CLOC: Authenticated Encryption for Short Input

  • Tetsu Iwata
  • Kazuhiko Minematsu
  • Jian Guo
  • Sumio Morioka
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8540)


We define and analyze the security of a blockcipher mode of operation, \(\mathrm {CLOC}\), for provably secure authenticated encryption with associated data. The design of \(\mathrm {CLOC}\) aims at optimizing previous schemes, CCM, EAX, and EAX-prime, in terms of the implementation overhead beyond the blockcipher, the precomputation complexity, and the memory requirement. With these features, \(\mathrm {CLOC}\) is suitable for handling short input data, say 16 bytes, without needing precomputation nor large memory. This property is especially beneficial to small microprocessors, where the word size is typically 8 bits or 16 bits, and there are significant restrictions in the size and the number of registers. \(\mathrm {CLOC}\) uses a variant of CFB mode in its encryption part and a variant of CBC MAC in the authentication part. We introduce various design techniques in order to achieve the above mentioned design goals. We prove \(\mathrm {CLOC}\) secure, in a reduction-based provable security paradigm, under the assumption that the blockcipher is a pseudorandom permutation. We also present our preliminary implementation results.


\(\mathrm {CLOC}\) Blockcipher Authenticated encryption with associated data Security analysis Efficiency analysis 



The authors would like to thank the anonymous FSE 2014 reviewers for helpful comments. The work by Tetsu Iwata was carried out in part while visiting Nanyang Technological University, Singapore. The work by Jian Guo was supported by the Singapore National Research Foundation Fellowship 2012 (NRF-NRFF2012-06).


  1. 1.
    Altera Corporation.
  2. 2.
    ATMEL Corporation.
  3. 3.
  4. 4.
  5. 5.
    Electronic Product Code (EPC) Tag Data Standard (TDS).
  6. 6.
    Intel Corporation.
  7. 7.
  8. 8.
    ZigBee Alliance.
  9. 9.
    Information Technology – Security Techniques – Authenticated Encryption, ISO/IEC 19772:2009. International Standard ISO/IEC 19772 (2009)Google Scholar
  10. 10.
    Bauer, G.R., Potisk, P., Tillich, S.: Comparing Block Cipher Modes of Operation on MICAz Sensor Nodes. In: Baz, D.E., Spies, F., Gross, T. (eds.) PDP, pp. 371–378. IEEE Computer Society (2009)Google Scholar
  11. 11.
    Bellare, M., Kilian, J., Rogaway, P.: The Security of the Cipher Block Chaining Message Authentication Code. J. Comput. Syst. Sci. 61(3), 362–399 (2000)CrossRefzbMATHMathSciNetGoogle Scholar
  12. 12.
    Bellare, M., Rogaway, P.: The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  13. 13.
    Bellare, M., Rogaway, P., Wagner, D.: The EAX Mode of Operation. In: Roy and Meier [36], pp. 389–407Google Scholar
  14. 14.
    Bilgin, B., Bogdanov, A., Knežević, M., Mendel, F., Wang, Q.: Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 142–158. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  15. 15.
    Bogdanov, A., Mendel, F., Regazzoni, F., Rijmen, V., Tischhauser, E.: ALE: AES-Based Lightweight Authenticated Encryption. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 447–466. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  16. 16.
    Dworkin, M.: Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, NIST Special Publication 800-38C (2004)Google Scholar
  17. 17.
    Dworkin, M.: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, NIST Special Publication 800-38D (2007)Google Scholar
  18. 18.
    Fleischmann, E., Forler, C., Lucks, S.: McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196–215. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  19. 19.
    Fouque, P.-A., Martinet, G., Valette, F., Zimmer, S.: On the Security of the CCM Encryption Mode and of a Slight Variant. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 411–428. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  20. 20.
    Housley, R.: Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP). IETF RFC 4309 (2005)Google Scholar
  21. 21.
    Housley, R.: Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS). IETF RFC 5084 (2007)Google Scholar
  22. 22.
    Iwata, T., Minematsu, K.: Generating a Fixed Number of Masks with Word Permutations and XORs. DIAC: Directions in Authenticated Ciphers (2013).
  23. 23.
    Iwata, T., Minematsu, K., Guo, J., Morioka, S.: CLOC: Authenticated Encryption for Short Input. Cryptology ePrint Archive, Report 2014/157 (2014). Full version of this paper
  24. 24.
    Iwata, T., Ohashi, K., Minematsu, K.: Breaking and Repairing GCM Security Proofs. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 31–49. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  25. 25.
    Jonsson, J.: On the Security of CTR + CBC-MAC. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 76–93. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  26. 26.
    Krovetz, T., Rogaway, P.: The Software Performance of Authenticated-Encryption Modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  27. 27.
    Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM J. Comput. 17(2), 373–386 (1988)CrossRefzbMATHMathSciNetGoogle Scholar
  28. 28.
    Lucks, S.: Two-Pass Authenticated Encryption Faster than Generic Composition. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 284–298. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  29. 29.
    Minematsu, K., Lucks, S., Iwata, T.: Improved Authenticity Bound of EAX, and Refinements. In: Susilo, W., Reyhanitabar, R. (eds.) ProvSec 2013. LNCS, vol. 8209, pp. 184–201. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  30. 30.
    Minematsu, K., Lucks, S., Morita, H., Iwata, T.: Attacks and Security Proofs of EAX-Prime. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 327–347. Springer, Heidelberg (2014). CrossRefGoogle Scholar
  31. 31.
    Moise, A., Beroset, E., Phinney, T., Burns, M.: EAX’ Cipher Mode, NIST Submission (May 2011).
  32. 32.
    Nandi, M.: Fast and Secure CBC-Type MAC Algorithms. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 375–393. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  33. 33.
    Rogaway, P.: Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  34. 34.
    Rogaway, P.: Nonce-Based Symmetric Encryption. In: Roy and Meier [36], pp. 348–359Google Scholar
  35. 35.
  36. 36.
    Roy, B.K., Meier, W. (eds.): FSE 2004. LNCS, vol. 3017. Springer, Heidelberg (2004) zbMATHGoogle Scholar
  37. 37.
    Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A Compact Rijndael Hardware Architecture with S-Box Optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 239–254. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  38. 38.
    Simplício Jr., M.A., de Oliveira, B.T., Barreto, P.S.L.M., Margi, C.B., Carvalho, T.C.M.B., Näslund, M.: Comparison of Authenticated-Encryption Schemes in Wireless Sensor Networks. In: Chou, C.T., Pfeifer, T., Jayasumana, A.P. (eds.) LCN, pp. 450–457. IEEE (2011)Google Scholar
  39. 39.
    Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC. Submission to NIST (2002).
  40. 40.
    Zhang, L., Wu, W., Zhang, L., Wang, P.: CBCR: CBC MAC with Rotating Transformations. Sci. CHINA Inf. Sci. 54(11), 2247–2255 (2011)CrossRefzbMATHMathSciNetGoogle Scholar
  41. 41.
    Zharkov, E.: EZSTACK: A tool to measure the RAM usage of AVR implementations

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  • Tetsu Iwata
    • 1
  • Kazuhiko Minematsu
    • 2
  • Jian Guo
    • 3
  • Sumio Morioka
    • 4
  1. 1.Nagoya UniversityNagoyaJapan
  2. 2.NEC CorporationTokyoJapan
  3. 3.Nanyang Technological UniversitySingaporeSingapore
  4. 4.NEC Europe Ltd.LondonUK

Personalised recommendations