A Complete Characterization of Security for Linicrypt Block Cipher Modes
We give a complete characterization of IND$-CPA security for a large, natural class of block cipher modes. Specifically, we consider modes that invoke the underlying block cipher and otherwise perform linear operations (e.g., XOR and multiplication by fixed field elements) on intermediate values. This class of algorithms corresponds to the Linicrypt model of Carmer & Rosulek (Crypto 2016). Our characterization is linear-algebraic in nature and is easy to check for a candidate mode. Unlike previous work that gave a combinatorial or algebraic criteria for block cipher security, our characterization is both sound & complete. Along the way, we prove that a stateless encryption scheme within this class is secure if and only if it is secure against adversaries who choose all-zeroes plaintexts.
Major Advisor: Mike Rosulek
Committee: Glencora Borradaile
Committee: Rakesh Bobba
Tuesday, December 10, 2019 at 2:00pm to 4:00pm
Kelley Engineering Center, 1007
110 SW Park Terrace, Corvallis, OR 97331