The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
AONT (All-or-Nothing Transform) ialah sejenis skim perkongsian rahsia (n, n)-ambang yang mengedarkan mesej m ke dalam set n saham supaya mesej m boleh dibina semula jika dan hanya jika n saham dikumpulkan . Pada CRYPTO 2000, Desai mencadangkan AONT yang ringkas dan lebih pantas berdasarkan mod penyulitan CTR (dipanggil CTRT) dan membuktikan keselamatannya dalam model sifir yang ideal. Walaupun AES-128, yang panjang kuncinya k = 128 dan panjang bongkah l = 128, boleh digunakan dalam CTRT sebagai sifir blok, AES-256 dan AES-192 tidak boleh digunakan kerana sekatan intrinsiknya k ≤ l. Dalam kertas ini, kami mencadangkan CTRT lanjutan (pendek kata, XCTRT) yang sesuai untuk AES-256. Dengan menilai secara menyeluruh semua kes rumit, kami membuktikan bahawa XCTRT selamat dalam model sifir yang ideal di bawah definisi keselamatan CTRT yang sama. Juga, kami membincangkan keputusan keselamatan XCTRT dalam tetapan parameter konkrit. Untuk lebih fleksibiliti panjang kunci, kami mencadangkan varian XCTRT berurusan dengan l<k ≤ 2l dengan mengubahsuai sedikit pembinaan blok terakhir. Selepas menunjukkan butiran pelaksanaan dan penilaian prestasi CTRT, XCTRT dan varian, kami boleh mengatakan bahawa XCTRT kami dan variannya mempunyai prestasi pengekodan dan penyahkodan berkelajuan tinggi dan cukup praktikal untuk digunakan dalam aplikasi dunia sebenar.
SeongHan SHIN
National Institute of Advanced Industrial Science and Technology (AIST)
Shota YAMADA
National Institute of Advanced Industrial Science and Technology (AIST)
Goichiro HANAOKA
National Institute of Advanced Industrial Science and Technology (AIST)
Yusuke ISHIDA
ZenmuTech Inc.
Atsushi KUNII
ZenmuTech Inc.
Junichi OKETANI
ZenmuTech Inc.
Shimpei KUNII
ZenmuTech Inc.
Kiyoshi TOMOMURA
ZenmuTech Inc.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
SeongHan SHIN, Shota YAMADA, Goichiro HANAOKA, Yusuke ISHIDA, Atsushi KUNII, Junichi OKETANI, Shimpei KUNII, Kiyoshi TOMOMURA, "How to Extend CTRT for AES-256 and AES-192" in IEICE TRANSACTIONS on Fundamentals,
vol. E105-A, no. 8, pp. 1121-1133, August 2022, doi: 10.1587/transfun.2021EAP1082.
Abstract: AONT (All-or-Nothing Transform) is a kind of (n, n)-threshold secret sharing scheme that distributes a message m into a set of n shares such that the message m can be reconstructed if and only if n shares are collected. At CRYPTO 2000, Desai proposed a simple and faster AONT based on the CTR mode of encryption (called CTRT) and proved its security in the ideal cipher model. Though AES-128, whose key length k = 128 and block length l = 128, can be used in CTRT as a block cipher, AES-256 and AES-192 cannot be used due to its intrinsic restriction of k ≤ l. In this paper, we propose an extended CTRT (for short, XCTRT) suitable for AES-256. By thoroughly evaluating all the tricky cases, we prove that XCTRT is secure in the ideal cipher model under the same CTRT security definition. Also, we discuss the security result of XCTRT in concrete parameter settings. For more flexibility of key length, we propose a variant of XCTRT dealing with l<k ≤ 2l by slightly modifying the construction of the last block. After showing implementation details and performance evaluation of CTRT, XCTRT, and the variant, we can say that our XCTRT and its variant have high-speed encoding and decoding performance and are quite practical enough to be deployed in real-world applications.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2021EAP1082/_p
Salinan
@ARTICLE{e105-a_8_1121,
author={SeongHan SHIN, Shota YAMADA, Goichiro HANAOKA, Yusuke ISHIDA, Atsushi KUNII, Junichi OKETANI, Shimpei KUNII, Kiyoshi TOMOMURA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={How to Extend CTRT for AES-256 and AES-192},
year={2022},
volume={E105-A},
number={8},
pages={1121-1133},
abstract={AONT (All-or-Nothing Transform) is a kind of (n, n)-threshold secret sharing scheme that distributes a message m into a set of n shares such that the message m can be reconstructed if and only if n shares are collected. At CRYPTO 2000, Desai proposed a simple and faster AONT based on the CTR mode of encryption (called CTRT) and proved its security in the ideal cipher model. Though AES-128, whose key length k = 128 and block length l = 128, can be used in CTRT as a block cipher, AES-256 and AES-192 cannot be used due to its intrinsic restriction of k ≤ l. In this paper, we propose an extended CTRT (for short, XCTRT) suitable for AES-256. By thoroughly evaluating all the tricky cases, we prove that XCTRT is secure in the ideal cipher model under the same CTRT security definition. Also, we discuss the security result of XCTRT in concrete parameter settings. For more flexibility of key length, we propose a variant of XCTRT dealing with l<k ≤ 2l by slightly modifying the construction of the last block. After showing implementation details and performance evaluation of CTRT, XCTRT, and the variant, we can say that our XCTRT and its variant have high-speed encoding and decoding performance and are quite practical enough to be deployed in real-world applications.},
keywords={},
doi={10.1587/transfun.2021EAP1082},
ISSN={1745-1337},
month={August},}
Salinan
TY - JOUR
TI - How to Extend CTRT for AES-256 and AES-192
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1121
EP - 1133
AU - SeongHan SHIN
AU - Shota YAMADA
AU - Goichiro HANAOKA
AU - Yusuke ISHIDA
AU - Atsushi KUNII
AU - Junichi OKETANI
AU - Shimpei KUNII
AU - Kiyoshi TOMOMURA
PY - 2022
DO - 10.1587/transfun.2021EAP1082
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E105-A
IS - 8
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - August 2022
AB - AONT (All-or-Nothing Transform) is a kind of (n, n)-threshold secret sharing scheme that distributes a message m into a set of n shares such that the message m can be reconstructed if and only if n shares are collected. At CRYPTO 2000, Desai proposed a simple and faster AONT based on the CTR mode of encryption (called CTRT) and proved its security in the ideal cipher model. Though AES-128, whose key length k = 128 and block length l = 128, can be used in CTRT as a block cipher, AES-256 and AES-192 cannot be used due to its intrinsic restriction of k ≤ l. In this paper, we propose an extended CTRT (for short, XCTRT) suitable for AES-256. By thoroughly evaluating all the tricky cases, we prove that XCTRT is secure in the ideal cipher model under the same CTRT security definition. Also, we discuss the security result of XCTRT in concrete parameter settings. For more flexibility of key length, we propose a variant of XCTRT dealing with l<k ≤ 2l by slightly modifying the construction of the last block. After showing implementation details and performance evaluation of CTRT, XCTRT, and the variant, we can say that our XCTRT and its variant have high-speed encoding and decoding performance and are quite practical enough to be deployed in real-world applications.
ER -