IVP: A Three Level Confusion-Diffusion Network Supporting Implicit Data Integrity

We present a cryptographic construction called IVP and study its security properties. IVP is a three level confusion-diffusion network that supports confidentiality and data integrity without requiring any message expansion of the content, such as, for example, for the computation of a MAC. We demonstrate that IVP is in the recently proposed class of cryptographic constructions called ‘Random Oracles according to Observer functions’ (RO2). These constructions support a new notion of data integrity called ‘implicit’ data integrity, which is based on the fact that user data usually demonstrate some patterns. If some ciphertext becomes corrupted, then the resulting plaintext no longer demonstrates such patterns. Thus, defense against data corruption attacks becomes possible by hardening the computation of ciphertext values, the plaintext of which demonstrates patterns. The encryption key is considered unknown.We show that IVP supports implicit data integrity and is secure in input perturbing and oracle replacing adversary models. The security of IVP is associated with a pattern which is frequently encountered among client and server data. This is the pattern of encountering 4 or more 16-bit words being equal to each other in a set of 32 words. The cryptographic strength of IVP is 30.215 bits, which is sufficient for defending against on-line data corruption and content replay attacks. Computationally, IVP is much lighter than other authenticated encryption approaches requiring only two additional rounds of AES, beyond the AES standard encryption rounds in the critical path. These correspond to some minimal computation overhead.