On modes of operations of a block cipher for authentication and authenticated encryption

This work deals with the various requirements of encryption and authentication in cryptographic applications. The approach is to construct suitable modes of operations of a block cipher to achieve the relevant goals. A variety of schemes suitable for specific applications are presented. While none of the schemes are built completely from scratch, there is a common unifying framework which connects them. All the schemes described have been implemented and the implementation details are publicly available. Performance figures are presented when the block cipher is the AES and the Intel AES-NI instructions are used. These figures suggest that the constructions presented here compare well with previous works such as the famous OCB mode of operation. In terms of features, the constructions provide several new offerings which are not present in earlier works. This work significantly widens the range of choices of an actual designer of cryptographic system.

[1]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[2]  Tom Stevenson Caesar : The influence of Julius Caesar in Western Culture , 2014 .

[3]  John Black,et al.  A Block-Cipher Mode of Operation for Parallelizable Message Authentication , 2002, EUROCRYPT.

[4]  Charanjit S. Jutla,et al.  Encryption Modes with Almost Free Message Integrity , 2001, Journal of Cryptology.

[5]  Mihir Bellare,et al.  The Security of Cipher Block Chaining , 1994, CRYPTO.

[6]  Atul Luykx,et al.  COBRA: A Parallelizable Authenticated Online Cipher Without Block Cipher Inverse , 2014, FSE.

[7]  Chanathip Namprempre,et al.  Online Ciphers and the Hash-CBC Construction , 2001, CRYPTO.

[8]  Palash Sarkar Pseudo-Random Functions and Parallelizable Modes of Operations of a Block Cipher , 2010, IEEE Transactions on Information Theory.

[9]  Thomas Johansson,et al.  A New Version of the Stream Cipher SNOW , 2002, Selected Areas in Cryptography.

[10]  Phillip Rogaway,et al.  The Software Performance of Authenticated-Encryption Modes , 2011, FSE.

[11]  Kan Yasuda,et al.  BTM: A Single-Key, Inverse-Cipher-Free Mode for Deterministic Authenticated Encryption , 2009, Selected Areas in Cryptography.

[12]  Kaoru Kurosawa,et al.  OMAC: One-Key CBC MAC , 2003, IACR Cryptol. ePrint Arch..

[13]  Daniel J. Bernstein,et al.  The Poly1305-AES Message-Authentication Code , 2005, FSE.

[14]  Stefan Lucks,et al.  McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes , 2012, FSE.

[15]  John Black,et al.  CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions , 2000, Journal of Cryptology.

[16]  Victor Shoup,et al.  On Fast and Provably Secure Message Authentication Based on Universal Hashing , 1996, CRYPTO.

[17]  Palash Sarkar,et al.  Modes of operations for encryption and authentication using stream ciphers supporting an initialisation vector , 2014, Cryptography and Communications.

[18]  Kazuhiko Minematsu,et al.  Parallelizable Rate-1 Authenticated Encryption from Pseudorandom Functions , 2014, EUROCRYPT.

[19]  Mridul Nandi,et al.  Attacks on the Authenticated Encryption Mode of Operation PAE , 2015, IEEE Transactions on Information Theory.

[20]  F. MacWilliams,et al.  Codes which detect deception , 1974 .

[21]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[22]  Tetsu Iwata,et al.  Improved Authenticity Bound of EAX, and Refinements , 2013, ProvSec.

[23]  Thomas Shrimpton,et al.  Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem , 2006, IACR Cryptol. ePrint Arch..

[24]  Russ Housley,et al.  Counter with CBC-MAC (CCM) , 2003, RFC.

[25]  Morris J. Dworkin,et al.  SP 800-38D. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC , 2007 .

[26]  Kaoru Kurosawa,et al.  TMAC: Two-Key CBC MAC , 2003, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[27]  Haya Freedman,et al.  Introduction to finite fields and their applications (revised edition) , by Rudolf Lidl and Harald Niederreiter. Pp. 416. £29.95. 1994. ISBN 0-521-46094-8 (Cambridge University Press) , 1995, The Mathematical Gazette.

[28]  Eita Kobayashi SILC: SImple Lightweight CFB , 2014 .

[29]  Mihir Bellare,et al.  The EAX Mode of Operation , 2004, FSE.

[30]  Jonathan Katz,et al.  Complete characterization of security notions for probabilistic private-key encryption , 2000, STOC '00.

[31]  Sanjit Chatterjee,et al.  Another Look at Tightness , 2011, IACR Cryptol. ePrint Arch..

[32]  Andrey Bogdanov,et al.  Parallelizable and Authenticated Online Ciphers , 2013, IACR Cryptol. ePrint Arch..

[33]  Palash Sarkar,et al.  A General Construction of Tweakable Block Ciphers and Different Modes of Operations , 2008, IEEE Transactions on Information Theory.

[34]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[35]  Shai Halevi,et al.  A Parallelizable Enciphering Mode , 2004, CT-RSA.

[36]  Phillip Rogaway,et al.  Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[37]  Daniel J. Bernstein,et al.  Stronger Security Bounds for Wegman-Carter-Shoup Authenticators , 2005, EUROCRYPT.

[38]  Kaoru Kurosawa,et al.  Stronger Security Bounds for OMAC, TMAC, and XCBC , 2003, INDOCRYPT.

[39]  Andrey Bogdanov,et al.  AES-Based Authenticated Encryption Modes in Parallel High-Performance Software , 2014, IACR Cryptol. ePrint Arch..

[40]  Kan Yasuda,et al.  HBS: A Single-Key Mode of Operation for Deterministic Authenticated Encryption , 2009, FSE.

[41]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[42]  Chanathip Namprempre,et al.  On-line Ciphers and the Hash-CBC Constructions , 2012, Journal of Cryptology.

[43]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[44]  Shay Gueron,et al.  Intel's New AES Instructions for Enhanced Performance and Security , 2009, FSE.

[45]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[46]  Tetsu Iwata,et al.  CLOC: Authenticated Encryption for Short Input , 2014, FSE.

[47]  Tetsu Iwata,et al.  Breaking and Repairing GCM Security Proofs , 2012, IACR Cryptol. ePrint Arch..

[48]  Phillip Rogaway,et al.  Authenticated-encryption with associated-data , 2002, CCS '02.

[49]  Tetsu Iwata,et al.  Cryptanalysis of EAXprime , 2012, IACR Cryptol. ePrint Arch..

[50]  Orr Dunkelman Fast Software Encryption, 16th International Workshop, FSE 2009, Leuven, Belgium, February 22-25, 2009, Revised Selected Papers , 2009, FSE.

[51]  Stefan Lucks,et al.  Pipelineable On-line Encryption , 2014, FSE.

[52]  Morris J. Dworkin,et al.  SP 800-38B. Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication , 2005 .

[53]  Mridul Nandi,et al.  Forging Attacks on Two Authenticated Encryption Schemes COBRA and POET , 2014, ASIACRYPT.

[54]  Peng Wang,et al.  HCTR: A Variable-Input-Length Enciphering Mode , 2005, CISC.

[55]  Virgil D. Gligor,et al.  Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes , 2001, FSE.

[56]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[57]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.