Journal of Cryptology

, Volume 21, Issue 4, pp 547–578

Encryption Modes with Almost Free Message Integrity


DOI: 10.1007/s00145-008-9024-z

Cite this article as:
Jutla, C.S. J Cryptol (2008) 21: 547. doi:10.1007/s00145-008-9024-z


We define a new mode of operation for block ciphers which, in addition to providing confidentiality, also ensures message integrity. In contrast, previously for message integrity a separate pass was required to compute a cryptographic message authentication code (MAC). The new mode of operation, called Integrity Aware Parallelizable Mode (IAPM), requires a total of m+1 block cipher evaluations on a plain-text of length m blocks. For comparison, the well-known CBC (cipher block chaining) encryption mode requires m block cipher evaluations, and the second pass of computing the CBC-MAC essentially requires additional m+1 block cipher evaluations. As the name suggests, the new mode is also highly parallelizable.


Block ciphers Encryption Authentication Pairwise independent Parallelizable 

Copyright information

© International Association for Cryptologic Research 2008

Authors and Affiliations

  1. 1.IBM T.J. Watson Research CenterYorktown HeightsUSA

Personalised recommendations