Key Wrap

Key Wrap

Key Wrap constructions are a class of symmetric encryption algorithms designed to encapsulate (encrypt) cryptographic key material. The Key Wrap algorithms are intended for applications such as (a) protecting keys while in untrusted storage, or (b) transmitting keys over untrusted communications networks. The constructions are typically built from standard primitives such as block ciphers and cryptographic hash functions.

Key Wrap may be considered as a form of key encapsulation algorithm, although it should not be confused with the more commonly known asymmetric (public-key) key encapsulation algorithms (e.g., PSEC-KEM). Key Wrap algorithms can be used in a similar application: to securely transport a session key by encrypting it under a long-term encryption key.

Background

In the late 1990s, the National Institute of Standards and Technology (NIST) posed the "Key Wrap" problem: to develop secure and efficient cipher-based key encryption algorithms. The resulting algorithms would be formally evaluated by NIST, and eventually approved for use in NIST-certified cryptographic modules. NIST did not precisely define the security goals of the resulting algorithm, and left further refinement to the algorithm developers. Based on the resulting algorithms, the design requirements appear to be (1) confidentiality, (2) integrity protection (authentication), (3) efficiency, (4) use of standard (approved) underlying primitives such as the Advanced Encryption Standard (AES) and the Secure Hash Algorithm (SHA-1), and (5) consideration of additional circumstances (e.g., resilience to operator error, low-quality random number generators). Goals (3) and (5) are particularly important, given that many widely deployed authenticated encryption algorithms (e.g., AES-CCM) are already sufficient to accomplish the remaining goals.

NIST AES Key Wrap Specification

Several constructions have been proposed. These include:

Each of the proposed algorithms can be considered as a form of authenticated encryption algorithm providing confidentiality for highly entropic messages such as cryptographic keys. The AES Key Wrap Specification, AESKW, TDKW, and AKW1 are intended to maintain confidentiality under adaptive chosen ciphertext attacks, while the AKW2 algorithm is designed to be secure only under known-plaintext (or weaker) attacks. (The stated goal of AKW2 is for use in legacy systems and computationally limited devices where use of the other algorithms would be impractical.) AESKW, TDKW and AKW2 also provide the ability to authenticate cleartext "header", an associated block of data that is not encrypted.

Rogaway and Shrimpton evaluated the design of the ANSX9.102 algorithms with respect to the stated security goals. Among their general findings, they noted the lack of clearly stated design goals for the algorithms, and the absence of security proofs for all constructions.

In their paper, Rogaway and Shrimpton proposed a provable key-wrapping algorithm (SIV-- the Synthetic Initialization Vector mode) that authenticates and encrypts an arbitrary string and authenticates, but does not encrypt, additional data which can be bound into the wrapped key. This has been standardized as a new AES mode in RFC 5297.

See also

References


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Key encapsulation — mechanisms (KEMs) are a form of encryption algorithm designed to secure cryptographic key material. Key encapsulation constructions are typically asymmetric (public key) algorithms, although an equivalent symmetric notion is referred to as Key… …   Wikipedia

  • Wrap Your Love All Around Your Man — Infobox Single Name = Wrap Your Love All Around Your Man Artist = Lynn Anderson from Album = Wrap Your Love All Around Your Man B side = I Couldn t Be Lonely (Even If I Wanted To) Released = 1977 Format = 45 rpm Recorded = 1976 Genre = Country… …   Wikipedia

  • Offline private key protocol — The offline private key protocol (OPKP) is a cryptographic protocol to prevent unauthorized access to back up or archive data. The protocol results in a public key that can be used to encrypt data and an offline private key that can later be used …   Wikipedia

  • Asia Market Wrap — Infobox Television show name = Asia Market Wrap caption = format = business news program, talk show camera = picture format = audio format = runtime = 120 minutes (2 hours) creator = developer = producer = executive producer = presenter =… …   Wikipedia

  • Campfire #14 Home by Key to the Rockies — (Кистон,США) Категория отеля: Адрес: 23024 US Highway 6 Sui …   Каталог отелей

  • Entropic security — is a security definition for encryption for specific message spaces. Standard security definitions such as semantic security permit the adversary a great deal of knowledge about the messages being encrypted for example, the adversary is often… …   Wikipedia

  • List of Bakugan Battle Brawlers characters — This is a list of characters from the Japanese anime series Bakugan Battle Brawlers. Contents 1 Heroes 1.1 Battle Brawlers …   Wikipedia

  • Publius Publishing System — Publius is (was?) a web protocol developed by [http://www.cs.nyu.edu/ waldman/ Waldman] , Rubin [http://lorrie.cranor.org/ Cranor] for allowing individuals the ability to publish information on the web anonymously and with a high guarantee that… …   Wikipedia

  • Horn (instrument) — Corno redirects here. For the river, see Corno (river). French horn redirects here. For the luxury hotel and restaurant, see French Horn, Sonning Eye. Horn Horn Brass instrument Other names …   Wikipedia

  • Glossary of cue sports terms — The following is a glossary of traditional English language terms used in the three overarching cue sports disciplines: carom (or carambole) billiards referring to the various carom games played on a billiard table without pockets; pool (pocket… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”