Abstract
We explore ways to combine associated data \(A\) with a sponge-based authenticated encryption (AE) scheme. In addition to the popular “header” and “trailer” methods, this paper investigates two other methods, concurrent absorption and ciphertext translation. The concurrent absorption is a novel method unique to the sponge construction. The advantage of the concurrent absorption is its efficiency; the number of permutation calls reduces to \(\max \bigl \{|A|/c,\,|M|/r\bigr \}\) where \(|\cdot |\) denotes the bit length, \(c\) the capacity size in bits, and \(r\) the rate size. In particular, if the size of \(A\) is relatively small, i.e. \(|A|/c\le |M|/r\), then there is no need of extra permutation calls for processing \(A\). On the other hand, the ciphertext translation is a generic technique developed by Rogaway (ACM CCS 2002), and in this paper it is concretized as a sponge-based AE scheme. The advantage of the sponge-based ciphertext translation is that it can start encrypting a message \(M\) irrespective of the relative arrival time of \(A\).The efficiency of header and trailer methods can also be improved by using a similar technique. Remarkably, all of these methods are highly secure; the key length being denoted by \(\kappa \), all methods achieve \(\min \bigl \{2^{(r+c)/2},\,2^c/r,\,2^\kappa \bigr \}\) security against nonce-respecting adversaries in the ideal model, as recently shown by Jovanovic et al. (Asiacrypt 2014) for the conventional header and trailer methods.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alizadeh, J., Aref, M.R., Bagheri, N.: Artemia v1. Submission to CAESAR (2014)
Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mendel, F., Mennink, B., Mouha, N., Wang, Q., Yasuda, K.: PRIMATEs v1. Submission to CAESAR (2014)
Aumasson, J.P., Jovanovic, P., Neves, S.: NORX V1. Submission to CAESAR (2014)
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)
Bernstein, D.: CAESAR Competition (2013). http://competitions.cr.yp.to/caesar.html
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012)
Bertoni, G., Daemen, J., Peeters, M., Assche, G.V., Keer, R.V.: CAESAR submission: Keyak v1. Submission to CAESAR (2014)
Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Permutation-based encryption, authentication and authenticated encryption. In: Workshop Records of DIAC 2012, pp. 159–170 (2012)
Choy, J., Yap, H., Khoo, K., Guo, J., Peyrin, T., Poschmann, A., Tan, C.H.: SPN-Hash: improving the provable resistance against differential collision attacks. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 270–286. Springer, Heidelberg (2012)
Daemen, J., Rijmen, V.: A new MAC construction ALRED and a specific instance ALPHA-MAC. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 1–17. Springer, Heidelberg (2005)
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1. Submission to CAESAR (2014)
Information Sciences Institute University of Southern California: INTERNET PROTOCOL. Internet Engineering Task Force (IETF), RFC 791 (1981). https://www.ietf.org/rfc/rfc791.txt
Iwata, T., Minematsu, K.: Generating a fixed number of masks with word permutations and XORs. In: DIAC 2013: Directions in Authenticated Ciphers (2013)
Jovanovic, P., Luykx, A., Mennink, B.: Beyond \(2^{c/2}\) security in sponge-based authenticated encryption modes. Cryptology ePrint Archive, Report 2014/373 (2014)
Jovanovic, P., Luykx, A., Mennink, B.: Beyond 2\(^\text{ c/2 }\) security in sponge-based authenticated encryption modes. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 85–104. Springer, Heidelberg (2014)
Kavun, E.B., Lauridsen, M.M., Leander, G., Rechberger, C., Schwabe, P., Yalçın, T.: Prøst v1. Submission to CAESAR (2014)
Mendel, F., Mennink, B., Rijmen, V., Tischhauser, E.: A simple key-recovery attack on McOE-X. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 23–31. Springer, Heidelberg (2012)
Morawiecki, P., Gaj, K., Homsirikamol, E., Matusiewicz, K., Pieprzyk, J., Rogawski, M., Srebrny, M., Wójcik, M.: ICEPOLE v1. Submission to CAESAR (2014)
Reyhanitabar, R., Vizár, D.: Careful with misuse resistance of online AEAD. Posted to CAESAR Mailing List (2014). https://groups.google.com/forum/#!topic/crypto-competitions/o5uMRvi6L74
Rogaway, P.: Authenticated-encryption with associated-data. In: Atluri, V. (ed.) ACM CCS 2002, pp. 98–107. ACM (2002)
Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: Reiter, M.K., Samarati, P. (eds.) ACM CCS 2001, pp. 196–205. ACM (2001)
Saarinen, M.J.O.: The CBEAMr1 authenticated encryption algorithm. Submission to CAESAR (2014)
Saarinen, M.J.O.: The STRIBOBr 1 authenticated encryption algorithm. Submission to CAESAR (2014)
Tetsu Iwata, Kazuhiko Minematsu, J.G., Morioka, S.: CLOC: Authenticated encryption for short input. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS. Springer (2014) (to appear)
Tetsu Iwata, Kazuhiko Minematsu, J.G., Morioka, S.: CLOC: Compact low-overhead CFB. Submission to CAESAR (2014)
Tetsu Iwata, Kazuhiko Minematsu, J.G., Morioka, S., Kobayashi, E.: SILC: Simple lightweight CFB. Submission to CAESAR (2014)
Wu, H.: The hash function JH. Submission to NIST SHA-3 Competition (2011)
Yasuda, K.: Boosting merkle-damgård hashing for message authentication. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 216–231. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Sasaki, Y., Yasuda, K. (2015). How to Incorporate Associated Data in Sponge-Based Authenticated Encryption. In: Nyberg, K. (eds) Topics in Cryptology –- CT-RSA 2015. CT-RSA 2015. Lecture Notes in Computer Science(), vol 9048. Springer, Cham. https://doi.org/10.1007/978-3-319-16715-2_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-16715-2_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16714-5
Online ISBN: 978-3-319-16715-2
eBook Packages: Computer ScienceComputer Science (R0)