Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [deterministic-encryption]

A deterministic encryption scheme is a cryptosystem which always produces the same ciphertext for a given plaintext and key, even over separate executions of the encryption algorithm.

A deterministic encryption scheme is a cryptosystem which always produces the same ciphertext for a given plaintext and key, even over separate executions of the encryption algorithm.

73 questions
15
votes
2 answers

Why is synthetic IV (SIV) mode considered deterministic authenticated encryption (DAE)?

I was just going over my (old) notes from Coursera's Cryptography I course, and I was puzzled by the description of SIV as providing deterministic authenticated encryption (DAE). The general SIV construction shown is to first compute a MAC over the…
Neil Madden
  • 557
  • 3
  • 13
11
votes
1 answer

What is Deterministic Authenticated Encryption?

I came across something known as deterministic authenticated encryption in my studies, and a lot of people were associating it with Synthetic IV mode. I am having trouble understanding what exactly DAE is because I thought that if something was…
winsticknova
  • 269
  • 2
  • 6
10
votes
3 answers

Are there deterministic private-key encryption schemes that are CPA-secure?

I'm assuming there can't be such schemes because CPA-security is equivalent to CPA-security for multiple encryptions, and an adversary can distinguish between $(\mathsf{Enc}_k(m_0),\mathsf{Enc}_k(m_0))$ and…
sahisb
  • 113
  • 1
  • 7
8
votes
1 answer

Deterministic Encryption with AES GCM - how to choose the IV (nonce)

I have not a very large background in cryptography so I hope these questions are not very dumb. I don't want to reinvent the wheel, I'm just looking for advise on the best practices about how to build the following. I've seeking and reading for…
inieto
  • 183
  • 1
  • 5
7
votes
2 answers

Deterministic Encryption using AES

I am in need of a deterministic encryption algorithm I can use on social security numbers (9 character string, numbers only) that I will store encrypted in a MongoDB and need to be able to search for them and recall them (ruling out one way…
josh
  • 173
  • 1
  • 6
7
votes
2 answers

Security of Deterministic Encryption Scheme

A deterministic encryption scheme is a cryptosystem which always produces the same ciphertext for a given plaintext and key, even over separate executions of the encryption algorithm. Although we cannot achieve semantic security or…
sashank
  • 6,234
  • 4
  • 36
  • 68
7
votes
2 answers

Why does adding PKCS#1 v1.5 padding make RSA encryption non-deterministic?

I'm quite a beginner to cryptography, but have been implementing some encryption according to a specification over the last few weeks using the PyCrypto library. I've discovered that when encrypting using RSA public keys alone, encryption appears to…
majackson
  • 181
  • 1
  • 1
  • 4
7
votes
1 answer

Security of this deterministic encryption scheme

I recently came across a library that promises to do deterministic encryption with the following scheme: AES with 256 bit key in CBC mode with PKCS7 padding and Synthetic Initialization vector taken from the first 16 bytes of the HMACSHA256 mac of…
user2398029
  • 523
  • 1
  • 3
  • 14
6
votes
1 answer

What is the best way to pseudonymise IP addresses while retaining the ability to identify those that share a subnet?

Background: I'm developing an app that is based around registered users voting on stuff, and I want to create a heuristic that involves IP addresses as one way to flag accounts for further investigation of potential multiple account+vote abuse. In…
Inkling
  • 191
  • 9
6
votes
1 answer

Deterministic Authenticated Encryption with AES-OFB and HMAC

I have an encrypted column in a database that stores sensitive information. The existing encryption scheme is deterministic and a database index exists on the encrypted value to allow searching. I am upgrading the encryption scheme to use…
Nathan
  • 135
  • 5
6
votes
2 answers

Why is padding the plaintext with a random string before encryption worse than OAEP / PKCS#7?

I'm reading about OAEP / PKCS padding used for PGP to turn deterministic algorithms like RSA from deterministic encryption to probabilistic encryption (randomness in the resulting output). That way the same input encrypted with RSA should produce a…
Xeoncross
  • 663
  • 1
  • 8
  • 16
6
votes
2 answers

Do deterministic secret sharing schemes exist?

Are there algorithms for secure secret sharing such that the algorithm depends solely on the value being secured, relying on no randomness in its calculations. If there aren't, is such an algorithm an impossibility? If there are, what are some…
Tyler Spaeth
  • 95
  • 3
6
votes
1 answer

Public-Key Deterministic Encryption : Why does not provide perfect security?

I've got a question about an assignment . The question is "Why a Public-Key Deterministic Encryption Algorithm does not provide perfect security ?" . I suppose it means according to Shannon . Any help could be awesome!
IrishDog
  • 163
  • 1
  • 4
5
votes
1 answer

Is this method of deterministically using CBC secure?

I'm trying to design a deterministic encryption scheme to enable searching in untrusted databases with the smallest possible IV overhead on ciphertexts. I know it's very bad practice but unfortunately it's a business requirement, so I'm just trying…
pg1989
  • 4,736
  • 25
  • 43
5
votes
1 answer

How to Implement Deterministic Encryption Safely in .NET

I am trying to implement a deterministic encryption scheme in .NET. This link suggests I use AES-SIV mode encryption. An alternative is to use AES-CTR [ k1, nonce, message] mode with HMAC[ k2, message] as the nonce. This is effectively the same as…
user67091
  • 51
  • 2
1
2 3 4 5