New Blockcipher Modes of Operation with Beyond the Birthday Bound Security

  • Tetsu Iwata
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4047)


In this paper, we define and analyze a new blockcipher mode of operation for encryption, CENC, which stands for Cipher-based ENCryption. CENC has the following advantages: (1) beyond the birthday bound security, (2) security proofs with the standard PRP assumption, (3) highly efficient, (4) single blockcipher key, (5) fully parallelizable, (6) allows precomputation of keystream, and (7) allows random access. CENC is based on the new construction of “from PRPs to PRF conversion,” which is of independent interest. Based on CENC and a universal hash-based MAC (Wegman-Carter MAC), we also define a new authenticated-encryption with associated-data scheme, CHM, which stands for CENC with Hash-based MAC. The security of CHM is also beyond the birthday bound.


  1. 1.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of The 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, pp. 394–405. IEEE, Los Alamitos (1997)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Impagliazzo, R.: A tool for obtaining tighter security analyses of pseudorandom function based constructions, with application to PRP → PRF convention. Cryptology ePrint Archive, Report 999/024 (1999), Available at,
  3. 3.
    Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code JCSS, 61(3), 362–399 (2000). In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Bellare, M., Krovetz, T., Rogaway, P.: Luby-Rackoff backwards: Increasing security by making block ciphers non-invertible. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 266–280. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Claffy, K., Miller, G., Thompson, K.: The nature of the beast: Recent traffic measurements from an Internet backbone. In: Proceedings of INET (1998), Available at,
  9. 9.
    Delov, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Hall, C., Wagner, D., Kelsey, J., Schneier, B.: Building PRFs from PRPs. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 370–389. Springer, Heidelberg (1998)Google Scholar
  11. 11.
    Iwata, T.: New blockcipher modes of operation with beyond the birthday bound security. Full version of this paper. Available from the author (2006)Google Scholar
  12. 12.
    Jonsson, J.: On the Security of CTR+CBC-MAC. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 76–93. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Kohno, T., Viega, J., Whiting, D.: CWC: A high-performance conventional authenticated encryption mode. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 408–426. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Lucks, S.: The sum of PRPs is a secure PRF. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 470–484. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Lucks, S.: The two-pass authenticated encryption faster than generic composition. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 284–298. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    McGrew, D., Viega, J.: The Galois/Counter mode of operation (GCM). Submission to NIST (2004), Available at,
  20. 20.
    McGrew, D., Viega, J.: The security and performance of Galois/Counter mode of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348–359. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the ACM Conference on Computer and Communications Security, ACM CCS 2002, pp. 98–107. ACM, New York (2002)CrossRefGoogle Scholar
  23. 23.
    Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. ACM Trans. on Information System Security (TISSEC) 6(3), 365–403 (2003); In: Earlier version in Proceedings of the eighth ACM Conference on Computer and Communications Security, ACM CCS 2001, pp. 196–205. ACM, New York (2001)Google Scholar
  24. 24.
    Wegman, M.N., Carter, J.L.: New hash functions and their use in authentication and set equality. JCSS 22, 256–279 (1981)MathSciNetGoogle Scholar
  25. 25.
    Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). Submission to NIST (2002), Available at,

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Tetsu Iwata
    • 1
  1. 1.Dept. of Computer and Information SciencesIbaraki UniversityHitachiJapan

Personalised recommendations