An authenticated-encryption scheme is frequently used to provide a communication both with confidentiality and integrity. For stream ciphers, i.e., an encryption scheme using a cryptographic pseudorandom-number generator, this objective can be achieved by the simple combination of encryption and MAC generation. This naive approach, however, introduces the following drawbacks; the implementation...

Block-cipher-based authenticated encryption has obtained considerable attention from the ongoing CAESAR competition. While the focus of CAESAR resides primarily on nonce-based authenticated encryption, Deterministic Authenticated Encryption (DAE) is used in domains such as key wrap, where the available message entropy motivates to omit the overhead for nonces. Since the highest possible securit...

In cryptology, secure channels enable the exchange of messages in a confidential and authenticated manner. The literature of cryptology is rich with proposals and analysis that address the secure communication over public (insecure) channels. In this work, we propose an information theoretically secure direction for the construction of secure channels. First, we propose a method of achieving un...

This work presents an adaptation of the classical diagonal fault attack on APE which is a member of the PRIMATEs family of authenticated encryption (AE) schemes. APE is the rst nonce misuseresistant permutation based AE scheme and is one of the submissions to the CAESAR competition. In this work we showcase how nonce reuse can be misused in the context of di erential fault analysis of on-line a...

We present a new mode of operation for obtaining authenticated encryption suited for use in banking and government environments where cryptographic services are only available via a Hardware Security Module (HSM) which protects the keys but offers a limited API. The practical problem is that despite the existence of better modes of operation, modern HSMs still provide nothing but a basic (unaut...

Sensor networks offer economically viable monitoring solutions for a wide variety of applications. In order to combat the security threats that sensor networks are exposed to, a cryptography protocol is implemented at sensor nodes for point-to-point encryption between nodes. Disclosure, disruption and deception threats can be defeated by authenticating data sources as well as encrypting data in...

We examine a natural, but non-tight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multi-user setting. If security parameters for the MAC scheme are selected without accounting for the non-tightness in the reduction, then the MAC scheme is shown to provide a level of security that is less than desirable in the multi-user setting. We find similar ...

This paper presents the design and analysis of an areaefficient programmable processing element (PPE) for implementing diverse cryptographic systems and diverse bitwidths (currently 16, 32, and 64). To evaluate the effectiveness of our design, we implement π-Cipher and BMW on the PPE. π-Cipher is a new algorithm for authenticated encryption that offers advantages over AES-GCM and is a candidate...

The Advanced Encryption Standard (AES) running in the Galois/Counter Mode of Operation represents a de facto standard in the field of hardware-accelerated, block-cipher-based high-speed authenticated encryption (AE) systems. We propose hardware architectures supporting the Ethernet standard IEEE 802.3ba utilizing different cryptographic primitives suitable for AE applications. Our main design g...

This paper proposes a new scheme for authenticated encryption (AE) which is typically realized as a blockcipher mode of operation. The proposed scheme has attractive features for fast and compact operation. When it is realized with a blockcipher, it requires one blockcipher call to process one input block (i.e. rate-1), and uses the encryption function of the blockcipher for both encryption and...