ASC-1: An Authenticated Encryption Stream Cipher
The goal of the modes of operation for authenticated encryption is to achieve faster encryption and message authentication by performing both the encryption and the message authentication in a single pass as opposed to the traditional encrypt-then-mac approach, which requires two passes. Unfortunately, the use of a block cipher as a building block limits the performance of the authenticated encryption schemes to at most one message block per block cipher evaluation.
In this paper, we propose the authenticated encryption scheme ASC-1 (Authenticating Stream Cipher One). Similarly to LEX, ASC-1 uses leak extraction from different AES rounds to compute the key material that is XOR-ed with the message to compute the ciphertext. Unlike LEX, the ASC-1 operates in a CFB fashion to compute an authentication tag over the encrypted message. We argue that ASC-1 is secure by reducing its (IND-CCA , INT-CTXT) security to the problem of distinguishing the case when the round keys are uniformly random from the case when the round keys are generated by a key scheduling algorithm.
Keywordsauthenticated encryption stream ciphers message authentication universal hash functions block ciphers maximum differential probability
- 2.Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the Sponge: Authenticated Encryption and Other Applications. In: The Second SHA-3 Candidate Conference (2010)Google Scholar
- 5.Daemen, J., Rijmen, V.: The Pelican MAC Function, IACR ePrint Archive, 2005/088Google Scholar
- 8.Advanced Encryption Standard (AES), FIPS Publication 197 (November 26, 2001), http://csrc.nist.gov/encryption/aes
- 9.Gligor, V., Donescu, P.: Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes. Presented at the 2nd NIST Workshop on AES Modes of Operation, Santa Barbara, CA (August 24, 2001)Google Scholar
- 11.Hawkes, P., Rose, G.: Primitive Specification for SOBER-128, http://www.qualcomm.com.au/Sober128.html
- 18.Keliher, L., Sui, J.: Exact Maximum Expected Differential and Linear Probability for 2-Round Advanced Encryption Standard (AES). IACR ePrint Archive, 2005/321Google Scholar
- 23.Rogaway, P.: Bucket Hashing and Its Application to Fast Message Authentication. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 29–42. Springer, Heidelberg (1995)Google Scholar
- 24.Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: A block-cipher mode of operation for efficient authenticated encryption. In: Proc. 8th ACM Conf. Comp. and Comm. Security, CCS (2001)Google Scholar