Advertisement

Authenticated Encryption Mode for Beyond the Birthday Bound Security

  • Tetsu Iwata
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5023)

Abstract

In this paper, we propose an authenticated encryption mode for blockciphers. Our authenticated encryption mode, CIP, has provable security bounds which are better than the usual birthday bound security. Besides, the proven security bound for authenticity of CIP is better than any of the previously known schemes. The design is based on the encrypt-then-PRF approach, where the encryption part uses a key stream generation of CENC, and the PRF part combines a hash function based on the inner product and a blockcipher.

Keywords

Blockcipher modes of operation authenticated encryption security proofs birthday bound 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of The 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, pp. 394–405. IEEE, Los Alamitos (1997)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Guerin, R., Rogaway, P.: XOR MACs: New methods for message authentication using finite pseudorandom functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 15–28. Springer, Heidelberg (1995)Google Scholar
  3. 3.
    Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. JCSS, 61(3), 362–399 (2000); Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Black, J., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Gligor, V.G., Donescu, P.: Fast encryption and authentication: XCBC encryption and XECB authentication modes. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 92–108. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Iwata, T.: New blockcipher modes of operation with beyond the birthday bound security. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 310–317. Springer, Heidelberg (2006), http://www.nuee.nagoya-u.ac.jp/labs/tiwata/ CrossRefGoogle Scholar
  10. 10.
    Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Jaulmes, E., Joux, A., Valette, F.: On the security of randomized CBC-MAC beyond the birthday paradox limit: A new construction. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 237–251. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Jonsson, J.: On the Security of CTR+CBC-MAC. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 76–93. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Kohno, T., Viega, J., Whiting, D.: CWC: A high-performance conventional authenticated encryption mode. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 408–426. Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Lefranc, D., Painchault, P., Rouat, V., Mayer, E.: A generic method to design modes of operation beyond the birthday bound. In: Preproceedings of the 14th annual workshop on Selected Areas in Cryptography, SAC 2007 (2007)Google Scholar
  17. 17.
    Lucks, S.: The two-pass authenticated encryption faster than generic composition. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 284–298. Springer, Heidelberg (2005)Google Scholar
  18. 18.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    McGrew, D., Viega, J.: The Galois/Counter mode of operation (GCM) (submission to NIST) (2004), http://csrc.nist.gov/CryptoToolkit/modes/
  20. 20.
    McGrew, D., Viega, J.: The security and performance of Galois/Counter mode of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)Google Scholar
  21. 21.
    Petrank, E., Rackoff, C.: CBC MAC for real-time data sources. Journal of Cryptology 13(3), 315–338 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348–358. Springer, Heidelberg (2004)Google Scholar
  23. 23.
    Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the ACM Conference on Computer and Communications Security, ACM CCS 2002, pp. 98–107. ACM, New York (2002)CrossRefGoogle Scholar
  24. 24.
    Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. ACM Trans. on Information System Security (TISSEC) 6(3), 365–403 (2003); Earlier version in Proceedings of the eighth ACM Conference on Computer and Communications Security, ACM CCS 2001, pp. 196–205, ACM, New York (2001)Google Scholar
  25. 25.
    Rogaway, P., Shrimpton, T.: Deterministic authenticated-encryption: A provable-security treatment of the keywrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Wegman, M.N., Carter, J.L.: New hash functions and their use in authentication and set equality. JCSS 22, 256–279 (1981)MathSciNetGoogle Scholar
  27. 27.
    Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM) (submission to NIST) (2002), http://csrc.nist.gov/CryptoToolkit/modes/

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Tetsu Iwata
    • 1
  1. 1.Dept. of Computational Science and EngineeringNagoya University, Furo-choChikusa-kuJapan

Personalised recommendations