Authenticated Encryption: How Reordering Can Impact Performance

  • Basel Alomair
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7341)


In this work, we look at authenticated encryption schemes from a new perspective. As opposed to analyzing the security of different methods of constructing authenticated encryption schemes, we investigate the effect of the method used to construct an authenticated encryption scheme on the performance of the construction. We show that, by performing the authentication operation before the encryption operation, the security requirements on the authentication operation can be relaxed, leading to more efficient constructions, without affecting the security of the overall construction.


Universal hash-function families pseudorandom permutations authenticated encryption provable security 


  1. 1.
    Afanassiev, V., Gehrmann, C., Smeets, B.: Fast Message Authentication Using Efficient Polynomial Evaluation. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 190–204. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  2. 2.
    Alomair, B.: Towards Authenticated and Private Computer and Wireless Communications. PhD thesis, University of Washington (2011)Google Scholar
  3. 3.
    Alomair, B.: Authenticated Encryption: How Reordering Can Impact Performance. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 84–99. Springer, Heidelberg (2012), Google Scholar
  4. 4.
    Alomair, B., Clark, A., Poovendran, R.: The power of primes: security of authentication based on a universal hash-function family. Journal of Mathematical Cryptology 4(2), 121–147 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  5. 5.
    Alomair, B., Poovendran, R.: Efficient Authentication for Mobile and Pervasive Computing. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 186–202. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Alomair, B., Poovendran, R.: \(\mathcal{E}\)-MACs: Towards More Secure and More Efficient Constructions of Secure Channels. In: Rhee, K.-H., Nyang, D. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 292–310. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  8. 8.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of the 38th IEEE Symposium on Foundations of Computer Science – FOCS 1997, pp. 394–403. IEEE Computer Society Press (1997)Google Scholar
  9. 9.
    Bellare, M., Guérin, R., Rogaway, P.: XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 15–28. Springer, Heidelberg (1995)Google Scholar
  10. 10.
    Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. Journal of Cryptology 21(4), 469–491 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  11. 11.
    Bellare, M., Rogaway, P.: Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Bellare, M., Rogaway, P., Wagner, D.: The EAX Mode of Operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Bernstein, D.: Floating-point arithmetic and message authentication (2004) (unpublished manuscript),
  14. 14.
    Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: Fast and Secure Message Authentication. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 216–499. Springer, Heidelberg (1999)Google Scholar
  15. 15.
    Carter, J., Wegman, M.: Universal classes of hash functions. In: Proceedings of the 9th ACM Symposium on Theory of Computing – STOC 1977, pp. 106–112. ACM SIGACT (1977)Google Scholar
  16. 16.
    Dworkin, M.: Recommendation for block cipher modes of operation: The CMAC mode for authentication. National Institute of Standards and Technology (NIST) Special Publication 800-38B (2005)Google Scholar
  17. 17.
    Dworkin, M.: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. National Institute for Standards and Technology (NIST) Special Publication 800-38D (2007)Google Scholar
  18. 18.
    Etzel, M., Patel, S., Ramzan, Z.: SQUARE HASH: Fast Message Authentication via Optimized Universal Hash Functions. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 234–251. Springer, Heidelberg (1999)Google Scholar
  19. 19.
    Ferguson, N., Whiting, D., Schneier, B., Kelsey, J., Lucks, S., Kohno, T.: Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 330–346. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Gligor, V.D., Donescu, P.: Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 92–108. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    Halevi, S., Krawczyk, H.: MMH: Software Message Authentication in the Gbit/Second Rates. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 172–189. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  22. 22.
    Handschuh, H., Preneel, B.: Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 144–161. Springer, Heidelberg (2008)Google Scholar
  23. 23.
    Johansson, T.: Bucket Hashing with a Small Key Size. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 149–162. Springer, Heidelberg (1997)Google Scholar
  24. 24.
    Jutla, C.: Encryption modes with almost free message integrity. Journal of Cryptology 21(4), 547–578 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  25. 25.
    Katz, J., Lindell, Y.: Introduction to modern cryptography. Chapman & Hall/CRC (2008)Google Scholar
  26. 26.
    Katz, J., Yung, M.: Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    Kohno, T., Viega, J., Whiting, D.: CWC: A High-Performance Conventional Authenticated Encryption Mode. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 408–426. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  28. 28.
    Krawczyk, H.: LFSR-Based Hashing and Authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129–139. Springer, Heidelberg (1994)Google Scholar
  29. 29.
    Krawczyk, H.: The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. 30.
    Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM Journal on Computing 17(2), 373–386 (1988)MathSciNetzbMATHCrossRefGoogle Scholar
  31. 31.
    Muller, F.: Differential Attacks against the Helix Stream Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 94–108. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  32. 32.
    Nevelsteen, W., Preneel, B.: Software Performance of Universal Hash Functions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 24–41. Springer, Heidelberg (1999)Google Scholar
  33. 33.
    Paul, S., Preneel, B.: Near Optimal Algorithms for Solving Differential Equations of Addition with Batch Queries. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 90–103. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  34. 34.
    Paul, S., Preneel, B.: Solving Systems of Differential Equations of Addition. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 75–88. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  35. 35.
    Preneel, B., van Oorschot, P.C.: MDx-MAC and Building Fast MACs from Hash Functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1–14. Springer, Heidelberg (1995)Google Scholar
  36. 36.
    Rogaway, P.: Bucket hashing and its application to fast message authentication. Journal of Cryptology 12(2), 91–115 (1999)MathSciNetzbMATHCrossRefGoogle Scholar
  37. 37.
    Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: A block-cipher mode of operation for efficient authenticated encryption. In: Proceedings of the 8th ACM Conference on Computer and Communications Security – CCS 2001, pp. 196–205. ACM SIGSAC (2001)Google Scholar
  38. 38.
    Shoup, V.: On Fast and Provably Secure Message Authentication Based on Universal Hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 313–328. Springer, Heidelberg (1996)Google Scholar
  39. 39.
    van Tilborg, H.: Encyclopedia of cryptography and security. Springer (2005)Google Scholar
  40. 40.
    Whiting, D., Schneier, B., Lucks, S., Muller, F.: Phelix – fast encryption and authentication in a single cryptographic primitive. ECRYPT Stream Cipher Project, Report 2005/020 (2005),
  41. 41.
    Wu, H., Preneel, B.: Differential-Linear Attacks Against the Stream Cipher Phelix. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 87–100. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Basel Alomair
    • 1
  1. 1.Computer Research Institute (CRI)King Abdulaziz City for Science and Technology (KACST)Saudi Arabia

Personalised recommendations