Topic
Authenticated encryption
About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.
Papers published on a yearly basis
Papers
More filters
26 Jun 2012
TL;DR: By performing the authentication operation before the encryption operation, the security requirements on the Authentication operation can be relaxed, leading to more efficient constructions, without affecting the security of the overall construction.
Abstract: In this work, we look at authenticated encryption schemes from a new perspective. As opposed to analyzing the security of different methods of constructing authenticated encryption schemes, we investigate the effect of the method used to construct an authenticated encryption scheme on the performance of the construction. We show that, by performing the authentication operation before the encryption operation, the security requirements on the authentication operation can be relaxed, leading to more efficient constructions, without affecting the security of the overall construction.
8 citations
01 Oct 2017
TL;DR: A AES-GCM-SIV hardware implementation provides better security in terms of nonce-misuse resistance and greater flexibility with respect to reusability of main components of AES- GCM, and is the first paper which discusses a hardware implementation of this recently proposed algorithm.
Abstract: Authenticated encryption schemes achieve both authentication and encryption in one algorithm and are a must for ensuring security of devices today. In this regard, we investigate architectures for a recently proposed algorithm, AES-GCM-SIV, which achieves complete nonce-misuse resistance. We present detailed architectures for AES-GCM-SIV and contrast with that of an existing standard, AES-GCM. We use modern FPGA platforms for our implementation and discuss the hardware performance in terms of area, throughput, power and energy. Proposed optimizations are implemented and compared with unoptimized architectures. Our observations show that AES-GCM-SIV is able to achieve about 95% of the performance of AES-GCM in terms of throughput while consuming only about 4% more area in terms of LUT count and energy per bit. For this added overhead, it provides better security in terms of nonce-misuse resistance and greater flexibility with respect to reusability of main components of AES-GCM. To the best of our knowledge, this is the first paper which discusses a hardware implementation of AES-GCM-SIV.
8 citations
30 Oct 2020
TL;DR: This work analyzes the multi-user security of the streaming encryption in Google's Tink library via an extended version of the framework of nonce-based online authenticated encryption of Hoang et al. (CRYPTO'15) to support random-access decryption.
Abstract: We analyze the multi-user security of the streaming encryption in Google's Tink library via an extended version of the framework of nonce-based online authenticated encryption of Hoang et al. (CRYPTO'15) to support random-access decryption. We show that Tink's design choice of using random nonces and a nonce-based key-derivation function indeed improves the concrete security bound. We then give two better alternatives that are more robust against randomness failure. In addition, we show how to efficiently instantiate the key-derivation function via AES, instead of relying on HMAC-SHA256 like the current design in Tink. To accomplish this we give a multi-user analysis of the XOR-of-permutation construction of Bellare, Krovetz, and Rogaway (EUROCRYPT'98).
8 citations
14 Sep 2020
TL;DR: Higncryption can be viewed as privacy-enhanced signcryption, which integrates public key encryption, entity authentication, and identity concealment into a monolithic primitive.
Abstract: Identity-based cryptography (IBC) is fundamental to security and privacy protection. Identity-based authenticated encryption (i.e., signcryption) is an important IBC primitive, which has numerous and promising applications. After two decades of research on signcryption, recently a new cryptographic primitive, named higncryption, was proposed. Higncryption can be viewed as privacy-enhanced signcryption, which integrates public key encryption, entity authentication, and identity concealment (which is not achieved in signcryption) into a monolithic primitive. Here, briefly speaking, identity concealment means that the transcript of protocol runs should not leak participants’ identity information.
8 citations
12 Dec 2005
TL;DR: The link security module developed by draft standard of IEEE 802.1AE can provide the user data confidentiality and frame data integrity, and data origin authenticity to subscribers, and support a link security at the maximum 2 Gbps EPON using the parallel CTR-Aes (counter-AES) in the GCM-A ES.
Abstract: In this paper, the link security module developed by draft standard of IEEE 802.1AE in order to protect all frames from a listening or attacking of a malicious user at an EPON link. And it applied at an EPON OLT (optical line terminal)/ONU (optical network unit) and is provided a link security about the maximum 64 ONUs. It also used a 128 bits GCM-AES (Galois/counter mode-advanced encryption standard) of an authenticated encryption mode that was mandatory-to-implement crypto- algorithm in draft standard. So, link security module can provide the user data confidentiality and frame data integrity, and data origin authenticity to subscribers, and support a link security at the maximum 2 Gbps EPON using the parallel CTR-AES (counter-AES) in the GCM-AES
8 citations