zbMATH — the first resource for mathematics

BTM: a single-key, inverse-cipher-free mode for deterministic authenticated encryption. (English) Zbl 1267.94067
Jacobson, Michael J. jun. (ed.) et al., Selected areas in cryptography. 16th annual international workshop, SAC 2009, Calgary, Alberta, Canada, August 13–14, 2009. Revised selected papers. Berlin: Springer (ISBN 978-3-642-05443-3/pbk). Lecture Notes in Computer Science 5867, 313-330 (2009).
Summary: We present a new blockcipher mode of operation named BTM, which stands for bivariate tag mixing. BTM falls into the category of deterministic authenticated encryption, which we call DAE for short. BTM makes all-around improvements over the previous two DAE constructions, SIV (Eurocrypt 2006) and HBS (FSE 2009). Specifically, our BTM requires just one blockcipher key, whereas SIV requires two. Our BTM does not require the decryption algorithm of the underlying blockcipher, whereas HBS does. The BTM mode utilizes bivariate polynomial hashing for authentication, which enables us to handle vectorial inputs of dynamic dimensions. BTM then generates an initial value for its counter mode of encryption by mixing the resulting tag with one of the two variables (hash keys), which avoids the need for an implementation of the inverse cipher.
For the entire collection see [Zbl 1177.94012].

94A60 Cryptography
94A62 Authentication, digital signatures and secret sharing
Full Text: DOI