CLOC: Authenticated Encryption for Short Input

We define and analyze the security of a blockcipher mode of operation, \(\mathrm {CLOC}\), for provably secure authenticated encryption with associated data. The design of \(\mathrm {CLOC}\) aims at optimizing previous schemes, CCM, EAX, and EAX-prime, in terms of the implementation overhead beyond the blockcipher, the precomputation complexity, and the memory requirement. With these features, \(\mathrm {CLOC}\) is suitable for handling short input data, say 16 bytes, without needing precomputation nor large memory. This property is especially beneficial to small microprocessors, where the word size is typically 8 bits or 16 bits, and there are significant restrictions in the size and the number of registers. \(\mathrm {CLOC}\) uses a variant of CFB mode in its encryption part and a variant of CBC MAC in the authentication part. We introduce various design techniques in order to achieve the above mentioned design goals. We prove \(\mathrm {CLOC}\) secure, in a reduction-based provable security paradigm, under the assumption that the blockcipher is a pseudorandom permutation. We also present our preliminary implementation results.

[1]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[2]  Frédéric Valette,et al.  On the Security of the CCM Encryption Mode and of a Slight Variant , 2008, ACNS.

[3]  Russ Housley,et al.  Counter with CBC-MAC (CCM) , 2003, RFC.

[4]  Tetsu Iwata,et al.  Breaking and Repairing GCM Security Proofs , 2012, IACR Cryptol. ePrint Arch..

[5]  Phillip Rogaway,et al.  Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[6]  Akashi Satoh,et al.  A Compact Rijndael Hardware Architecture with S-Box Optimization , 2001, ASIACRYPT.

[7]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality [including updates through 7/20/2007] , 2004 .

[8]  Morris J. Dworkin SP 800-38C. Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality , 2004 .

[9]  Russ Housley,et al.  Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP) , 2004, RFC.

[10]  Stefan Tillich,et al.  Comparing Block Cipher Modes of Operation on MICAz Sensor Nodes , 2009, 2009 17th Euromicro International Conference on Parallel, Distributed and Network-based Processing.

[11]  Russ Housley,et al.  Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS) , 2007, RFC.

[12]  Phillip Rogaway,et al.  Nonce-Based Symmetric Encryption , 2004, FSE.

[13]  Peng Wang,et al.  CBCR: CBC MAC with rotating transformations , 2011, Science China Information Sciences.

[14]  Stefan Lucks,et al.  McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes , 2012, FSE.

[15]  John Black,et al.  CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions , 2000, Journal of Cryptology.

[16]  Morris J. Dworkin,et al.  SP 800-38B. Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication , 2005 .

[17]  Paul Sharke Fast and Secure , 2005 .

[18]  Mridul Nandi,et al.  Fast and Secure CBC-Type MAC Algorithms , 2009, FSE.

[19]  Russ Housley,et al.  Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP) , 2005, RFC.

[20]  Phillip Rogaway,et al.  The Software Performance of Authenticated-Encryption Modes , 2011, FSE.

[21]  Paulo S. L. M. Barreto,et al.  Comparison of Authenticated-Encryption schemes in Wireless Sensor Networks , 2011, 2011 IEEE 36th Conference on Local Computer Networks.

[22]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[23]  David A. Wagner,et al.  A Critique of CCM , 2003, IACR Cryptol. ePrint Arch..

[24]  Morris J. Dworkin,et al.  SP 800-38D. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC , 2007 .

[25]  Willi Meier,et al.  Fast software encryption : 11th International Workshop, FSE 2004, Delhi, India, February 5-7, 2004 : revised papers , 2004, FSE 2004.

[26]  Vincent Rijmen,et al.  ALE: AES-Based Lightweight Authenticated Encryption , 2013, FSE.

[27]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[28]  Stefan Lucks Two-Pass Authenticated Encryption Faster Than Generic Composition , 2005, FSE.

[29]  Jakob Jonsson,et al.  On the Security of CTR + CBC-MAC , 2002, Selected Areas in Cryptography.

[30]  Tetsu Iwata,et al.  Improved Authenticity Bound of EAX, and Refinements , 2013, ProvSec.

[31]  Tetsu Iwata,et al.  Attacks and Security Proofs of EAX-Prime , 2013, FSE.

[32]  Andrey Bogdanov,et al.  Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware , 2013, CHES.

[33]  Mihir Bellare,et al.  The EAX Mode of Operation , 2004, FSE.

[34]  Dean Anthony Gratton The Handbook of Personal Area Networking Technologies and Protocols: Bluetooth low energy , 2013 .