×

zbMATH — the first resource for mathematics

On modes of operations of a block cipher for authentication and authenticated encryption. (English) Zbl 1372.94415
Summary: This work deals with the various requirements of encryption and authentication in cryptographic applications. The approach is to construct suitable modes of operations of a block cipher to achieve the relevant goals. A variety of schemes suitable for specific applications are presented. While none of the schemes are built completely from scratch, there is a common unifying framework which connects them. All the schemes described have been implemented and the implementation details are publicly available. Performance figures are presented when the block cipher is the AES and the Intel AES-NI instructions are used. These figures suggest that the constructions presented here compare well with previous works such as the famous OCB mode of operation. In terms of features, the constructions provide several new offerings which are not present in earlier works. This work significantly widens the range of choices of an actual designer of cryptographic system.

MSC:
94A60 Cryptography
94A62 Authentication, digital signatures and secret sharing
PDF BibTeX XML Cite
Full Text: DOI
References:
[1] Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Parallelizable and authenticated online ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT (1), volume 8269 of Lecture Notes in Computer Science, pp. 424-443. Springer (2013) · Zbl 1327.94026
[2] Andreeva, E., Luykx, A., Mennink, A., Yasuda, K.: COBRA: A Parallelizable Authenticated Online Cipher Without Block Cipher Inverse. In: Cid, C., Rechberger, C. (eds.) FSE 2014, volume 8540 of Lecture notes in Computer Science, pp. 187-204. Springer (2015) · Zbl 1382.94046
[3] Aoki, K., Iwata, T., Yasuda, K.: How fast can a two-pass mode go? a parallel deterministic authenticated encryption mode for AES-NI. Directions in Authenticated Ciphers, workshop records (2012)
[4] Bellare, M., Boldyreva, A., Knudsen, L.R., Chanathip, N.: Online ciphers and the Hash-CBC construction. In: Kilian, J. (ed.) CRYPTO, volume 2139 of Lecture Notes in Computer Science, pp. 292-309. Springer (2001) · Zbl 1002.94520
[5] Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: Desmedt, Y. (ed.) CRYPTO, volume 839 of Lecture Notes in Computer Science, pp. 341-358. Springer (1994) · Zbl 0939.94554
[6] Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT, volume 1976 of Lecture Notes in Computer Science, pp. 531-545. Springer (2000) · Zbl 0973.68059
[7] Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Bimal, K.R., Willi, M. (eds.) FSE, volume 3017 of Lecture Notes in Computer Science, pp. 389-407. Springer (2004) · Zbl 1079.68537
[8] Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Henri, G., Handschuh, H. (eds.) FSE, volume 3557 of Lecture Notes in Computer Science, pp. 32-49. Springer (2005) · Zbl 1140.68382
[9] Bernstein, D.J.: Stronger security bounds for Wegman-Carter-Shoup authenticators. In: Cramer, R. (ed.) EUROCRYPT, volume 3494 of Lecture Notes in Computer Science, pp. 164-180. Springer (2005) · Zbl 1137.94364
[10] Black, J., Rogaway, P.: CBC MACs for arbitrary-length messages: The three-key constructions. In: Bellare, M. (ed.) CRYPTO, volume 1880 of Lecture Notes in Computer Science, pp. 197-215. Springer (2000) · Zbl 0995.94545
[11] Black, J., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT, volume 2332 of Lecture Notes in Computer Science, pp. 384-397. Springer (2002) · Zbl 1056.94520
[12] Bogdanov, A., Lauridsen, M.M., Tischhauser, E.: AES-based authenticated encryption modes in parallel high-performance software. Cryptology ePrint Archive (2014). Report 2014/186. http://eprint.iacr.org/
[13] CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness., http://competitions.cr.yp.to/caesar.html
[14] Chakraborty, D., Nandi, M.: Attacks on the authenticated encryption mode of operation PAE. IEEE Trans. Inf. Theory (to appear). doi:10.1109/TIT.2015.2461532 · Zbl 1359.94639
[15] Chakraborty, D; Sarkar, P, A general construction of tweakable block ciphers and different modes of operations, IEEE Trans. Inf. Theory, 54, 1991-2006, (2008) · Zbl 1328.94062
[16] Chakraborty, D., Sarkar, P.: ‘C’ Code for Reference and Fast Implementations of Various Block Cipher Based Modes of Operations. https://docs.google.com/file/d/0B7cNoZ_Dy-EhbUEtOE1xLWQzNDQ/ (2015)
[17] Chatterjee, S., Menezes, A., Sarkar, P.: Another look at tightness. In: Miri, A., Vaudenay, S. (eds.) Selected Areas in Cryptography - 18th International Workshop, SAC 2011, Toronto, ON, Canada, August 11-12, 2011, Revised Selected Papers, volume 7118 of Lecture Notes in Computer Science, pp. 293-319. Springer (2011) · Zbl 1279.94134
[18] Atmel Corporation: Atmel AVR 8-bit and 32-bit microcontrollers., http://www.atmel.in/products/microcontrollers/Avr/. Accessed 30 July 2014 (2014)
[19] Daemen, J., Rijmen, V.: The design of Rijndael: AES - The Advanced Encryption Standard (Information Security and Cryptography). Springer, Heidelberg (2002) · Zbl 1065.94005
[20] Nilanjan, D., Mridul, N.: ELmD. submission to CAESAR, http://competitions.cr.yp.to/caesar-submissions.html (2014)
[21] Dunkelman, O. (ed.): Fast Software Encryption, 16th International Workshop, FSE 2009, Leuven, Belgium, February 22-25, 2009, Revised Selected Papers, volume 5665 of Lecture Notes in Computer Science. Springer (2009) · Zbl 1168.68003
[22] Dworkin, M.: Recommendation for block cipher modes of operations: the CMAC mode for authentication, May 2005. National Institute of Standards and Technology, U.S. Department of Commerce. NIST Special Publication 800-38B
[23] Dworkin, M.: Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC, November 2011. NIST Special Publication 800-38D., csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
[24] Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Nyberg, K., Heys, H. M. (eds.) Selected Areas in Cryptography, volume 2595 of Lecture Notes in Computer Science, pp. 47-61. Springer (2002) · Zbl 1027.68596
[25] Fleischmann, E., Forler, C., Lucks, S.: McOE: A family of almost foolproof on-line authenticated encryption schemes. In: Canteaut, A. (ed.) FSE, volume 7549 of Lecture Notes in Computer Science, pp. 196-215. Springer (2012) · Zbl 1312.94113
[26] Gilbert, EN; Jessie MacWilliams, F; Sloane, NJA, Codes which detect deception, Bell Syst. Tech. J., 53, 405-424, (1974) · Zbl 0275.94006
[27] Virgil, D.G., Pompiliu, D.: Fast encryption and authentication: XCBC encryption and XECB authentication modes. In: Mitsuru, M. (ed.) FSE, volume 2355 of Lecture Notes in Computer Science, pp. 92-108. Springer (2001) · Zbl 1073.68629
[28] Gueron, S.: Intel’s new AES instructions for enhanced performance and security. In: Dunkelman [21], pp.. 51-66 · Zbl 1291.94091
[29] Halevi, S., Rogaway, P.: A parallelizable enciphering mode. In: Tatsuaki, O. (ed.) CT-RSA, volume 2964 of Lecture Notes in Computer Science, pp. 292-304. Springer (2004) · Zbl 1196.94055
[30] Texas Instruments: MSP 16-bit and 32-bit Microcontrollers., http://www.ti.com/lsds/ti/microcontroller_16-bit_32-bit/msp/overview.page, 2014. Accessed on 30th July (2014)
[31] Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE, volume 2887 of Lecture Notes in Computer Science, pp. 129-153. Springer (2003) · Zbl 1254.94033
[32] Iwata, T., Kurosawa, K.: Stronger security bounds for OMAC, TMAC, and XCBC. In: Johansson, T., Subhamoy, M. (eds.) INDOCRYPT, volume 2904 of Lecture Notes in Computer Science, pp. 402-415. Springer (2003)
[33] Iwata, T., Minematsu, K., Guo, J., Morioka, S.: CLOC: Authenticated Encryption for Short Input. In: Cid, C., Rechberger, C. (eds.) FSE 2014, volume 8540 of Lecture notes in Computer Science, pp. 149-167. Springer (2015) · Zbl 1382.94121
[34] Iwata, T., Minematsu, K., Guo, J., Morioka, S., Kobayashi, E.: SILC:Simple Lightweight CFB. submission to CAESAR, http://competitions.cr.yp.to/caesar-submissions.html (2014)
[35] Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO, volume 7417 of Lecture Notes in Computer Science, pp. 31-49. Springer (2012) · Zbl 1294.94053
[36] Iwata, T., Yasuda, K.: Btm: A single-key, inverse-cipher-free mode for deterministic authenticated encryption. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) Selected Areas in Cryptography, volume 5867 of Lecture Notes in Computer Science, pp. 313-330. Springer (2009) · Zbl 1267.94067
[37] Iwata, T., Yasuda, K.: Hbs: A single-key mode of operation for deterministic authenticated encryption. In: Dunkelman [21], 394-415 · Zbl 1248.94074
[38] Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT, volume 2045 of Lecture Notes in Computer Science, pp. 529-544. Springer (2001) · Zbl 0981.94036
[39] Katz, J., Yung, M.: Complete characterization of security notions for probabilistic private-key encryption. In: STOC, 245-254 (2000) · Zbl 1296.94122
[40] Krovetz, T.: HS1-SIV. submission to CAESAR, http://competitions.cr.yp.to/caesar-submissions.html (2014)
[41] Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE, volume 6733 of Lecture Notes in Computer Science, pp. 306-327. Springer (2011) · Zbl 1307.94119
[42] Kurosawa, K., Iwata, T.: TMAC: Two-key CBC MAC. In: Joye, M. (ed.) CT-RSA, volume 2612 of Lecture Notes in Computer Science, pp. 33-49. Springer (2003) · Zbl 1039.94527
[43] Lidl, R., Niederreiter, H.: Introduction to finite fields and their applications, revised edition. Cambridge University Press (1994) · Zbl 0820.11072
[44] McGrew, D., Fluhrer, S., Lucks, S., Forler, C., Wenzel, J., Abed, F., List, E.: Pipelineable on-line encryption. In: FSE. to appear (2014) · Zbl 1382.94036
[45] McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT, volume 3348 of Lecture Notes in Computer Science, pp. 343-355. Springer (2004) · Zbl 1113.94315
[46] Menezes, A., Oorschot, P.V., Vanstone, S.: Handbook of applied cryptography. CRC Press (1996) · Zbl 0868.94001
[47] Minematsu, K.: Parallelizable rate-1 authenticated encryption from pseudorandom functions. In: Nguyen, P.Q., Oswald, E. (eds.) Advances in Cryptology - EUROCRYPT 2014 - 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11-15, 2014. Proceedings, volume 8441 of Lecture Notes in Computer Science, 275-292. Springer (2014) · Zbl 1332.94091
[48] Minematsu, K., Lucks, S., Iwata, T.: Improved Authenticity Bound of EAX, and Refinements. In: Susilo, W., Reyhanitabar, R. (eds.) ProvSec, volume 8209 of Lecture Notes in Computer Science, pp. 184-201. Springer (2013) · Zbl 1319.94093
[49] Minematsu, K., Morita, H., Iwata, T.: Cryptanalysis of EAXprime. IACR Cryptology ePrint Archive, Report 2012/18 (2012)
[50] Nandi, M.: Forging attacks on two authenticated encryption schemes COBRA and POET. In: Sarkar, P., Iwata, T. (eds.) Advances in Cryptology - ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014. Proceedings, Part I, volume 8873 of Lecture Notes in Computer Science, pp. 126-140. Springer (2014) · Zbl 1306.94078
[51] Rogaway, P.: Authenticated-encryption with associated-data. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security, pp. 98-107. ACM (2002)
[52] Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT, volume 3329 of Lecture Notes in Computer Science, pp. 16-31. Springer (2004) · Zbl 1094.94035
[53] Rogaway, P; Bellare, M; Black, J, OCB: A block-cipher mode of operation for efficient authenticated encryption, ACM Trans. Inf. Syst. Secur., 6, 365-403, (2003)
[54] Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT, volume 4004 of Lecture Notes in Computer Science, pp. 373-390. Springer (2006) · Zbl 1140.94369
[55] Sarkar, P, Pseudo-random functions and parallelizable modes of operations of a block cipher, IEEE Trans. Inf. Theory, 56, 4025-4037, (2010) · Zbl 1366.94565
[56] Sarkar, P, A simple and generic construction of authenticated encryption with associated data, ACM Trans. Inf. Syst. Secur., 13, 33, (2010)
[57] Sarkar, P, Modes of operations for encryption and authentication using stream ciphers supporting an initialisation vector, Cryptography and Communications - Discrete Structures, Boolean Functions and Sequences, 6, 189-231, (2014) · Zbl 1291.94148
[58] Shoup, V.: On fast and provably secure message authentication based on universal hashing. In: Koblitz, N. (ed.) CRYPTO, volume 1109 of Lecture Notes in Computer Science, pp. 313-328. Springer (1996) · Zbl 1329.94087
[59] Advanced Encryption Standard: Federal Information Processing Standard Publication 197, 2002. Available at, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[60] American National Standard Protocol Specification For Interfacing to Data Communication Networks. ANSI C12.22-2008 (2008)
[61] Wang, P., Feng, D., Wu, W.: HCTR: A variable-input-length enciphering mode. In: Feng, D., Lin, D., Yung, M. (eds.) CISC, volume 3822 of Lecture Notes in Computer Science, pp. 175-188. Springer (2005) · Zbl 1151.94581
[62] Wegman, MN; Carter, L, New hash functions and their use in authentication and set equality, J. Comput. Syst. Sci., 22, 265-279, (1981) · Zbl 0461.68074
[63] Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). available as, http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf (2003)
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.