Motivated by the wide adoption of authenticated encryption and TLS,
we suggest a basic channel abstraction, an augmented secure channel (ASC), that allows a sender to send a receiver messages consisting of two parts, where one is privacy-protected and
both are authenticity-protected. Working in the tradition of constructive cryptography, we formalize this idea and provide a construction of this kind of channel using the lower-level tool
authenticated-encryption.
We look at recent proposals on TLS 1.3 and suggest that the criterion by which their security can be judged is quite simple:
do they construct an ASC? Due to this precisely defined goal, we are able to give a natural construction that comes with a rigorous security proof and directly leads to a proposal on TLS 1.3 that is provably secure.
↧