IACR News item: 27 May 2013
Jonathan Trostle
ePrint Reportpresent a new stateful symmetric encryption scheme: CCS or Chosen
Ciphertext Secure scheme. CCS has the property that modifications to
the ciphertext randomizes the resulting plaintext. Using this property,
we prove the scheme is CCA2 secure. Thus we obtain CCA2 encryption
schemes with minimal ciphertext expansion which are applicable to resource constrained wireless environments. For protocols that send short messages, our scheme is similar to Counter with CBC-MAC (CCM) for
computation but has much shorter messages (since we can use much
smaller or no MAC tags) for a similar level of security. A key idea is
that various protocol fields in the underlying plaintext act as an authentication tag given changes to the message ciphertext. To the best of our knowledge, CCS is the first scheme that achieves CCA2 security with only 2-3 bytes of ciphertext expansion.
Additional news items may be found on the IACR news page.