In this paper we introduce the first authenticated encryption scheme based on a hash function, called COFFE. This research has been motivated by the challenge to fit secure cryptography into constrained devices – some of these devices have to use a hash function, anyway, and the challenge is to avoid the usage of an additional block cipher to provide authenticated encryption. COFFE satisfies th...

Cryptosystems employing a synchronous binary-additive stream cipher are susceptible to generic attack called ’bit-flipping’, in which the ciphertext is modified decrypt into fraudulent message. While authenticated encryption and message authentication codes can effectively negate this attack, modes also provide partial protection against bit-flipping. PudgyTurtle stream-cipher mode uses keystre...

Authenticated encryption has long been a vital operation in cryptography by its ability to provide confidentiality, integrity and authenticity at the same time. Its use has progressed in parallel with the worldwide use of Internet Protocol (IP), which has led to development of several new schemes as well as improved versions of existing ones. There have already been studies investigating softwa...

In recent years, several protocols for password-based authenticated key exchange have been proposed. These protocols aim to be secure even though the sample space of passwords may be small enough to be enumerated by an off-line adversary. In Eurocrypt 2000, Bellare, Pointcheval and Rogaway (BPR) presented a model and security definition for authenticated key exchange. They claimed that in the i...

CCM is a conventional authenticated-encryption scheme obtained from a 128-bit block cipher. The mechanism has been adopted as the mandatory encryption algorithm in an IEEE 802.11 draft stan­ dard [15], and its use has been proposed more broadly [16, 17]. In this note we point out a number of limitations of CCM. A related note provides an alternative to CCM [5].

This note specifies AEM, a mode of operation giving authenticated encryption. AEM is a refinement to Rogaway, Bellare, and Black’s OCB mode [10], while OCB was, in turn, a refinement to Jutla’s IAPM [5]. AEM is also a successor to the work of Gligor and Donescu’s [4] and to the broader line of research that has defined and investigated authenticated encryption [1, 2, 6–8]. The acronym AEM stand...

We describe a systematic framework for using a stream cipher supporting an initialisation vector (IV) to perform various tasks of authentication and authenticated encryption. These include message authentication code (MAC), authenticated encryption (AE), authenticated encryption with associated data (AEAD) and deterministic authenticated encryption (DAE) with associated data. Several schemes ar...

In this paper, we present RBS (Redundant Bit Security) algorithm which is a low-complexity symmetric encryption with a 132-bit secret key. In this algorithm redundant bits are distributed among plaintext data bits to change the location of the plaintext bits in the transmitted data without changing their order. The location of redundant bits inside the transmitted data represents the secret key...

Authenticated encryption provides confidentiality and integrity in the same one-pass process, by computing a Message Authentication Code (MAC) at almost no cost over generating keystream. This is natively more efficient than providing confidentiality then authentication in separate passes. The argument as to whether compute MAC (on plaintext) then encrypt, encrypt then compute MAC (on ciphertex...