The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
AONT (All-or-Nothing Transform) est une sorte de schéma de partage secret à seuil (n, n) qui distribue un message m dans un ensemble de n partages de telle sorte que le message m puisse être reconstruit si et seulement si n partages sont collectés. . Lors du CRYPTO 2000, Desai a proposé un AONT simple et plus rapide basé sur le mode de cryptage CTR (appelé CTRT) et a prouvé sa sécurité dans le modèle de chiffrement idéal. Bien que AES-128, dont la longueur de clé k = 128 et longueur du bloc l = 128, peut être utilisé dans CTRT comme chiffrement par bloc, AES-256 et AES-192 ne peuvent pas être utilisés en raison de leur restriction intrinsèque de k ≤ l. Dans cet article, nous proposons un CTRT étendu (en abrégé, XCTRT) adapté à AES-256. En évaluant minutieusement tous les cas délicats, nous prouvons que XCTRT est sécurisé dans le modèle de chiffrement idéal sous la même définition de sécurité CTRT. Nous discutons également du résultat de sécurité de XCTRT dans les paramètres concrets. Pour plus de flexibilité de longueur de clé, nous proposons une variante de XCTRT traitant l<k ≤ 2l en modifiant légèrement la construction du dernier bloc. Après avoir montré les détails de mise en œuvre et l'évaluation des performances de CTRT, XCTRT et de la variante, nous pouvons dire que notre XCTRT et sa variante ont des performances de codage et de décodage à grande vitesse et sont suffisamment pratiques pour être déployées dans des applications du monde réel.
SeongHan SHIN
National Institute of Advanced Industrial Science and Technology (AIST)
Shota YAMADA
National Institute of Advanced Industrial Science and Technology (AIST)
Goichiro HANAOKA
National Institute of Advanced Industrial Science and Technology (AIST)
Yusuke ISHIDA
ZenmuTech Inc.
Atsushi KUNII
ZenmuTech Inc.
Junichi OKETANI
ZenmuTech Inc.
Shimpei KUNII
ZenmuTech Inc.
Kiyoshi TOMOMURA
ZenmuTech Inc.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
SeongHan SHIN, Shota YAMADA, Goichiro HANAOKA, Yusuke ISHIDA, Atsushi KUNII, Junichi OKETANI, Shimpei KUNII, Kiyoshi TOMOMURA, "How to Extend CTRT for AES-256 and AES-192" in IEICE TRANSACTIONS on Fundamentals,
vol. E105-A, no. 8, pp. 1121-1133, August 2022, doi: 10.1587/transfun.2021EAP1082.
Abstract: AONT (All-or-Nothing Transform) is a kind of (n, n)-threshold secret sharing scheme that distributes a message m into a set of n shares such that the message m can be reconstructed if and only if n shares are collected. At CRYPTO 2000, Desai proposed a simple and faster AONT based on the CTR mode of encryption (called CTRT) and proved its security in the ideal cipher model. Though AES-128, whose key length k = 128 and block length l = 128, can be used in CTRT as a block cipher, AES-256 and AES-192 cannot be used due to its intrinsic restriction of k ≤ l. In this paper, we propose an extended CTRT (for short, XCTRT) suitable for AES-256. By thoroughly evaluating all the tricky cases, we prove that XCTRT is secure in the ideal cipher model under the same CTRT security definition. Also, we discuss the security result of XCTRT in concrete parameter settings. For more flexibility of key length, we propose a variant of XCTRT dealing with l<k ≤ 2l by slightly modifying the construction of the last block. After showing implementation details and performance evaluation of CTRT, XCTRT, and the variant, we can say that our XCTRT and its variant have high-speed encoding and decoding performance and are quite practical enough to be deployed in real-world applications.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2021EAP1082/_p
Copier
@ARTICLE{e105-a_8_1121,
author={SeongHan SHIN, Shota YAMADA, Goichiro HANAOKA, Yusuke ISHIDA, Atsushi KUNII, Junichi OKETANI, Shimpei KUNII, Kiyoshi TOMOMURA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={How to Extend CTRT for AES-256 and AES-192},
year={2022},
volume={E105-A},
number={8},
pages={1121-1133},
abstract={AONT (All-or-Nothing Transform) is a kind of (n, n)-threshold secret sharing scheme that distributes a message m into a set of n shares such that the message m can be reconstructed if and only if n shares are collected. At CRYPTO 2000, Desai proposed a simple and faster AONT based on the CTR mode of encryption (called CTRT) and proved its security in the ideal cipher model. Though AES-128, whose key length k = 128 and block length l = 128, can be used in CTRT as a block cipher, AES-256 and AES-192 cannot be used due to its intrinsic restriction of k ≤ l. In this paper, we propose an extended CTRT (for short, XCTRT) suitable for AES-256. By thoroughly evaluating all the tricky cases, we prove that XCTRT is secure in the ideal cipher model under the same CTRT security definition. Also, we discuss the security result of XCTRT in concrete parameter settings. For more flexibility of key length, we propose a variant of XCTRT dealing with l<k ≤ 2l by slightly modifying the construction of the last block. After showing implementation details and performance evaluation of CTRT, XCTRT, and the variant, we can say that our XCTRT and its variant have high-speed encoding and decoding performance and are quite practical enough to be deployed in real-world applications.},
keywords={},
doi={10.1587/transfun.2021EAP1082},
ISSN={1745-1337},
month={August},}
Copier
TY - JOUR
TI - How to Extend CTRT for AES-256 and AES-192
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1121
EP - 1133
AU - SeongHan SHIN
AU - Shota YAMADA
AU - Goichiro HANAOKA
AU - Yusuke ISHIDA
AU - Atsushi KUNII
AU - Junichi OKETANI
AU - Shimpei KUNII
AU - Kiyoshi TOMOMURA
PY - 2022
DO - 10.1587/transfun.2021EAP1082
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E105-A
IS - 8
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - August 2022
AB - AONT (All-or-Nothing Transform) is a kind of (n, n)-threshold secret sharing scheme that distributes a message m into a set of n shares such that the message m can be reconstructed if and only if n shares are collected. At CRYPTO 2000, Desai proposed a simple and faster AONT based on the CTR mode of encryption (called CTRT) and proved its security in the ideal cipher model. Though AES-128, whose key length k = 128 and block length l = 128, can be used in CTRT as a block cipher, AES-256 and AES-192 cannot be used due to its intrinsic restriction of k ≤ l. In this paper, we propose an extended CTRT (for short, XCTRT) suitable for AES-256. By thoroughly evaluating all the tricky cases, we prove that XCTRT is secure in the ideal cipher model under the same CTRT security definition. Also, we discuss the security result of XCTRT in concrete parameter settings. For more flexibility of key length, we propose a variant of XCTRT dealing with l<k ≤ 2l by slightly modifying the construction of the last block. After showing implementation details and performance evaluation of CTRT, XCTRT, and the variant, we can say that our XCTRT and its variant have high-speed encoding and decoding performance and are quite practical enough to be deployed in real-world applications.
ER -