CryptoDB

Viet Tung Hoang

Publications

Year
Venue
Title
2022
EUROCRYPT
This paper provides efficient authenticated-encryption (AE) schemes in which a ciphertext is a commitment to the key. These are extended, at minimal additional cost, to schemes where the ciphertext is a commitment to all encryption inputs, meaning key, nonce, associated data and message. Our primary schemes are modifications of GCM (for basic, unique-nonce AE security) and AES-GCM-SIV (for misuse-resistant AE security) and add both forms of commitment without any increase in ciphertext size. We also give more generic, but somewhat more costly, solutions.
2020
CRYPTO
We study the security of CTR-DRBG, one of NIST’s recommended Pseudorandom Number Generator (PRNG) designs. Recently, Woodage and Shumow (Eurocrypt’ 19), and then Cohney et al. (S&P’ 20) point out some potential vulnerabilities in both NIST specification and common implementations of CTR-DRBG. While these researchers do suggest counter-measures, the security of the patched CTR-DRBG is still questionable. Our work fills this gap, proving that CTR-DRBG satisfies the robustness notion of Dodis et al. (CCS’13), the standard security goal for PRNGs.
2019
EUROCRYPT
We improve the attack of Durak and Vaudenay (CRYPTO’17) on NIST Format-Preserving Encryption standard FF3, reducing the running time from $O(N^5)$O(N5) to $O(N^{17/6})$O(N17/6) for domain $\mathbb {Z}_N \times \mathbb {Z}_N$ZN×ZN. Concretely, DV’s attack needs about $2^{50}$250 operations to recover encrypted 6-digit PINs, whereas ours only spends about $2^{30}$230 operations. In realizing this goal, we provide a pedagogical example of how to use distinguishing attacks to speed up slide attacks. In addition, we improve the running time of DV’s known-plaintext attack on 4-round Feistel of domain $\mathbb {Z}_N \times \mathbb {Z}_N$ZN×ZN from $O(N^3)$O(N3) time to just $O(N^{5/3})$O(N5/3) time. We also generalize our attacks to a general domain $\mathbb {Z}_M \times \mathbb {Z}_N$ZM×ZN, allowing one to recover encrypted SSNs using about $2^{50}$250 operations. Finally, we provide some proof-of-concept implementations to empirically validate our results.
2018
EUROCRYPT
2018
CRYPTO
Format-preserving encryption (FPE) produces ciphertexts which have the same format as the plaintexts. Building secure FPE is very challenging, and recent attacks (Bellare, Hoang, Tessaro, CCS ’16; Durak and Vaudenay, CRYPTO ’17) have highlighted security deficiencies in the recent NIST SP800-38G standard. This has left the question open of whether practical schemes with high security exist.In this paper, we continue the investigation of attacks against FPE schemes. Our first contribution are new known-plaintext message recovery attacks against Feistel-based FPEs (such as FF1/FF3 from the NIST SP800-38G standard) which improve upon previous work in terms of amortized complexity in multi-target scenarios, where multiple ciphertexts are to be decrypted. Our attacks are also qualitatively better in that they make no assumptions on the correlation between the targets to be decrypted and the known plaintexts. We also surface a new vulnerability specific to FF3 and how it handles odd length domains, which leads to a substantial speedup in our attacks.We also show the first attacks against non-Feistel based FPEs. Specifically, we show a strong message-recovery attack for FNR, a construction proposed by Cisco which replaces two rounds in the Feistel construction with a pairwise-independent permutation, following the paradigm by Naor and Reingold (JoC, ’99). We also provide a strong ciphertext-only attack against a variant of the DTP construction by Brightwell and Smith, which is deployed by Protegrity within commercial applications. All of our attacks show that existing constructions fall short of achieving desirable security levels. For Feistel and the FNR schemes, our attacks become feasible on small domains, e.g., 8 bits, for suggested round numbers. Our attack against the DTP construction is practical even for large domains. We provide proof-of-concept implementations of our attacks that verify our theoretical findings.
2017
EUROCRYPT
2017
CRYPTO
2016
CRYPTO
2016
ASIACRYPT
2015
PKC
2015
EUROCRYPT
2015
EUROCRYPT
2015
CRYPTO
2014
CRYPTO
2013
CRYPTO
2012
CRYPTO
2012
ASIACRYPT
2010
CRYPTO

Crypto 2022
Crypto 2021
Crypto 2018
Asiacrypt 2018
Crypto 2017
Asiacrypt 2017
Asiacrypt 2016