CLOC: Authenticated Encryption for Short Input

  • Tetsu Iwata
  • Kazuhiko Minematsu
  • Jian Guo
  • Sumio Morioka
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8540)

Abstract

We define and analyze the security of a blockcipher mode of operation, \(\mathrm {CLOC}\), for provably secure authenticated encryption with associated data. The design of \(\mathrm {CLOC}\) aims at optimizing previous schemes, CCM, EAX, and EAX-prime, in terms of the implementation overhead beyond the blockcipher, the precomputation complexity, and the memory requirement. With these features, \(\mathrm {CLOC}\) is suitable for handling short input data, say 16 bytes, without needing precomputation nor large memory. This property is especially beneficial to small microprocessors, where the word size is typically 8 bits or 16 bits, and there are significant restrictions in the size and the number of registers. \(\mathrm {CLOC}\) uses a variant of CFB mode in its encryption part and a variant of CBC MAC in the authentication part. We introduce various design techniques in order to achieve the above mentioned design goals. We prove \(\mathrm {CLOC}\) secure, in a reduction-based provable security paradigm, under the assumption that the blockcipher is a pseudorandom permutation. We also present our preliminary implementation results.

Keywords

\(\mathrm {CLOC}\) Blockcipher Authenticated encryption with associated data Security analysis Efficiency analysis 

References

  1. 1.
    Altera Corporation. http://www.altera.com/
  2. 2.
    ATMEL Corporation. http://www.atmel.com/
  3. 3.
  4. 4.
  5. 5.
    Electronic Product Code (EPC) Tag Data Standard (TDS). http://www.epcglobalinc.org/standards/tds/
  6. 6.
    Intel Corporation. http://www.intel.com/
  7. 7.
  8. 8.
    ZigBee Alliance. http://www.zigbee.org/
  9. 9.
    Information Technology – Security Techniques – Authenticated Encryption, ISO/IEC 19772:2009. International Standard ISO/IEC 19772 (2009)Google Scholar
  10. 10.
    Bauer, G.R., Potisk, P., Tillich, S.: Comparing Block Cipher Modes of Operation on MICAz Sensor Nodes. In: Baz, D.E., Spies, F., Gross, T. (eds.) PDP, pp. 371–378. IEEE Computer Society (2009)Google Scholar
  11. 11.
    Bellare, M., Kilian, J., Rogaway, P.: The Security of the Cipher Block Chaining Message Authentication Code. J. Comput. Syst. Sci. 61(3), 362–399 (2000)CrossRefMATHMathSciNetGoogle Scholar
  12. 12.
    Bellare, M., Rogaway, P.: The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  13. 13.
    Bellare, M., Rogaway, P., Wagner, D.: The EAX Mode of Operation. In: Roy and Meier [36], pp. 389–407Google Scholar
  14. 14.
    Bilgin, B., Bogdanov, A., Knežević, M., Mendel, F., Wang, Q.: Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 142–158. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  15. 15.
    Bogdanov, A., Mendel, F., Regazzoni, F., Rijmen, V., Tischhauser, E.: ALE: AES-Based Lightweight Authenticated Encryption. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 447–466. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  16. 16.
    Dworkin, M.: Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, NIST Special Publication 800-38C (2004)Google Scholar
  17. 17.
    Dworkin, M.: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, NIST Special Publication 800-38D (2007)Google Scholar
  18. 18.
    Fleischmann, E., Forler, C., Lucks, S.: McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196–215. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  19. 19.
    Fouque, P.-A., Martinet, G., Valette, F., Zimmer, S.: On the Security of the CCM Encryption Mode and of a Slight Variant. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 411–428. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  20. 20.
    Housley, R.: Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP). IETF RFC 4309 (2005)Google Scholar
  21. 21.
    Housley, R.: Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS). IETF RFC 5084 (2007)Google Scholar
  22. 22.
    Iwata, T., Minematsu, K.: Generating a Fixed Number of Masks with Word Permutations and XORs. DIAC: Directions in Authenticated Ciphers (2013). http://2013.diac.cr.yp.to/
  23. 23.
    Iwata, T., Minematsu, K., Guo, J., Morioka, S.: CLOC: Authenticated Encryption for Short Input. Cryptology ePrint Archive, Report 2014/157 (2014). Full version of this paper http://eprint.iacr.org/
  24. 24.
    Iwata, T., Ohashi, K., Minematsu, K.: Breaking and Repairing GCM Security Proofs. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 31–49. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  25. 25.
    Jonsson, J.: On the Security of CTR + CBC-MAC. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 76–93. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  26. 26.
    Krovetz, T., Rogaway, P.: The Software Performance of Authenticated-Encryption Modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  27. 27.
    Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM J. Comput. 17(2), 373–386 (1988)CrossRefMATHMathSciNetGoogle Scholar
  28. 28.
    Lucks, S.: Two-Pass Authenticated Encryption Faster than Generic Composition. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 284–298. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  29. 29.
    Minematsu, K., Lucks, S., Iwata, T.: Improved Authenticity Bound of EAX, and Refinements. In: Susilo, W., Reyhanitabar, R. (eds.) ProvSec 2013. LNCS, vol. 8209, pp. 184–201. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  30. 30.
    Minematsu, K., Lucks, S., Morita, H., Iwata, T.: Attacks and Security Proofs of EAX-Prime. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 327–347. Springer, Heidelberg (2014). http://eprint.iacr.org/2012/018 CrossRefGoogle Scholar
  31. 31.
    Moise, A., Beroset, E., Phinney, T., Burns, M.: EAX’ Cipher Mode, NIST Submission (May 2011). http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax-prime/eax-prime-spec.pdf
  32. 32.
    Nandi, M.: Fast and Secure CBC-Type MAC Algorithms. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 375–393. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  33. 33.
    Rogaway, P.: Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  34. 34.
    Rogaway, P.: Nonce-Based Symmetric Encryption. In: Roy and Meier [36], pp. 348–359Google Scholar
  35. 35.
  36. 36.
    Roy, B.K., Meier, W. (eds.): FSE 2004. LNCS, vol. 3017. Springer, Heidelberg (2004) MATHGoogle Scholar
  37. 37.
    Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A Compact Rijndael Hardware Architecture with S-Box Optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 239–254. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  38. 38.
    Simplício Jr., M.A., de Oliveira, B.T., Barreto, P.S.L.M., Margi, C.B., Carvalho, T.C.M.B., Näslund, M.: Comparison of Authenticated-Encryption Schemes in Wireless Sensor Networks. In: Chou, C.T., Pfeifer, T., Jayasumana, A.P. (eds.) LCN, pp. 450–457. IEEE (2011)Google Scholar
  39. 39.
    Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC. Submission to NIST (2002). http://csrc.nist.gov/groups/ST/toolkit/BCM/modes_development.html
  40. 40.
    Zhang, L., Wu, W., Zhang, L., Wang, P.: CBCR: CBC MAC with Rotating Transformations. Sci. CHINA Inf. Sci. 54(11), 2247–2255 (2011)CrossRefMATHMathSciNetGoogle Scholar
  41. 41.
    Zharkov, E.: EZSTACK: A tool to measure the RAM usage of AVR implementations http://home.comcast.net/~ezstack/ezstack.c

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  • Tetsu Iwata
    • 1
  • Kazuhiko Minematsu
    • 2
  • Jian Guo
    • 3
  • Sumio Morioka
    • 4
  1. 1.Nagoya UniversityNagoyaJapan
  2. 2.NEC CorporationTokyoJapan
  3. 3.Nanyang Technological UniversitySingaporeSingapore
  4. 4.NEC Europe Ltd.LondonUK

Personalised recommendations