Authenticated On-Line Encryption

  • Pierre-Alain Fouque
  • Antoine Joux
  • Gwenaëlle Martinet
  • Frédéric Valette
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3006)


In this paper, we investigate the authenticated encryption paradigm, and its security against blockwise adaptive adversaries, mounting chosen ciphertext attacks on on-the-fly cryptographic devices. We remark that most of the existing solutions are insecure in this context, since they provide a decryption oracle for any ciphertext. We then propose a generic construction called Decrypt-Then-Mask, and prove its security in the blockwise adversarial model. The advantage of this proposal is to apply minimal changes to the encryption protocol. In fact, in our solution, only the decryption protocol is modified, while the encryption part is left unchanged. Finally, we propose an instantiation of this scheme, using the encrypted CBC-MAC algorithm, a secure pseudorandom number generator and the Delayed variant of the CBC encryption scheme.


 Symmetric encryption authenticated encryption chosen ciphertext attacks blockwise adversaries provable security 


  1. 1.
    An, J.H., Bellare, M.: Does encryption with redundancy provide authenticity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 512–528. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom Functions Revisited: The Cascade Construction and its Concrete Security. In: Proceedings of the 37th Symposium on Foundations of Computer Science, IEEE, Los Alamitos (1996)Google Scholar
  3. 3.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of operation. In: Proceedings of the 38th Symposium of Foundations of Computer Science, pp. 394–403. IEEE Computer Society Press, Los Alamitos (1997)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Guérin, R., Rogaway, P.: XOR-MACs: New Methods for Message Authentication using Finite Pseudorandom Functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 15–28. Springer, Heidelberg (1995)Google Scholar
  5. 5.
    Bellare, M., Kilian, J., Rogaway, P.: The Security of the Cipher Block Chaining Message Authentication Code. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Bellare, M., Kohno, T., Namprempre, C.: Authenticated Encryption in SSH: Provably Fixing the SSH Binary Packet Protocol. In: Ninth ACM Conference on Computer and Communications Security, pp. 1–11. ACM Press, New York (2002)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Bellare, M., Rogaway, P.: Encode then encipher encryption: How to exploit nounces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Blaze, M., Feigenbaum, J., Naor, M.: A Formal Treatment of Remotely Keyed Encryption. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 251–265. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    Desai, A., Hevia, A., Yin, Y.L.: A Practice-Oriented Treatment of Pseudorandom Number Generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 368–383. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., An, J.H.: Cancelment and its Applications to Authenticated Encryption. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)Google Scholar
  12. 12.
    FIPS PUB 186-2. Digital Signature Standard. Technical report, National Institute of Standards and Technologies (2001)Google Scholar
  13. 13.
    Fouque, P.-A., Joux, A., Martinet, G., Valette, F.: Authenticated On-line Encryption (2003), Full version of this paper Available at
  14. 14.
    Fouque, P.-A., Martinet, G., Poupard, G.: Practical Symmetric On-line Encryption. In: Johansson, T. (ed.) Proceedings of the Fast Software Encryption Workshop 2003. LNCS, Springer, Heidelberg (2003)Google Scholar
  15. 15.
    Gennaro, R., Rohatgi, P.: How to Sign Digital Streams. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 180–197. Springer, Heidelberg (1997)Google Scholar
  16. 16.
    Goldwasser, S., Bellare, M.: Lecture Notes on Cryptography (2001), Available at
  17. 17.
    Joux, A., Martinet, G., Valette, F.: Blockwise-Adaptive Attackers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 17–30. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Jutla, C.: Encryption Modes with Almost Free Message Integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Katz, J., Yung, M.: Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Petrank, E., Rackoff, C.: CBC-MAC for Real-Time Data Sources. Journal of Cryptology 13(3), 315–338 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption. In: Proceedings of the 8th Conference on Computer and Communications Security, pp. 196–205. ACM Press, New York (2001)CrossRefGoogle Scholar
  22. 22.
    Shoup, V.: OAEP reconsidered (Extended Abstract). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239–259. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Vaudenay, S.: CBC Padding: Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS. In: Knudsen, L. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Pierre-Alain Fouque
    • 1
  • Antoine Joux
    • 1
  • Gwenaëlle Martinet
    • 1
  • Frédéric Valette
    • 1
  1. 1.DCSSI Crypto LabParis 07France

Personalised recommendations