Journal of Cryptology

, Volume 21, Issue 4, pp 547-578

First online:

Encryption Modes with Almost Free Message Integrity

  • Charanjit S. JutlaAffiliated withIBM T.J. Watson Research Center Email author 

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access


We define a new mode of operation for block ciphers which, in addition to providing confidentiality, also ensures message integrity. In contrast, previously for message integrity a separate pass was required to compute a cryptographic message authentication code (MAC). The new mode of operation, called Integrity Aware Parallelizable Mode (IAPM), requires a total of m+1 block cipher evaluations on a plain-text of length m blocks. For comparison, the well-known CBC (cipher block chaining) encryption mode requires m block cipher evaluations, and the second pass of computing the CBC-MAC essentially requires additional m+1 block cipher evaluations. As the name suggests, the new mode is also highly parallelizable.


Block ciphers Encryption Authentication Pairwise independent Parallelizable