Authenticated Encryption without Tag Expansion (or, How to Accelerate AERO)
نویسنده
چکیده
Standard form of authenticated encryption (AE) requires the ciphertext to be expanded by the nonce and the authentication tag. These expansions can be problematic when messages are relatively short and communication cost is high. This paper studies a form of AE scheme whose ciphertext is only expanded by nonce, with the help of stateful receiver which also enables detection of replays. While there is a scheme having this feature, called AERO, proposed by McGrew and Foley, there is no formal treatment based on the provable security framework. We propose a provable security framework for such AE schemes, which we call MiniAE, and show several secure schemes using standard symmetric crypto primitives. Most notably, one of our schemes has a similar structure as OCB mode of operation and uses only one blockcipher call to process one input block, thus the computation cost is comparable to the nonce-based encryption-only schemes.
منابع مشابه
Authenticated Encryption with Small Stretch (or, How to Accelerate AERO)
Standard form of authenticated encryption (AE) requires the ciphertext to be expanded by the nonce and the authentication tag. These expansions can be problematic when messages are relatively short and communication cost is high. To overcome the problem we propose a new form of AE scheme, MiniAE, which expands the ciphertext only by the single variable integrating nonce and tag. An important fe...
متن کاملRSPAE: RFID Search Protocol based on Authenticated Encryption
Search protocols are among the main applications of RFID systems. Since a search protocol should be able to locate a certain tag among many tags, not only it should be secure against RFID threats but also it should be affordable. In this article, an RFID-based search protocol will be presented. We use an encryption technique that is referred to as authenticated encryption in order to boost the ...
متن کاملAuthenticated Encryption with Variable Stretch
In conventional authenticated-encryption (AE) schemes, the ciphertext expansion, a.k.a. stretch or tag length, is a constant or a parameter of the scheme that must be fixed per key. However, using variablelength tags per key can be desirable in practice or may occur as a result of a misuse. The RAE definition by Hoang, Krovetz, and Rogaway (Eurocrypt 2015), aiming at the best-possible AE securi...
متن کاملRobust Authenticated Encryption and the Limits of Symmetric Cryptography
Robust authenticated encryption (RAE) is a primitive for symmetric encryption that allows to flexibly specify the ciphertext expansion, i.e., how much longer the ciphertext is compared to the plaintext. For every ciphertext expansion, RAE aims at providing the best-possible authenticity and confidentiality. To investigate whether this is actually achieved, we characterize exactly the guarantees...
متن کاملCMCC: Misuse Resistant Authenticated Encryption with Minimal Ciphertext Expansion
In some wireless environments, minimizing the size of messages is paramount due to the resulting significant energy savings. We present CMCC, an authenticated encryption scheme with associated data (AEAD) that is also nonce misuse resistant. The main focus for this work is minimizing ciphertext expansion, especially for short messages including plaintext lengths less than the underlying block c...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2015 شماره
صفحات -
تاریخ انتشار 2015