Abstract
We define a new mode of operation for block ciphers which, in addition to providing confidentiality, also ensures message integrity. In contrast, previously for message integrity a separate pass was required to compute a cryptographic message authentication code (MAC). The new mode of operation, called Integrity Aware Parallelizable Mode (IAPM), requires a total of m+1 block cipher evaluations on a plain-text of length m blocks. For comparison, the well-known CBC (cipher block chaining) encryption mode requires m block cipher evaluations, and the second pass of computing the CBC-MAC essentially requires additional m+1 block cipher evaluations. As the name suggests, the new mode is also highly parallelizable.
Article PDF
Similar content being viewed by others
References
Advanced Encryption Standard, National Institute of Standards and Technology, U.S. Department of Commerce, FIPS 197 (2001)
ANSI X3.106, American national standard for information systems—data encryption algorithm—modes of operation. In American National Standards Institute (1983)
M. Bellare, C. Namprempre, Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In Proc. Asiacrypt. LNCS, vol. 1976 (2000)
M. Bellare, C. Namprempre, Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In Proc. Asiacrypt 2000, ed. by T. Okamoto (Springer, Berlin, 2000)
M. Bellare, A. Desai, E. Jokipii, P. Rogaway, A concrete security treatment of symmetric encryption: analysis of the DES modes of operation. In Proc. 38th IEEE FOCS (1997)
M. Bellare, J. Kilian, P. Rogaway, The security of cipher block chaining. JCSS 61(3), 362–399 (2000)
J. Black, S. Halevi, H. Krawczyk, T. Krovetz, P. Rogaway, UMAC: Fast and secure message authentication. In Proc. Advances in Cryptology-CRYPTO 99. LNCS, vol. 1666 (1999)
J. Carter, M. Wegman, Universal classes of hash functions. JCSS 18, 143–154 (1979)
V.D. Gligor, P. Donescu, Integrity aware PCBC encryption schemes. In Proc. 7th Intl. Work. on Security Protocols. LNCS, vol. 1796 (Cambridge, 1999), pp. 153–171
V.D. Gligor, P. Donescu, Fast encryption authentication: XCBC encryption and XECB authentication modes. http://csrc.nist.gov/encryption/modes/workshop1
O. Goldreich, H. Krawczyk, M. Luby, On the existence of pseudorandom generators. In Proc. FOCS (1988), pp. 12–14. Also in SIAM J. Comput. 22(6), 1163–1175
S. Halevi, An observation regarding Jutla’s modes of operation. http://eprint.iacr.org/2001/015/
J. Håstad, Message integrity of IAPM and IACBC. http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/iapm/integrityproofs.pdf
ISO/IEC 9797, Data cryptographic techniques—data integrity mechanism using a cryptographic check function employing a block cipher algorithm. In International Organization for Standardization, Geneva, Switzerland (1989)
C.S. Jutla, Encryption modes with almost free message integrity. http://csrc.nist.gov/groups/ST/toolkit/BCM/workshops.html
C.S. Jutla, Encryption modes with almost free message integrity. In Proc. Eurocrypt 2001. LNCS, vol. 2045 (2001)
C.S. Jutla, Tight lower bound on linear authenticated encryption. In Proc. Selected Areas in Cryptography 2003. LNCS, vol. 3006 (2003)
J. Katz, M. Yung, Unforgeable encryption and adaptively secure modes of operation. In Proc. Fast Software Encryption. LNCS, vol. 1978 (2000)
H. Krawczyk, LFSR-based hashing and authentication. In Proc. Crypto 94. LNCS, vol. 839 (1994)
H.W. Kuhn, Extensive games and the problem of information. In Contributions to the Theory of Games II, ed. by H.W. Kuhn, A.W. Tucker. Annals of Mathematical Studies, vol. 28 (Princeton Univ. Press, Princeton, 1950)
M. Luby, A simple parallel algorithm for the maximal independent set problem. SIAM J. Comput. 15(4), 1036–55 (1986)
M. Luby, Pseudorandomness and cryptographic applications. In Princeton Computer Science Notes (Princeton Univ. Press, Princeton, 1996)
C.H. Meyer, S.M. Matyas, Cryptography: A New Dimension in Computer Data Security (Wiley, New York, 1982)
M. Naor, O. Reingold, On the construction of pseudo-random permutations: Luby–Rackoff revisited. In Proc. 29th ACM STOC (1997), pp. 189–199
M. Naor, M. Yung, Universal Hash functions and their cryptographic applications. In Proc. STOC, (1989), pp. 33–43
National Bureau of Standards, Data encryption standard, U.S. Department of Commerce, FIPS 46 (1977)
National Bureau of Standards, DES modes of operation, U.S. Department of Commerce, FIPS 81 (1980)
RFC 1510, The Kerberos network authentication service (V5), J. Kohl and B.C. Neuman (Sept. 1993)
RFC 2401, Security architecture for the Internet protocol. http://www.ietf.org/rfc/rfc2401.txt
RFC 2246, The TLS protocol. http://www.ietf.org/rfc/rfc2246.txt
P. Rogaway, M. Bellare, J. Black, T. Krovetz, OCB: A block-cipher mode of operation for efficient authenticated encryption. In Proc. 8th ACM Conf. Comp. and Comm. Security (CCS), ACM (2001)
S.G. Stubblebine, V.D. Gligor, On message integrity in cryptographic protocols. In Proc. 1992 IEEE Comp. Soc. Symp. on Research in Security and Privacy (1992)
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Moti Yung
Rights and permissions
About this article
Cite this article
Jutla, C.S. Encryption Modes with Almost Free Message Integrity. J Cryptol 21, 547–578 (2008). https://doi.org/10.1007/s00145-008-9024-z
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-008-9024-z