Skip to main content
SpringerLink
Log in

Modes of operations for encryption and authentication using stream ciphers supporting an initialisation vector

  • Published:
Cryptography and Communications Aims and scope Submit manuscript

Abstract

We describe a systematic framework for using a stream cipher supporting an initialisation vector (IV) to perform various tasks of authentication and authenticated encryption. These include message authentication code (MAC), authenticated encryption (AE), authenticated encryption with associated data (AEAD) and deterministic authenticated encryption (DAE) with associated data. Several schemes are presented and rigourously analysed. A major component of the constructions is a keyed hash function having provably low collision and differential probabilities. Methods are described to efficiently extend such hash functions to take multiple inputs. In particular, double-input hash functions are required for the construction of AEAD schemes. An important practical aspect of our work is that a designer can combine off-the-shelf stream ciphers with off-the-shelf hash functions to obtain secure primitives for MAC, AE, AEAD and DAE(AD).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Document 1: Specification of the 3GPP confidentiality and integrity algorithms 128-EEA3 & 128-EIA3: 128-EEA3 & 128-EIA3 specification. http://gsmworld.com/our-work/programmes-and-initiatives/fraud-and-security/gsm_security_algorithms.htm (2011). Accessed 18 Dec 2013

  2. eSTREAM, the ECRYPT Stream Cipher Project. http://www.ecrypt.eu.org/stream/. Accessed 18 Dec 2013

  3. Ågren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of grain-128 with optional authentication. Int. J. Wirel. Mob. Comput. 5(1), 48–59 (2011)

    Article  Google Scholar 

  4. Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) Advances in Cryptology - ASIACRYPT 2000, 6th International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, Japan, December 3-7, 2000, Proceedings of Lecture Notes in Computer Science, vol. 1976, pp. 531–545. Springer (2000)

  5. Bellare, M., Rogaway, P.: Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) Advances in Cryptology - ASIACRYPT 2000, 6th International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, Japan, December 3-7, 2000, Proceedings of Lecture Notes in Computer Science, vol. 1976, pp. 317–330. Springer (2000)

  6. Berbain, C., Gilbert, H.: On the security of IV dependent stream ciphers. In: Biryukov, A. (ed.) FSE. Lecture Notes in Computer Science, vol. 4593, pp. 254–273. Springer (2007)

  7. Bernstein, D.J.: Cycle counts for authenticated encryption. Workshop Record of SASC 2007: The State of the Art of Stream Ciphers. http://cr.yp.to/papers.html#aecycles. Accessed 18 Dec 2013

  8. Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE. Lecture Notes in Computer Science, vol. 3557, pp. 32–49. Springer (2005)

  9. Bernstein, D.J.: Stronger security bounds for Wegman-Carter-Shoup authenticators. In: Cramer, R. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 3494, pp. 164–180. Springer (2005)

  10. Bernstein, D.J.: Polynomial evaluation and message authentication. http://cr.yp.to/papers.html#pema (2007)

  11. Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: fast and secure message authentication. In: Wiener, M.J. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 1666, pp. 216–233. Springer (1999)

  12. Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  13. Chakraborty, D., Sarkar, P.: A general construction of tweakable block ciphers and different modes of operations. IEEE Trans. Inf. Theory 54(5), 1991–2006 (2008)

    Article  MathSciNet  Google Scholar 

  14. Dworkin, M.: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. NIST Special Publication 800-38D. csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf (2011)

  15. Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Nyberg, K., Heys, H.M. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 2595, pp. 47–61. Springer (2002)

  16. Ferguson, N., Whiting, D., Schneier, B., Kelsey, J., Lucks, S., Kohno, T.: Helix: fast encryption and authentication in a single cryptographic primitive. In: Johansson, T. (ed.) FSE. Lecture Notes in Computer Science, vol. 2887, pp. 330–346. Springer (2003)

  17. Fuhr, T., Gilbert, H., Reinhard, J.-R., Videau, M.: Analysis of the initial and modified versions of the candidate 3GPP integrity algorithm 128-EIA3. In: Miri, A., Vaudenay, S. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 7118, pp. 230–242. Springer (2011)

  18. Gilbert, E.N., MacWilliams, F.J., Sloane, N.J.A.: Codes which detect deception. Bell Syst. Tech. J. 53, 405–424 (1974)

    Article  MATH  MathSciNet  Google Scholar 

  19. Gligor, V.D., Donescu, P.: Fast encryption and authentication: XCBC encryption and XECB authentication modes. In: Matsui, M. (ed.) FSE. Lecture Notes in Computer Science, vol. 2355, pp. 92–108. Springer (2001)

  20. Halevi, S., Krawczyk, H.: MMH: software message authentication in the Gbit/second rates. In: Biham, E. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 1267, pp. 172–189. Springer (1997)

  21. Iwata, T., Yasuda, K.: Hbs: a single-key mode of operation for deterministic authenticated encryption. In: Dunkelman, O. (ed.) FSE. Lecture Notes in Computer Science, vol. 5665, pp. 394–415. Springer (2009)

  22. Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 2045, pp. 529–544. Springer (2001)

  23. Katz, J., Yung, M.: Complete characterization of security notions for probabilistic private-key encryption. In: STOC, pp. 245–254 (2000)

  24. Krovetz, T.D.: Software-Optimized Universal Hashing and Message Authentication. PhD thesis, University of California, Davis. http://fastcrypto.org/umac/umac_thesis.pdf(2000)

  25. McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT. Lecture Notes in Computer Science, vol. 3348, pp. 343–355. Springer (2004)

  26. Minematsu, K.: A short universal hash function from bit rotation, and applications to blockcipher modes. In: Susilo, W., Reyhanitabar, R. (eds.) ProvSec. Lecture Notes in Computer Science, vol. 8209, pp. 221–238. Springer (2013)

  27. Muller, F.: Differential attacks against the Helix stream cipher. In: Roy, B.K. Meier, W. (eds.) Fast Software Encryption, 11th International Workshop, FSE 2004, Delhi, India, February 5-7, 2004, Revised Papers. Lecture Notes in Computer Science, vol. 3017, pp. 94–108. Springer (2004)

  28. Okamoto, T. (ed.): Advances in Cryptology - ASIACRYPT 2000, 6th International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, Japan, December 3–7, 2000, Proceedings of Lecture Notes in Computer Science, vol. 1976. Springer (2000)

  29. Rabin, M.O., Winograd, S.: Fast evaluation of polynomials by rational preparation. Commun. Pur. Appl. Math. 25, 433–458 (1972)

    Article  MATH  MathSciNet  Google Scholar 

  30. Rogaway, P.: Authenticated-encryption with associated-data. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security, pp. 98–107. ACM (2002)

  31. Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT. Lecture Notes in Computer Science, vol. 3329, pp. 16–31. Springer (2004)

  32. Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B.K., Meier, W. (eds.) Fast Software Encryption, 11th International Workshop, FSE 2004, Delhi, India, February 5–7, 2004, Revised Papers. Lecture Notes in Computer Science, vol. 3017, pp. 348–359. Springer (2004)

  33. Rogaway, P., Bellare, M., Black, J.: OCB: a block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. 6(3), 365–403 (2003)

    Article  Google Scholar 

  34. Rogaway, P., Coppersmith, D.: A software-optimised encryption algorithm. In: Anderson, R.J. (ed.) FSE. Lecture Notes in Computer Science, vol. 809, pp. 56–63. Springer (1993)

  35. Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 4004, pp. 373–390. Springer (2006)

  36. Roy, B.K., Meier, W. (ed.): Fast Software Encryption, 11th International Workshop, FSE 2004, Delhi, India, February 5–7, 2004, Revised Papers. Lecture Notes in Computer Science, vol. 3017. Springer (2004)

  37. Sarkar, P.: A new multi-linear hash family. Des. Codes Crypt. 69(3), 351–367 (2013)

    Google Scholar 

  38. Sarkar, P.: A general mixing strategy for the ECB-Mix-ECB mode of operation. Inf. Process. Lett. 109(2), 121–123 (2008)

    Article  Google Scholar 

  39. Sarkar, P.: Efficient tweakable enciphering schemes from (block-wise) universal hash functions. IEEE Trans. Inf. Theory 55(10), 4749–4759 (2009)

    Article  Google Scholar 

  40. Sarkar, P.: Pseudo-random functions and parallelizable modes of operations of a block cipher. IEEE Trans. Inf. Theory 56(8), 4025–4037 (2010)

    Article  Google Scholar 

  41. Sarkar, P.: A simple generic construction of authenticated encryption with associated data. ACM Trans. Inf. Syst. Secur. 13(4), 33 (2010)

    Article  Google Scholar 

  42. Sarkar, P.: A trade-off between collision probability and key size in universal hashing using polynomials. Des. Codes Cryptogr. 58(3), 271–278 (2011)

    Article  MATH  MathSciNet  Google Scholar 

  43. Shoup, V.: On fast and provably secure message authentication based on universal hashing. In: Koblitz, N. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 1109, pp. 313–328. Springer (1996)

  44. Stinson, D.R.: Universal hashing and authentication codes. Des. Codes Cryptogr. 4(4), 369–380 (1994)

    Article  MATH  MathSciNet  Google Scholar 

  45. Wegman, M.N., Carter, L.: New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22(3), 265–279 (1981)

    Article  MATH  MathSciNet  Google Scholar 

  46. Winograd, S.: A new algorithm for inner product. IEEE Trans. Comput. 17, 693–694 (1968)

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Applied Statistics Unit, Indian Statistical Institute, 203, B.T. Road, Kolkata, India, 700108

    Palash Sarkar

Authors
  1. Palash Sarkar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Palash Sarkar.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Sarkar, P. Modes of operations for encryption and authentication using stream ciphers supporting an initialisation vector. Cryptogr. Commun. 6, 189–231 (2014). https://doi.org/10.1007/s12095-013-0097-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12095-013-0097-7

Keywords

Mathematics Subject Classifications (2010)

Search

Navigation