Authenticated encryption schemes in practice have to be robust against adversaries that have access to various types of leakage, for instance decryption leakage on invalid ciphertexts (protocol leakage), or leakage on the underlying primitives (side channel leakage). This work includes several novel contributions: we augment the notion of nonce-base authenticated encryption with the notion of c...

In this paper, we consider the problem of mutually authenticated key exchanges between a low-power client and a powerful server. We show how the Jakobsson-Pointcheval scheme proposed recently [15] can be compromised using a variant of interleaving attacks. We also propose a new scheme for achieving mutually authenticated key exchanges. The protocol is proven correct within a variant of Bellare-...

Authenticated encryption schemes need redundancy schemes to link up the message blocks; however, these redundancies increase communication costs. To construct links without increasing communication costs, we propose a general solution for all the authenticated encryption schemes based on the discrete logarithm problem. Because the computation cost to construct links is small, the improved schem...

An efficient authenticated encryption scheme with message linkages is proposed. For achieving both privacy and integrity in data communications, the proposed scheme requires smaller bandwidth and computational time when compared to previously proposed authenticated encryption schemes with message linkages. Moreover, the proposed scheme allows the verifier to recover and verify the message block...

Authenticated dictionaries allow users to send lookup requests to an untrusted server and get authenticated answers. Persistent authenticated dictionaries (PADs) add queries against historical versions. We consider a variety of different trust models for PADs and we present several extensions, including support for aggregation and a rich query language, as well as hiding information about the o...

When using an authenticated-encryption scheme (a shared-key mechanism that provides both privacy and authenticity) it is sometimes useful, when encrypting a message, to also authen­ ticate some additional information which is not privacy protected. We address this associateddata problem, wherein a Sender can bind to an authenticated ciphertext C a string AD, called its associated-data, and wher...

Abstract Authenticated encryption satisfies the basic need for authenticity and confidentiality in our information infrastructure. In this paper, we provide specification of Ascon -128 -128a. Both authenticated algorithms efficient on resource-constrained devices high-end CPUs. Furthermore, they have been selected as “primary choice” lightweight final portfolio CAESAR competition. addition, spe...

Recently, Wen, Lee, and Hwang proposed a three-party password-authenticated key exchange protocol making use of the Weil pairing. The protocol was claimed to be provably secure. But despite the claim of provable security, the protocol is in fact insecure in the presence of an active adversary. We demonstrate this by presenting an attack that completely compromises the authentication mechanism o...