CWC: A High-Performance Conventional Authenticated Encryption Mode
Tadayoshi Kohno,John Viega,Doug Whiting +2 more
- pp 408-426
TLDR
CWC as discussed by the authors is a new block cipher mode of operation for protecting both the privacy and the authenticity of encapsulated data, which is the first such mode having all five of the following properties: provable security, parallelizability, high performance in hardware and no intellectual property concerns.Abstract:
We introduce CWC, a new block cipher mode of operation for protecting both the privacy and the authenticity of encapsulated data. CWC is the first such mode having all five of the following properties: provable security, parallelizability, high performance in hardware, high performance in software, and no intellectual property concerns. We believe that having all five of these properties makes CWC a powerful tool for use in many performance-critical cryptographic applications. CWC is also the first appropriate solution for some applications; e.g., standardization bodies like the IETF and NIST prefer patent-free modes, and CWC is the first such mode capable of processing data at 10Gbps in hardware, which will be important for future IPsec (and other) network devices. As part of our design, we also introduce a new parallelizable universal hash function optimized for performance in both hardware and software.read more
Citations
More filters
Journal ArticleDOI
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
TL;DR: In this paper, the authors consider two possible notions of authenticity for authenticated encryption schemes, namely integrity of plaintexts and integrity of ciphertexts, and relate them, when coupled with IND-CPA (indistinguishability under chosen-plaintext attack), to the standard notions of privacy IND-CCA and NMCPA, and provide proofs for the cases where the answer is "yes" and counter-examples for the answer "no".
Book ChapterDOI
A provable-security treatment of the key-wrap problem
Phillip Rogaway,Thomas Shrimpton +1 more
TL;DR: In this article, the authors give a provable security treatment for the key-wrap problem, providing definitions, constructions, and proofs, and suggest that key-wrapping's goal is security in the sense of deterministic authenticated-encryption (DAE).
Book ChapterDOI
The software performance of authenticated-encryption modes
Ted Krovetz,Phillip Rogaway +1 more
TL;DR: OCB is found to be substantially faster than either GCM or GCM across a variety of platforms, and there is room for algorithmic improvements to OCB, showing how to trim one blockcipher call and reduce latency.
Book ChapterDOI
The EAX Mode of Operation
TL;DR: A block-cipher mode of operation, EAX, for solving the problem of authenticated-encryption with associated-data (AEAD), which is on-line and a fixed header can be pre-processed, effectively removing the per-message cost of binding it to the ciphertext.
Proceedings ArticleDOI
Implementing TLS with Verified Cryptographic Security
TL;DR: A verified reference implementation of TLS 1.2 is developed, including security specifications for its main components, such as authenticated stream encryption for the record layer and key establishment for the handshake, and typecheck the protocol state machine.
References
More filters
BookDOI
The Design of Rijndael
Joan Daemen,Vincent Rijmen +1 more
TL;DR: This volume is the authoritative guide to the Rijndael algorithm and AES and professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.
Book ChapterDOI
Keying Hash Functions for Message Authentication
TL;DR: Two new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.
Journal ArticleDOI
New hash functions and their use in authentication and set equality
TL;DR: Several new classes of hash functions with certain desirable properties are exhibited, and two novel applications for hashing which make use of these functions are introduced, including a provably secure authentication technique for sending messages over insecure lines and the application of testing sets for equality.
Proceedings ArticleDOI
A concrete security treatment of symmetric encryption
TL;DR: This work studies notions and schemes for symmetric (ie. private key) encryption in a concrete security framework and gives four different notions of security against chosen plaintext attack, providing both upper and lower bounds, and obtaining tight relations.
Journal ArticleDOI
How to construct pseudorandom permutations from pseudorandom functions
Michael Luby,Charles Rackoff +1 more
TL;DR: Any pseudorandom bit generator can be used to construct a block private key cryptos system which is secure against chosen plaintext attack, which is one of the strongest known attacks against a cryptosystem.
Related Papers (5)
The security and performance of the galois/counter mode (GCM) of operation
David McGrew,John Viega +1 more