COBRA: A Parallelizable Authenticated Online Cipher Without Block Cipher Inverse

We present a new, misuse-resistant scheme for online authenticated encryption, following the framework set forth by Fleischmann et al. (FSE 2012). Our scheme, COBRA, is roughly as efficient as the GCM mode of operation for nonce-based authenticated encryption, performing one block cipher call plus one finite field multiplication per message block in a parallelizable way. The major difference from GCM is that COBRA preserves privacy up to prefix under nonce repetition. However, COBRA only provides authenticity against nonce-respecting adversaries. As compared to COPA (ASIACRYPT 2013), our new scheme requires no block cipher inverse and hence enjoys provable security under a weaker assumption about the underlying block cipher. In addition, COBRA can possibly perform better than COPA on platforms where finite field multiplication can be implemented faster than the block cipher in use, since COBRA essentially replaces half of the block cipher calls in COPA with finite field multiplications.

[1]  Charanjit S. Jutla,et al.  Encryption Modes with Almost Free Message Integrity , 2001, Journal of Cryptology.

[2]  Hongjun Wu The Misuse of RC4 in Microsoft Word and Excel , 2005, IACR Cryptol. ePrint Arch..

[3]  Andrey Bogdanov,et al.  Parallelizable and Authenticated Online Ciphers , 2013, IACR Cryptol. ePrint Arch..

[4]  Kan Yasuda,et al.  BTM: A Single-Key, Inverse-Cipher-Free Mode for Deterministic Authenticated Encryption , 2009, Selected Areas in Cryptography.

[5]  Shay Gueron,et al.  AES-GCM software performance on the current high end CPUs as a performance baseline for CAESAR competition , 2013 .

[6]  Richard Schroeppel,et al.  ManTiCore: Encryption with Joint Cipher-State Authentication , 2004, ACISP.

[7]  Mihir Bellare,et al.  The EAX Mode of Operation , 2004, FSE.

[8]  Haibin Zhang,et al.  The Security of Ciphertext Stealing , 2012, FSE.

[9]  Tadayoshi Kohno,et al.  Attacking and repairing the winZip encryption scheme , 2004, CCS '04.

[10]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[11]  Thomas Shrimpton,et al.  Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem , 2006, IACR Cryptol. ePrint Arch..

[12]  Willi Meier,et al.  Fast software encryption : 11th International Workshop, FSE 2004, Delhi, India, February 5-7, 2004 : revised papers , 2004, FSE 2004.

[13]  Andrey Bogdanov,et al.  APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography , 2014, FSE.

[14]  Kazuhiko Minematsu,et al.  Parallelizable Rate-1 Authenticated Encryption from Pseudorandom Functions , 2014, EUROCRYPT.

[15]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[16]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[17]  Kan Yasuda,et al.  The Security of the OCB Mode of Operation without the SPRP Assumption , 2013, ProvSec.

[18]  Palash Sarkar,et al.  HCH: A New Tweakable Enciphering Scheme Using the Hash-Counter-Hash Approach , 2008, IEEE Transactions on Information Theory.

[19]  Thomas Ristenpart,et al.  How to Enrich the Message Space of a Cipher , 2007, IACR Cryptol. ePrint Arch..

[20]  Tadayoshi Kohno,et al.  CWC: A High-Performance Conventional Authenticated Encryption Mode , 2004, FSE.

[21]  Stefan Lucks,et al.  McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes , 2012, FSE.

[22]  Phillip Rogaway,et al.  Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[23]  Phillip Rogaway,et al.  Nonce-Based Symmetric Encryption , 2004, FSE.

[24]  Kan Yasuda,et al.  HBS: A Single-Key Mode of Operation for Deterministic Authenticated Encryption , 2009, FSE.

[25]  Arjen K. Lenstra,et al.  Public Keys , 2012, CRYPTO.

[26]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[27]  Vinodh Gopal,et al.  Optimized Galois-Counter-Mode Implementation on Intel ® Architecture Processors , 2010 .

[28]  Phillip Rogaway,et al.  The Software Performance of Authenticated-Encryption Modes , 2011, FSE.