How to Incorporate Associated Data in Sponge-Based Authenticated Encryption

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9048)

Abstract

We explore ways to combine associated data \(A\) with a sponge-based authenticated encryption (AE) scheme. In addition to the popular “header” and “trailer” methods, this paper investigates two other methods, concurrent absorption and ciphertext translation. The concurrent absorption is a novel method unique to the sponge construction. The advantage of the concurrent absorption is its efficiency; the number of permutation calls reduces to \(\max \bigl \{|A|/c,\,|M|/r\bigr \}\) where \(|\cdot |\) denotes the bit length, \(c\) the capacity size in bits, and \(r\) the rate size. In particular, if the size of \(A\) is relatively small, i.e. \(|A|/c\le |M|/r\), then there is no need of extra permutation calls for processing \(A\). On the other hand, the ciphertext translation is a generic technique developed by Rogaway (ACM CCS 2002), and in this paper it is concretized as a sponge-based AE scheme. The advantage of the sponge-based ciphertext translation is that it can start encrypting a message \(M\) irrespective of the relative arrival time of \(A\).The efficiency of header and trailer methods can also be improved by using a similar technique. Remarkably, all of these methods are highly secure; the key length being denoted by \(\kappa \), all methods achieve \(\min \bigl \{2^{(r+c)/2},\,2^c/r,\,2^\kappa \bigr \}\) security against nonce-respecting adversaries in the ideal model, as recently shown by Jovanovic et al. (Asiacrypt 2014) for the conventional header and trailer methods.

Keywords

CAESAR AEAD Sponge Duplex Donkey Monkey Capacity Beyond \(2^{c/2}\) security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Alizadeh, J., Aref, M.R., Bagheri, N.: Artemia v1. Submission to CAESAR (2014)Google Scholar
  2. 2.
    Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mendel, F., Mennink, B., Mouha, N., Wang, Q., Yasuda, K.: PRIMATEs v1. Submission to CAESAR (2014)Google Scholar
  3. 3.
    Aumasson, J.P., Jovanovic, P., Neves, S.: NORX V1. Submission to CAESAR (2014)Google Scholar
  4. 4.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996) Google Scholar
  5. 5.
    Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000) Google Scholar
  6. 6.
    Bernstein, D.: CAESAR Competition (2013). http://competitions.cr.yp.to/caesar.html
  7. 7.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008) Google Scholar
  8. 8.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012) Google Scholar
  9. 9.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V., Keer, R.V.: CAESAR submission: Keyak v1. Submission to CAESAR (2014)Google Scholar
  10. 10.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Permutation-based encryption, authentication and authenticated encryption. In: Workshop Records of DIAC 2012, pp. 159–170 (2012)Google Scholar
  11. 11.
    Choy, J., Yap, H., Khoo, K., Guo, J., Peyrin, T., Poschmann, A., Tan, C.H.: SPN-Hash: improving the provable resistance against differential collision attacks. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 270–286. Springer, Heidelberg (2012) Google Scholar
  12. 12.
    Daemen, J., Rijmen, V.: A new MAC construction ALRED and a specific instance ALPHA-MAC. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 1–17. Springer, Heidelberg (2005) Google Scholar
  13. 13.
    Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1. Submission to CAESAR (2014)Google Scholar
  14. 14.
    Information Sciences Institute University of Southern California: INTERNET PROTOCOL. Internet Engineering Task Force (IETF), RFC 791 (1981). https://www.ietf.org/rfc/rfc791.txt
  15. 15.
    Iwata, T., Minematsu, K.: Generating a fixed number of masks with word permutations and XORs. In: DIAC 2013: Directions in Authenticated Ciphers (2013)Google Scholar
  16. 16.
    Jovanovic, P., Luykx, A., Mennink, B.: Beyond \(2^{c/2}\) security in sponge-based authenticated encryption modes. Cryptology ePrint Archive, Report 2014/373 (2014)Google Scholar
  17. 17.
    Jovanovic, P., Luykx, A., Mennink, B.: Beyond 2\(^\text{ c/2 }\) security in sponge-based authenticated encryption modes. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 85–104. Springer, Heidelberg (2014) Google Scholar
  18. 18.
    Kavun, E.B., Lauridsen, M.M., Leander, G., Rechberger, C., Schwabe, P., Yalçın, T.: Prøst v1. Submission to CAESAR (2014)Google Scholar
  19. 19.
    Mendel, F., Mennink, B., Rijmen, V., Tischhauser, E.: A simple key-recovery attack on McOE-X. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 23–31. Springer, Heidelberg (2012) Google Scholar
  20. 20.
    Morawiecki, P., Gaj, K., Homsirikamol, E., Matusiewicz, K., Pieprzyk, J., Rogawski, M., Srebrny, M., Wójcik, M.: ICEPOLE v1. Submission to CAESAR (2014)Google Scholar
  21. 21.
    Reyhanitabar, R., Vizár, D.: Careful with misuse resistance of online AEAD. Posted to CAESAR Mailing List (2014). https://groups.google.com/forum/#!topic/crypto-competitions/o5uMRvi6L74
  22. 22.
    Rogaway, P.: Authenticated-encryption with associated-data. In: Atluri, V. (ed.) ACM CCS 2002, pp. 98–107. ACM (2002)Google Scholar
  23. 23.
    Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: Reiter, M.K., Samarati, P. (eds.) ACM CCS 2001, pp. 196–205. ACM (2001)Google Scholar
  24. 24.
    Saarinen, M.J.O.: The CBEAMr1 authenticated encryption algorithm. Submission to CAESAR (2014)Google Scholar
  25. 25.
    Saarinen, M.J.O.: The STRIBOBr 1 authenticated encryption algorithm. Submission to CAESAR (2014)Google Scholar
  26. 26.
    Tetsu Iwata, Kazuhiko Minematsu, J.G., Morioka, S.: CLOC: Authenticated encryption for short input. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS. Springer (2014) (to appear)Google Scholar
  27. 27.
    Tetsu Iwata, Kazuhiko Minematsu, J.G., Morioka, S.: CLOC: Compact low-overhead CFB. Submission to CAESAR (2014)Google Scholar
  28. 28.
    Tetsu Iwata, Kazuhiko Minematsu, J.G., Morioka, S., Kobayashi, E.: SILC: Simple lightweight CFB. Submission to CAESAR (2014)Google Scholar
  29. 29.
    Wu, H.: The hash function JH. Submission to NIST SHA-3 Competition (2011)Google Scholar
  30. 30.
    Yasuda, K.: Boosting merkle-damgård hashing for message authentication. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 216–231. Springer, Heidelberg (2007) Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.NTT Secure Platform LaboratoriesTokyoJapan

Personalised recommendations