We discuss security definitions, entropy measures and cryptographic constructions associated with the recently proposed implicit data integrity methodology. Such methodology is applied in order to detect data corruption without producing, storing or verifying mathematical summaries of the content such as Message Authentication Codes (MACs) or checksums. The main idea is that, whereas typical user data demonstrate patterns such as repeated bytes or words, decrypted data resulting from corrupted ciphertexts no longer demonstrate such patterns. Thus, by checking the entropy of decrypted ciphertexts, corruption can be possibly detected.

The paper expands on earlier contributions, arguing for the need of a new notion of security based on the assumption that it is computationally difficult for an adversary to corrupt some ciphertext so that the resulting plaintext demonstrates specific patterns. A second contribution of the paper is a proposal for a new entropy measure that is applicable to short messages. The entropy measure we propose is called “pattern entropy index” and can be efficiently computed for messages that can be as small as 64 bytes. Third, we extend the security analysis of the known cryptographic construction called IVP (Integrity Via Preprocessing). We show that IVP supports implicit data integrity and is secure in input perturbing and oracle replacing adversary models. The cryptographic strength of IVP is 32.169 bits, which is sufficient for defending against online data corruption and content replay attacks. Computationally, IVP is much lighter than other authenticated encryption approaches requiring only two additional encryption rounds in the critical path of a 128-bit block cipher such as AES.

我们讨论与最近提出的隐式数据完整性方法相关的安全性定义，熵测度和密码构造。应用这种方法是为了检测数据损坏，而不产生，存储或验证内容的数学摘要，例如消息验证码（MAC）或校验和。主要思想是，尽管典型的用户数据演示了诸如重复的字节或字之类的模式，但是由损坏的密文导致的解密数据不再演示此类模式。因此，通过检查解密的密文的熵，可以检测到损坏。

本文基于先前的贡献进行了扩展，并基于以下假设：需要一种新的安全性概念，即假设对手在计算上很难破坏某些密文，从而使得所得的明文表现出特定的模式。本文的第二个贡献是提出了一种适用于短消息的新的熵测度的建议。我们提出的熵测度被称为“模式熵指数”，可以有效地计算出大小仅为64字节的消息。第三，我们扩展了称为IVP（通过预处理的完整性）的已知密码结构的安全性分析。我们证明，IVP支持隐式数据完整性，并且在输入干扰和Oracle替换对手模型方面是安全的。IVP的加密强度为32.169位，这足以抵御在线数据损坏和内容重放攻击。从计算上看，IVP比其他经过身份验证的加密方法要轻得多，后者仅需要在128位块密码的关键路径（例如AES）中进行两次额外的加密回合。