125 research outputs found
Parallelizable Rate-1 Authenticated Encryption from Pseudorandom Functions
This paper proposes a new scheme for authenticated encryption (AE) which is typically realized as a blockcipher mode of operation.
The proposed scheme has attractive features for fast and compact operation.
When it is realized with a blockcipher, it requires one blockcipher call to process one input block (i.e. rate-1), and uses the encryption function of the blockcipher for both encryption and decryption.
Moreover, the scheme enables one-pass, parallel operation under two-block partition.
The proposed scheme thus attains similar characteristics as the seminal OCB mode, without using the inverse blockcipher.
The key idea of our proposal is a novel usage of two-round Feistel permutation, where the round functions are derived from the theory of tweakable blockcipher.
We also provide basic software results, and describe some ideas on using a non-invertible primitive, such as a keyed hash function
General Classification of the Authenticated Encryption Schemes for the CAESAR Competition
An Authenticated encryption scheme is a scheme which provides privacy and integrity by using a secret key. In 2013, CAESAR (the ``Competition for Authenticated Encryption: Security, Applicability, and Robustness\u27\u27) was co-founded by NIST and Dan Bernstein with the aim of finding authenticated encryption schemes
that offer advantages over AES-GCM and are suitable for widespread adoption.
The first round started with 57 candidates in March 2014; and nine of these
first-round candidates where broken and withdrawn from the competition. The
remaining 48 candidates went through an intense process of review, analysis
and comparison. While the cryptographic community benefits greatly from the
manifold different submission designs, their sheer number
implies a challenging amount of study. This paper provides
an easy-to-grasp overview over functional aspects, security parameters, and
robustness offerings by the CAESAR candidates, clustered by their underlying
designs (block-cipher-, stream-cipher-, permutation-/sponge-,
compression-function-based, dedicated). After intensive review and analysis of all 48 candidates by the community, the CAESAR committee selected only 30 candidates for the second round. The announcement for the third round candidates was made on 15th August 2016 and 15 candidates were chosen for the third round
Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption
A popular approach to tweakable blockcipher design is via masking, where a certain primitive (a blockcipher or a permutation) is preceded and followed by an easy-to-compute tweak-dependent mask. In this work, we revisit the principle of masking. We do so alongside the introduction of the tweakable Even-Mansour construction MEM. Its masking function combines the advantages of word-oriented LFSR- and powering-up-based methods. We show in particular how recent advancements in computing discrete logarithms over finite fields of characteristic 2 can be exploited in a constructive way to realize highly efficient, constant-time masking functions. If the masking satisfies a set of simple conditions, then MEM is a secure tweakable blockcipher up to the birthday bound. The strengths of MEM are exhibited by the design of fully parallelizable authenticated encryption schemes OPP (nonce-respecting) and MRO (misuse-resistant). If instantiated with a reduced-round BLAKE2b permutation, OPP and MRO achieve speeds up to 0.55 and 1.06 cycles per byte on the Intel Haswell microarchitecture, and are able to
significantly outperform their closest competitors
Inapplicability of Differential Fault Attacks against Cellular Automata based Lightweight Authenticated Cipher
Authenticated encryption (AE) schemes are a necessity to secure
the physical devices connected to the Internet. Two AE schemes,
TinyJambu and Elephant, are finalists of NIST lightweight
cryptography competition. Another AE scheme, ACORN v3, a
CAESAR competition finalist, has been shown to be particularly
vulnerable against Differential Fault Attack (DFA), even more
than its previous version ACORN v2. TinyJambu is also
susceptible to DFA. An optimized interpolation attack has been
proposed against one instance of Elephant, Delirium, recently.
We propose methods to strengthen these schemes using the
Cellular Automata (CA) and increase their resistance to these
attacks. The Programmable Cellular Automata (PCA) 90-150
is effectively deployed to make these ciphers robust against
DFA. We also provide mathematical analysis of the invigorated
schemes and show that significant improvement is achieved in all
the three enhanced schemes
Authenticated Encryption with Small Stretch (or, How to Accelerate AERO)
Standard form of authenticated encryption (AE) requires the ciphertext to be expanded by
the nonce and the authentication tag. These expansions can be problematic
when messages are relatively short and communication cost is high.
To overcome the problem we propose a new form of AE scheme, MiniAE, which expands the ciphertext only by the single variable integrating nonce and tag.
An important feature of MiniAE is that it requires the receiver to be stateful not only for detecting replays but also for detecting forgery of any type.
McGrew and Foley already proposed a scheme having this feature, called AERO, however,
there is no formal security guarantee based on the provable security framework.
We provide a provable security analysis for MiniAE, and
show several provably-secure schemes using standard symmetric crypto primitives.
This covers a generalization of AERO, hence our results imply a provable security of AERO.
Moreover, one of our schemes has a similar structure as OCB mode of operation and enables rate-1 operation, i.e. only one blockcipher call to process one input block. This implies that the computation cost of MiniAE can be as small as encryption-only schemes
Tweakable Blockciphers for Efficient Authenticated Encryptions with Beyond the Birthday-Bound Security
Modular design via a tweakable blockcipher (TBC) offers efficient authenticated encryption (AE) schemes (with associated data) that call a blockcipher once for each data block (of associated data or a plaintext). However, the existing efficient blockcipher-based TBCs are secure up to the birthday bound, where the underlying keyed blockcipher is a secure strong pseudorandom permutation. Existing blockcipher-based AE schemes with beyond-birthday-bound (BBB) security are not efficient, that is, a blockcipher is called twice or more for each data block. In this paper, we present a TBC, XKX, that offers efficient blockcipher-based AE schemes with BBB security, by combining with efficient TBC-based AE schemes such as ÎCB3 an
Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption
A popular approach to tweakable blockcipher design is via masking, where a certain primitive (a blockcipher or a permutation) is preceded and followed by an easy-to-compute tweak-dependent mask. In this work, we revisit the principle of masking. We do so alongside the introduction of the tweakable Even-Mansour construction MEM. Its masking function combines the advantages of word-oriented LFSR- and powering-up-based methods. We show in particular how recent advancements in computing discrete logarithms over finite fields of characteristic 2 can be exploited in a constructive way to realize highly efficient, constant-time masking functions. If the masking satisfies a set of simple conditions, then MEM is a secure tweakable blockcipher up to the birthday bound. The strengths of MEM are exhibited by the design of fully parallelizable authenticated encryption schemes OPP (nonce-respecting) and MRO (misuse-resistant). If instantiated with a reduced-round BLAKE2b permutation, OPP and MRO achieve speeds up to 0.55 and 1.06 cycles per byte on the Intel Haswell microarchitecture, and are able to significantly outperform their closest competitors
Efficient Lattice-based Authenticated Encryption: A Practice-Oriented Provable Security Approach
Lattice-based cryptography has been received significant attention in the past decade. It has attractive properties such as being a major post-quantum cryptography candidate, enjoying worst-case to average-case security reductions, and being supported by efficient implementations.In recent years, lattice-based schemes have achieved enough maturity to become interesting also for the industry. Additionally, authenticated encryption (AE) is another important topic in the community of cryptography.
In this paper, considering two above-mentioned subjects, we propose three lattice-based AEs with an acceptable practical efficiency. These schemes are provably secure assuming the hardness of elementary lattice problems. That is in contrast to the other practical provably-secure AEs, which are based on the hardness assumption of another cryptographic primitive, such as AES. Moreover, we analyze the exact security of these schemes in the paradigm of practice-oriented provable security, while the security proofs of almost all previous lattice-based schemes are asymptotic. The implementation results show that one of the proposed schemes becomes even faster than an AES-256-GCM implementation to encrypt messages of length 64 bytes or longer. Particularly, for a 1500-byte message, this scheme is 34% faster than AES-256-GCM
- âŠ