CRYPTO NEWS

6 Questions for Annabelle Huang of Amber Group

Encrypt-then-HMAC with a single key is secure?

The partition oracle attacks exploits the non-committing AEAD schemes. Informally, a committing encryption scheme is one for which it is computationally intractable to find a pair of keys and a ciphertext that decrypts under both keys. AES-GCM and ChaCha20-1305 fail on this so they are non-committing. As a countermeasure to the partition oracles, it is::Listen

The partition oracle attacks exploits the non-committing AEAD schemes.

Informally, a committing encryption scheme is one for which it is computationally intractable to find a pair of keys and a ciphertext that decrypts under both keys. AES-GCM and ChaCha20-1305 fail on this so they are non-committing.

As a countermeasure to the partition oracles, it is advised to use Encrypt-then-HMAC with one key since HMAC is committing. I.e. the key for encryption and HMAC are the same. Normally, we don’t advise using a key for two different purposes. This, however, advised in the paper.

This question is specific to HMAC. Is there any published attack on a scheme that uses the same key for encryption and HMAC? Or any article that shows its security exists?

6 Questions for Annabelle Huang of Amber Group

Shopping cart
There are no products in the cart!
Continue shopping
0