The Improved HFC Scheme For Compactly Committing Authenticated Encryption With Associated Data

As concerns about security and privacy increase,users are looking for ways to protect the security of their accounts.As a result,end-to-end encrypted messaging systems including Whats App,Facebook Messenger,Signal,etc.have become more and more popular,and billions of people now rely on it for security.Recently,new security measures have emerged for Endto-End encrypted messaging systems.A malicious sender may send harassing messages.When a malicious sender sends harassing messages,malware,or any inappropriate content,the receiver should be allowed to report the content to the provider to prevent the sender.End-toEnd encryption prevents the provider from verifying that the reported message is the one sent.That's why Facebook has introduced an encryption scheme in its End-to-End encrypted messaging system,called message franking,that allows users to report abuse in a verifiable way.Grubbs et al.formally defined the required new primitive called compactly committing authenticated encryption with associated data(ccAEAD),and Dodis et al.introduced a new primitive called Encryptment as the core building block of ccAEAD.Encryptment is a one-time encryption mechanism that only needs to use a block cipher with a single key for a single pass.It can also encrypt the message and submit it to the message compactly.The specific research contents of this dissertation are as follows:(1)The Encryptment algorithm is based on the hash-function-chaining(HFC)scheme,which can be regarded as a mode of operation of the fixed input length compression function,just like the basic SHA-256 or other algorithms constructed by Merkle-Damg(?)rd.The hidden compression function should be a secure pseudo-random function to resist related key attacks.To solve this problem,this article propose an improved algorithm based on the HFC Encryptment algorithm.On this basis,we added a DBL structure using Tweakable Block Ciphers(TBC)to the compression function of the HFC scheme and formed a new scheme called "tweak-hash-function-chaining(THFC)".It follows the HFC scheme and uses the MerkleDamg(?)rd hash function.Unlike the DBL instantiated compression function mentioned by Hirose,this article combines the well-known Hirose DBL scheme and Merkle-Damg(?)rd to form a compression function.And through the confidentiality,binding and unforgability of its security analysis.In addition,this dissertation uses the methods of Commit-then-Encrypt(CtE)to safely and elegantly convert the THFC Encryptment algorithm to ccAEAD algorithm,which also verifies its security.Compared with Dodis et al.'s scheme,the improved scheme is more robust against related key attacks.Because The attacker cannot directly select the tweak value of the underlying TBC.(2)Dodis et al.used DM-AES to instantiate the compression function in the proposed ccAEAD algorithm.Although the HFC instantiated by DM-AES would have very good performance on the system using AES-NI,it is not as fast as AES-GCM or OCB due to the need to re-key each block.To solve this problem,in this dissertation,Deoxys-BC was selected to instantiate TBC to verify the THFC ccAEAD algorithm.Deoxys-BC performs well in software and is faster than AES-GCM on most processors.Because the processing is DeoxysBC based on the AES cipher,this means that the AES-NI instruction is also used as a highperformance software implementation.So we enabled AES-NI,compiled it on Linux with gcc v4.8.1,and tested the speed with the Intel Sandy Bridge of the Intel processor series.Because Deoxys-BC actually instantiates the compression function using TBC,the experimental data are compared with the Deoxys algorithm,which also requires Deoxys-BC to instantiate the compression function.The ccAEAD algorithm based on the improved HFC scheme in this dissertation not only has stronger security resistance to the related key attacks,but also through the better algorithm Deoxys-BC instantiationcan,which has a certain value.