Provably secure authenticated encryption modes

Privacy of the message and authenticity of the sender in a secure communication is a challenging concern. Tradionally these two aims were achieved by using different cryptographic primitives: by using encryption for privacy and using MAC’s for authenticity. Authenticated Encryption (AE) is a mechanism to provides both the privacy of data as well as authenticity of the sender by a single cryptographic construction. Usually, AE schemes have been constructed as mode of operation of a block cipher providing both confidentiality and authenticity. Bellare and Namprempre [1] introduced the idea of AE and showed different compositions of Encryption and MAC schemes to construct AE schemes, along with the security proof for each construction. In their work, Bellare and Namprempre also highlighted the subtle issues which can lead to insecurity in some combinations of encryption and MAC schemes. Many modes of AE have been developed after the pioneering work of Bellare et al. in 2000. Jutla developed the IAPM [7] mode in 2001. Around the same time, Rogaway et al. proposed the OCB mode [15]. OCB is one of the most efficient AE modes. Other efficient modes are CCM [16] and CWC [9]. All of these AE modes are based on block ciphers. The SpongeWrap [4] is the only known AE scheme based on a permutation, while there is no known AE mode which is based on a random function. Near lack of non-block cipher based designs for AE motivated us to study new AE designs. In this work, we propose two new AE modes. The first one, which we name FWPAE is based on random function and the second one, which we call FPAE, is based on permutation. Our proposed permutation based mode FPAE promises to have better security compared to SpongeWrap.

[1]  Russ Housley,et al.  Counter with CBC-MAC (CCM) , 2003, RFC.

[2]  Kris Gaj,et al.  A Novel Permutation-Based Hash Mode of Operation FP and the Hash Function SAMOSA , 2012, INDOCRYPT.

[3]  Souradyuti Paul,et al.  Indifferentiability security of the fast wide pipe hash: Breaking the birthday barrier , 2016, J. Math. Cryptol..

[4]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[5]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[6]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[7]  Mridul Nandi,et al.  Speeding Up the Wide-Pipe: Secure and Fast Hashing , 2010, INDOCRYPT.

[8]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[9]  Tadayoshi Kohno,et al.  CWC: A High-Performance Conventional Authenticated Encryption Mode , 2004, FSE.

[10]  Charanjit S. Jutla,et al.  Encryption Modes with Almost Free Message Integrity , 2001, Journal of Cryptology.

[11]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[12]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[13]  Guido Bertoni,et al.  Duplexing the sponge: single-pass authenticated encryption and other applications , 2011, IACR Cryptol. ePrint Arch..

[14]  John Black,et al.  The Ideal-Cipher Model, Revisited: An Uninstantiable Blockcipher-Based Hash Function , 2006, FSE.

[15]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.