Single-Path Authenticated-Encryption Scheme Based on Universal Hashing

  • Soichi Furuya
  • Kouichi Sakurai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2595)


An authenticated-encryption scheme is frequently used to provide a communication both with confidentiality and integrity. For stream ciphers, i.e., an encryption scheme using a cryptographic pseudorandom-number generator, this objective can be achieved by the simple combination of encryption and MAC generation. This naive approach, however, introduces the following drawbacks; the implementation is likely to require two scans of the data, and independent keys for the encryption and MAC generations must be exchanged. The single-path construction of an authenticated-encryption scheme for a stream cipher is advantageous in these two aspects but non-trivial design. In this paper we propose a single-path authenticated-encryption scheme with provable security. This scheme is based on one of the well-known -almost-universal hash functions, the evaluation hash. The encryption and decryption of the scheme can be calculated by single-path operation on a plaintext and a ciphertext. We analyze the security of the proposed scheme and give a security proof, which claims that the security of the proposed scheme can be reduced to that of an underlying PRNG in the indistinguishability from random bits. The security model we use, realor-random, is one of the strongest notions amongst the four well-known notions for confidentiality, and an encryption scheme with real-or-random sense security can be efficiently reduced to the other three security notions. We also note that the security of the proposed scheme is tight.


Stream cipher mode of operation provable security message authentication real-or-random security 


  1. [BDJR97]
    M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, “A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation,” Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997, full paper is available at
  2. [BGV96]
    A. Bosselaers, R. Govaerts, and J. Vandewalle, “Fast Hashing on the Pentium,” Advances in Cryptology, —CRYPTO’96, LNCSVol. 1109, Springer-Verlag, 1996.Google Scholar
  3. [BKR94]
    M. Bellare, J. Kilian, and P. Rogaway, “The Security of Cipher Block Chaining,” Advances in Cryptology, —CRYPTO’94, LNCS Vol. 839, Springer-Verlag, 1994.Google Scholar
  4. [BHKKR99]
    J. Black and S. Halevi, H. Krawczyk, T. Krovets, P. Rogaway, “UMAC: Fast and Secure Message Authentication,” Advances in Cryptology, — CRYPTO’99, LNCS Vol. 1666, Springer-Verlag, 1999.Google Scholar
  5. [CW79]
    L. Carter and M. Wegman, “Universal Hash Functions,” Journal of Computer and System Sciences, Vol. 18, 1979.Google Scholar
  6. [DC98]
    J. Daemen and C. Clapp, “Fast Hashing and Stream Encryption with PANAMA,” Fast Software Encryption, 5th International Workshop, FSE’98, Proceedings, LNCS Vol. 1372, Springer-Verlag, 1998.zbMATHGoogle Scholar
  7. [FS01]
    S. Furuya, D. Watanabe, Y. Seto, and K. Takaragi, “Integrity-Aware Mode of Stream Cipher,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E85-A No.1, pp.58–65, 2002.Google Scholar
  8. [HK97]
    S. Halevi and H. Krawczyk, “MMH: Software Message Authentication in the Gbit/second Rates,” Fast Software Encryption, 4th International Workshop, FSE’97, LNCS Vol. 1267, Springer-Verlag, 1997.zbMATHGoogle Scholar
  9. [GD01]
    V. D. Gligor and P. Donescu, “Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes,” In Preproceedings of FSE 2001, 8th Fast Software Encryption Workshop, Yokohama Japan, 2001.Google Scholar
  10. [G00]
    J. D. Golić, “Modes of Operation of Stream Ciphers,” Selected Areas in Cryptography, 7th Annual International Workshop, SAC 2000 Proceedings, LNCS Vol. 2012, Springer-Verlag, 2001.CrossRefGoogle Scholar
  11. [JV98]
    M. H. Jakubowski and R. Venkatesan, “The Chain & Sum Primitive and Its Applications to MACs and Stream Ciphers,” Advances in Cryptology, — EUROCRYPT’98, LNCS Vol. 1403, Springer-Verlag, 1998.Google Scholar
  12. [J97]
    T. Johansson, “Bucket Hashing with Small Key Size,” Advances in Cryptology, —EUROCRYPT’97, LNCS Vol. 1233, Springer-Verlag, 1997.Google Scholar
  13. [J01]
    C. S. Jutla, “Encryption Modes with Almost Free Message Integrity,” Advances in Cryptology, —EUROCRYPT2001, LNCS Vol. 2045, Springer-Verlag, 2001.Google Scholar
  14. [KY00]
    J. Katz and M. Yung, “Unforgeable Encryption and Chosen Cipher Secure Modes of Operation,” Fast Software Encryption, 7th International Workshop, FSE2000, LNCS Vol. 1978, Springer-Verlag, 2001.CrossRefGoogle Scholar
  15. [NP99]
    W. Nevelsteen and B. Preneel, “Software Performance of Universal Hash Functions,” Advances in Cryptology, —EUROCRYPT’99, LNCS Vol. 1592, Springer-Verlag, 1999.Google Scholar
  16. [PR99]
    S. Patel and Z. Ramzan, “Square Hash: Fast Message Authentication via Optimized Universal Hash Functions,” Advances in Cryptology, —CRYPTO’99, LNCS Vol. 1666, Springer-Verlag, 1999.Google Scholar
  17. [PvO96]
    B. Preneel and P. van Oorschot, “On The Security of Two MAC Algorithms,” Advances in Cryptology, —EUROCRYPT’96, LNCS Vol. 1070, Springer-Verlag, 1996.Google Scholar
  18. [R97]
    M. Roe, “Cryptography and Evidence,” Doctoral Dissertation with the University of Cambridge, 1997. available at
  19. [RBBK01]
    P. Rogaway, M. Bellare, J. Black, and T. Krovetz, “OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption,” Eights ACM conference on computer and communications security CCS-8, ACM Press, 2001.Google Scholar
  20. [S49]
    C. E. Shannon, “A Mathematical Theory of Communication,” Bell Systems Technical Journal, Vol.28, No.4, 1949.Google Scholar
  21. [S96]
    V. Shoup, “On Fast And Provably Secure Message Authentication Based on Universal Hashing,” Advances in Cryptology, —CRYPTO’96, LNCS Vol. 1109, Springer-Verlag, 1996.Google Scholar
  22. [T93]
    R. Taylor, “An Integrity Check Value Algorithm for Stream Ciphers,” Advances in Cryptology, —CRYPTO’93, LNCS Vol. 773, Springer-Verlag, 1993.Google Scholar
  23. [WC81]
    M. Wegman and L. Carter, “New Hash Functions And Their Use in Authentication And Set Equality,” Journal of Computer and System Sciences, Vol. 22, 1981.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Soichi Furuya
    • 1
  • Kouichi Sakurai
    • 2
  1. 1.Systems Development LaboratoryHitachi, Ltd.YokohamaJapan
  2. 2.Dept. of Computer Science and Communications EngineeringKyushu UniversityFukuokaJapan

Personalised recommendations