Offset Merkle-Damgård (OMD) version 1.0 A CAESAR Proposal

Offset Merkle-Damgård (OMD) version 2.0 A CAESAR Proposal

Damaging, Simplifying, and Salvaging p-OMD

One of the submissions to the CAESAR competition for the design of a new authenticated encryption scheme is Offset Merkle-Damg̊ard (OMD). At FSE 2015, Reyhanitabar et al. introduced p-OMD, an improvement of OMD that processes the associated data almost for free. As an extra benefit, p-OMD was claimed to offer integrity against nonce-misusing adversaries, a property that OMD does not have. In thi...

Boosting OMD for Almost Free Authentication of Associated Data

We propose pure OMD (p-OMD) as a new variant of the Offset Merkle-Damgård (OMD) authenticated encryption scheme. Our new scheme inherits all desirable security features of OMD while having a more compact structure and providing higher efficiency. The original OMD scheme, as submitted to the CAESAR competition, couples a single pass of a variant of the Merkle-Damgård (MD) iteration with the coun...

Misuse-Resistant Variants of the OMD Authenticated Encryption Mode

We present two variants of OMD which are robust against noncemisuse. Security of OMD—a CAESAR candidate—relies on the assumption that implementations always ensure correct use of nonce (a.k.a. message number); namely that, the nonce never gets repeated. However, in some application environments, this non-repetitiveness requirement on nonce might be compromised or ignored, yielding to full colla...

Verifiable Security of Merkle-Damgård

Cryptographic hash functions provide a basic data authentication mechanism and are used pervasively as building blocks to realize many cryptographic functionalities, including block ciphers, message authentication codes, key exchange protocols, and encryption and digital signature schemes. Since weaknesses in hash functions may imply vulnerabilities in the constructions that build upon them, en...