue et al., Crypto 2019). Even further, in the presence of quantum queries to the encryption functionality, a series of works by Kaplan et al. (Crypto 2016), Bhaumik et al. (Asiacrypt 2021) and Bonnetain et al. (Asiacrypt 2021) have shown how to break the existential unforgeability of the OCB modes. However, these works did not consider the confidentiality of OCB in the presence of quantum queries. We fill this gap by presenting the first formal analysis of the IND-qCPA security of OCB. In particular, we show the first attacks breaking the IND-qCPA security of the OCB modes. Surprisingly, we are able to prove that OCB2 is IND-qCPA secure when used without associated data, while relying on the assumption that the underlying block cipher is a quantum-secure pseudorandom permutation. Additionally, we present new quantum attacks breaking the universal unforgeability of OCB. Our analysis of OCB has implications for the post-quantum security of XTS, a well-known disk encryption standard, that was considered but mostly left open by Anand et al. (PQCrypto 2016).
en_US
dc.format
application/pdf
en_US
dc.language.iso
en
en_US
dc.publisher
Ruhr-Universität Bochum, Research Group Symmetric Cryptography
en_US
dc.rights.uri
http://creativecommons.org/licenses/by/4.0/
dc.subject
OCB
en_US
dc.subject
IND-qCPA security
en_US
dc.subject
universal forgeability
en_US
dc.subject
Simon’s Algorithm
en_US
dc.subject
Deutsch’s Algorithm
en_US
dc.subject
XTS
en_US
dc.title
On the Quantum Security of OCB
en_US
dc.type
Journal Article
dc.rights.license
Creative Commons Attribution 4.0 International
ethz.journal.title
IACR Transactions on Symmetric Cryptology
ethz.journal.volume
2022
en_US
ethz.journal.issue
2
en_US
ethz.pages.start
379
en_US
ethz.pages.end
414
en_US
ethz.size
36 p.
en_US
ethz.version.deposit
publishedVersion
en_US
ethz.identifier.wos
ethz.publication.place
Bochum
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::09653 - Paterson, Kenneth / Paterson, Kenneth
en_US
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::09653 - Paterson, Kenneth / Paterson, Kenneth
en_US
ethz.date.deposited
2022-05-19T16:40:34Z
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Open access
en_US
ethz.rosetta.installDate
2022-06-22T07:57:23Z
ethz.rosetta.lastUpdated
2023-02-07T03:41:20Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=On%20the%20Quantum%20Security%20of%20OCB&rft.jtitle=IACR%20Transactions%20on%20Symmetric%20Cryptology&rft.date=2022-06-10&rft.volume=2022&rft.issue=2&rft.spage=379&rft.epage=414&rft.issn=2519-173X&rft.au=Maram,%20Varun&Masny,%20Daniel&Patranabis,%20Sikhar&Raghuraman,%20Srinivasan&rft.genre=article&rft_id=info:doi/10.46586/tosc.v2022.i2.379-414&
 Search print copy at ETH Library

Files in this item

Thumbnail
Thumbnail

Publication type

Show simple item record