Improved Authenticity Bound of EAX, and Refinements
نویسندگان
چکیده
EAX is a mode of operation for blockciphers to implement an authenticated encryption. The original paper of EAX proved that EAX is unforgeable up to O(2) data with one verification query. However, this generally guarantees a rather weak bound for the unforgeability under multiple verification queries, i.e., only (2) data is acceptable. This paper provides an improvement over the previous security proof, by showing that EAX is unforgeable up to O(2) data with multiple verification queries. Our security proof is based on the techniques appeared in a paper of FSE 2013 by Minematsu et al. which studied the security of a variant of EAX called EAX-prime. We also provide some ideas to reduce the complexity of EAX while keeping our new security bound. In particular, EAX needs three blockcipher calls and keep them in memory as a pre-processing, and our proposals can effectively reduce three calls to one call. This would be useful when computational power and memory are constrained.
منابع مشابه
The EAX Mode of Operation (A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and Efficiency)
We propose a block-cipher mode of operation, EAX, for solving the problem of authenticated-encryptionwith associated-data (AEAD). Given a nonce N , a message M , and a header H , our mode protects theprivacy of M and the authenticity of both M and H . Strings N , M , and H are arbitrary bit strings, andthe mode uses 2 |M |/n + |H|/n + |N |/n block-cipher calls when these strings are...
متن کاملThe EAX Mode of Operation (A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and Ef£ciency)
We propose a block-cipher mode of operation, EAX, for solving the problem of authenticated-encryptionwith associated-data (AEAD). Given a nonce N , a message M , and a header H , our mode protects theprivacy of M and the authenticity of both M and H . Strings N , M , and H are arbitrary bit strings, andthe mode uses 2d|M |/ne + d|H|/ne + d|N |/ne block-cipher calls when these string...
متن کاملThe Efficiency of Encryption Algorithms in EAX Moder of Operation in IPSEC-based Virtual Private Networks for Streaming Rich Multimedia Data
The characteristics of encryption/decryption algorithms (ciphers) and modes of their operation (modes) have significant influence on security and performance of computer networks. The common modes of cipher operation such as ECB, CBC, OFB, CFB, CTR and XTS provide various levels of data confidentiality; however, those modes do not provide integrity and authenticity of encrypted data, and, there...
متن کاملA Conventional Authenticated-Encryption Mode
We propose a block-cipher mode of operation, EAX, for authenticated-encryption with associateddata (AEAD). Given a nonce N , a message M , and a header H, the mode protects the privacy of M and the authenticity of both M and H. Strings N, M, H E {0, 1} are arbitrary, and the mode uses 2→M/n∈ + →H/n∈ + →N/n∈ block-cipher calls when these strings are nonempty and n is the block length of the unde...
متن کاملThe EAX Mode of Operation
We propose a block-cipher mode of operation, EAX, for solving the problem of authenticated-encryption with associated-data (AEAD). Given a nonce N , a message M , and a header H , our mode protects the privacy of M and the authenticity of bothM andH . StringsN ,M , andH are arbitrary bit strings, and the mode uses 2djM j=ne + djHj=ne + djN j=ne block-cipher calls when these strings are nonempty...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013