Input Output Chaining (IOC) is an authenticated encryption (AE) mode that can be used with any block cipher. IOC main interest is that each message block is ciphered just once, as when only implementing confidentiality, while the added complexity by the accompanying integrity service is negligible. The core integrity concept in IOC is based on a novel, minimal and appealing chaining mechanism a...

We propose a block-cipher mode of operation, EAX, for solving the problem of authenticated-encryption with associated-data (AEAD). Given a nonce N , a message M , and a header H , our mode protects the privacy of M and the authenticity of bothM andH . StringsN ,M , andH are arbitrary bit strings, and the mode uses 2djM j=ne + djHj=ne + djN j=ne block-cipher calls when these strings are nonempty...

In securing voice messages, information sent through the internet network must be authenticated for its authenticity, data content, delivery time, and so on. To prevent manipulation by irresponsible parties, creation of a leak that has negative impact. The occurrence leaks most users are still not aware of. This can happen due to lack security message itself which results in problems arise also...

Online ciphers encrypt an arbitrary number of plaintext blocks and output ciphertext blocks which only depend on the preceding plaintext blocks. All online ciphers proposed so far are essentially serial, which significantly limits their performance on parallel architectures such as modern general-purpose CPUs or dedicated hardware. We propose the first parallelizable online cipher, COPE. It per...

How much time is needed to encrypt, authenticate, verify, and decrypt a packet? The answer depends on the machine (most importantly, but not solely, the CPU), on the choice of authenticatedencryption function, on the packet length, on the level of competition for the instruction cache, on the number of keys handled in parallel, et al. This paper reports, in graphical and tabular form, measureme...

This memo describes the use of the Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) as a Transport Layer Security (TLS) authenticated encryption operation. GCM provides both confidentiality and data origin authentication, can be efficiently implemented in hardware for speeds of 10 gigabits per second and above, and is also well-suited to software implementations. This memo define...

Helix is a high-speed stream cipher with a built-in MAC functionality. On a Pentium II CPU it is about twice as fast as Rijndael or Twofish, and comparable in speed to RC4. The overhead per encrypted/authenticated message is low, making it suitable for small messages. It is efficient in both hardware and software, and with some pre-computation can effectively switch keys on a per-message basis ...

In this paper, we discuss using CTR mode, another standard encryption mode, to attack other standard encryption modes and using other standard encryption modes to attack CTR mode under the related-mode attack model. In particular, we point out that when the adversary has access to an oracle under one proper mode, then almost all other related-cipher modes, whether they are encryption modes or a...

This paper proposes an authenticated encryption scheme, called SIVx, that preserves BBB security also without the requirement for nonces. For this purpose, we propose a single-key BBB-secure message authentication code with 2n-bit outputs, called PMAC2x, based on a tweakable block cipher. PMAC2x is motivated by PMAC TBC1k by Naito; we revisit its security proof and point out an invalid assumpti...

Since the security analysis against stream ciphers becomes more difficult nowadays, it is urgent and significant to propose new generic methods. In this work, we introduce guess-and-determine techniques to two traditional analysis methods and make the new approaches methodological for generalization. We show the power of the new methods by analyzing two stream ciphers: Grain-v1 and ACORN. Grain...