Journal ArticleOPEN ACCESS

Onion-AE: Foundations of Nested Encryption

  • Rogaway P
  • Zhang Y
Proceedings on Privacy Enhancing Technologies (2018) 2018(2) 85-104
DOI: 10.1515/popets-2018-0014
N/ACitations
Citations of this article
26Readers
Mendeley users who have this article in their library.

Abstract

Nested symmetric encryption is a well-known technique for low-latency communication privacy. But just what problem does this technique aim to solve? In answer, we provide a provable-security treatment for onion authenticated-encryption (onion-AE). Extending the conventional notion for authenticated-encryption, we demand indistinguishability from random bits and time-of-exit authenticity verification. We show that the encryption technique presently used in Tor does not satisfy our definition of onion-AE security, but that a construction by Mathewson (2012), based on a strong, tweakable, wideblock PRP, does do the job. We go on to discuss three extensions of onion-AE, giving definitions to handle inbound flows, immediate detection of authenticity errors, and corrupt ORs.

Cite

CITATION STYLE

APA

Rogaway, P., & Zhang, Y. (2018). Onion-AE: Foundations of Nested Encryption. Proceedings on Privacy Enhancing Technologies, 2018(2), 85–104. https://doi.org/10.1515/popets-2018-0014

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free