McOE: a family of almost foolproof on-line authenticated encryption schemes. (English) Zbl 1312.94113

Canteaut, Anne (ed.), Fast software encryption. 19th international workshop, FSE 2012, Washington, DC, USA, March 19–21, 2012. Revised selected papers. Berlin: Springer (ISBN 978-3-642-34046-8/pbk). Lecture Notes in Computer Science 7549, 196-215 (2012).
Summary: On-Line Authenticated Encryption (OAE) combines privacy with data integrity and is on-line computable. Most block cipher-based schemes for Authenticated Encryption can be run on-line and are provably secure against nonce-respecting adversaries. But they fail badly for more general adversaries. This is not a theoretical observation only - in practice, the reuse of nonces is a frequent issue.
In recent years, cryptographers developed misuse-resistant schemes for Authenticated Encryption. These guarantee excellent security even against general adversaries which are allowed to reuse nonces. Their disadvantage is that encryption can be performed in an off-line way, only.
This paper considers OAE schemes dealing both with nonce-respecting and with general adversaries. It introduces McOE, an efficient design for OAE schemes. For this we present in detail one of the family members, McOEx, which is a design solely based on a standard block cipher. As all the other member of the McOE family, it provably guarantees reasonable security against general adversaries as well as standard security against nonce-respecting adversaries.
For the entire collection see [Zbl 1251.68005].


94A62 Authentication, digital signatures and secret sharing


Skein Hash; McOE; AESNI
Full Text: DOI