public class AES128MultiKeyEncryption extends java.lang.Object implements MultiKeyEncryptionScheme
In this implementation though, we deviate slightly from the classical method by using the PRF on a tweak rather than on the value itself. See Garbling Schemes by Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway Section 5.6. This implementation follows their second suggestion in section .6 (the second paragraph starting with a dash '-' ).
Note that this encryption scheme does not minimize the number of AES set key operations.
MinimizeAESSetKeyGarbledGate for a circuit and gate that do that as
well as a discussion of why a separate circuit was necessary to accomplish this.
This encryption scheme encrypts by setting each key from the
MultiSecretKey as the AES key and then calling AES on the tweak.
We XOR these to each other and then XOR the result to the plaintext.
|Constructor and Description|
|Modifier and Type||Method and Description|
Decrypts the ciphertext.
This method used the individual
This method generates a single
This method is provided with individual
Returns the block size of aes.
Checks if the key for this
Sets the key to the specified
See Garbling Schemes by Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway.
public AES128MultiKeyEncryption(AES aes)
public javax.crypto.SecretKey generateKey()
This is necessary since the user will often need to generate single keys first and then combine them to a single
Consider the following problem: Say we want to garble and compute a gate in Yao's protocol.
Consider a 2 input gate. Each input Wire will have two possible garbled values--corresponding to a 0 value and a 1 value.
These values are <@code SecretKey}s NOTMultiSecretKeys. When we encrypt the truth table, we combine the single
keys to create
MultiSecretKeys. So, if we want to encrypt the 0-0 entry of the truth table, we will take the 0 key from
GarbledWire and combine them to a
MultiSecretKey (using the
Then if we want to encrypt the 0-1 entry, we will use the 0-key from the first wire and the 1-key from the second wire.
We will combine these 2 keys into a single
MultiSecretKey and use this to encrypt. Note that in this example,
the 0-key from the first Wire is combined from 2 different
MultiSecretKeys. First we combined it with the 0-key of the second
wire and then we combined it with the 1-key.
Thus, it is necessary to have a method to generate individual keys and a separate method to combine different single keys into
public MultiSecretKey generateMultiKey(javax.crypto.SecretKey... keys)
SecretKeys and combines them into a
MultiSecretKeythat can be used for encryption and decryption with the
keys- The individual
SecretKeys that make up the
SecretKeyobjects can be passed in an array or as individual parameters.
MultiSecretKeymade up of the
SecretKeys that were passed as parameters.
public void setKey(MultiSecretKey key)
The key that it is currently set to, will be used for encryption and decryption until
setKey() is called again.
public byte encrypt(byte plaintext) throws KeyNotSetException, TweakNotSetException, java.security.InvalidKeyException, PlaintextTooLongException, javax.crypto.IllegalBlockSizeException
SecretKeys that make up the
MultiSecretKeyto encrypt the plaintext.
plaintext- The plaintext to be encrypted.
public byte decrypt(byte ciphertext) throws CiphertextTooLongException, KeyNotSetException, TweakNotSetException, java.security.InvalidKeyException, javax.crypto.IllegalBlockSizeException
ciphertext- The ciphertext to be decrypted
public boolean isKeySet()
MultiKeyEncryptionSchemehas been set.
true if it has been and
false if it has not been.
Before encrypting and decrypting, the key must be set.
public void setTweak(byte tweak)
Some encryption schemes use a tweak and instead of encrypting directly the entry of the plaintext, encrypt the tweak and then XOR the result with the plaintext.
Some encryption schemes do not make use of a tweak, in which case calls to set the tweak have no effect. If you are implementing an encryption scheme that does not use a tweak, just leave the body of this method blank.