Abstract

In cryptography, the common approach to defining secure channels is to consider transportation of discrete messages provided via atomic encryption and decryption interfaces. This, however, ignores that many real-world protocols (including TLS , DTLS, and SSH ) offer streaming interfaces instead, being exposed to the risk that the network (possibly under adversarial control) may deliver arbitrary fragments of ciphertexts to the receiver.

In this talk I will present our recent study of stream-based channels, which addresses this deficiency by proposing functionality and security notions that take the peculiarities of streams into account. Moreover, we prove (a generalization of) a well-known composition result, stating that chosen-plaintext indistinguishability and ciphertext integrity together imply chosen-ciphertext indistinguishability, for the setting of streaming channels. As a feasibility result, we show how to construct a stream-based channel from authenticated encryption.