You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
title: "Revisiting the Indifferentiability of the Sum of Permutations"
68
-
author:
69
-
- ins: A. Gunsing
70
-
- ins: R. Bhaumik
71
-
- ins: A. Jha
72
-
- ins: B. Mennink
73
-
- ins: Y. Shen
74
-
date: 2023-08-09
75
-
seriesinfo:
76
-
CRYPTO 2023, LNCS 14083, pp. 628–660
77
-
target: https://eprint.iacr.org/2023/840.pdf
78
66
DEOXYS-TBC:
79
67
title: "The Deoxys AEAD Family"
80
68
author:
@@ -148,11 +136,9 @@ informative:
148
136
149
137
--- abstract
150
138
151
-
IP addresses are personally identifiable information that requires protection, yet common techniques such as truncation destroy data irreversibly while providing inconsistent privacy guarantees, and ad-hoc encryption schemes often lack interoperability and security analysis.
152
-
153
-
This document specifies secure, efficient methods for encrypting IP addresses for privacy-preserving storage, logging, and analytics, addressing data minimization concerns raised in {{!RFC6973}}.
139
+
This document specifies secure, efficient methods for encrypting IP addresses for privacy-preserving storage, logging, and analytics. Unlike truncation, which destroys data irreversibly, these methods are reversible with the encryption key while providing strong privacy guarantees.
154
140
155
-
Four concrete instantiations are defined: `ipcrypt-deterministic`provides deterministic, format-preserving encryption with 16-byte outputs; `ipcrypt-pfx` provides deterministic, prefix-preserving encryption that maintains network relationships with native address sizes; while `ipcrypt-nd` and `ipcrypt-ndx` introduce randomness to prevent correlation. All methods are reversible with the encryption key and designed for high-performance processing at network speeds.
141
+
Four modes are defined: `ipcrypt-deterministic`(format-preserving, 16-byte output), `ipcrypt-pfx` (prefix-preserving, native address size), `ipcrypt-nd` and `ipcrypt-ndx` (non-deterministic with random tweaks). All support high-performance processing at network speeds and produce interoperable results across implementations.
156
142
157
143
--- middle
158
144
@@ -451,7 +437,7 @@ When the 32-byte key is randomly sampled from a uniform distribution, the probab
451
437
452
438
The `ipcrypt-pfx` construction improves upon earlier designs such as CRYPTO-Pan through enhanced cryptographic security:
453
439
454
-
- Sum-of-Permutations: The XOR of two independently keyed AES-128 permutations provides security beyond the birthday bound {{SUM-OF-PRPS}}, supporting more than 2<sup>78</sup> distinct IP addresses per key {{REVISITING-SUM}}. This construction ensures that even with billions of encrypted addresses, security remains robust.
440
+
- Sum-of-Permutations: The XOR of two independently keyed AES-128 permutations provides 128-bit PRF security {{SUM-OF-PRPS}}, with distinguishing advantage growing on the order of q/2<sup>128</sup> for q queries. This construction ensures robust security even for massive-scale deployments.
455
441
456
442
- Prefix-based context isolation: shift-and-append updates make each bit depend on the full prefix history and ensure fresh PRF input each round.
0 commit comments