In some wireless environments, minimizing the size of messages is paramount due to the resulting significant energy savings. We present a new symmetric encryption scheme: CCS or Chosen Ciphertext Secure scheme. CCS has the property that modications to the ciphertext
randomizes the resulting plaintext. Using this property, we prove the scheme is CCA2 secure. Thus we obtain CCA2 encryption schemes with minimal ciphertext expansion which are applicable to resource constrained wireless environments. For protocols that send short messages, our scheme is similar to Counter with CBC-MAC (CCM) for computation but has much shorter messages (since we can use a smaller MAC tag) for a similar level of security. A key idea is that
various protocol fields in the underlying plaintext act as an authentication tag given changes to the message ciphertext. To the best of our knowledge, CCS is the first scheme that achieves CCA2 security with only 2-3 bytes of ciphertext expansion. We present an instantiation of CCS: CMCC mode. CMCC mode is a general purpose authenticated encryption mode that is misuse resistant (MRAE) when message numbers are reused.
↧