Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.

Hardware Design and Analysis of the ACE and WAGE Ciphers.

Abstract: This paper presents the hardware design and analysis of ACE and WAGE, two candidate ciphers for the NIST Lightweight Cryptography standardization. Both ciphers use sLiSCP's unified sponge duplex mode. ACE has an internal state of 320 bits, uses three 64 bit Simeck boxes, and implements both authenticated encryption and hashing. WAGE is based on the Welch-Gong stream cipher and provides authenticated encryption. WAGE has 259 bits of state, two 7 bit Welch-Gong permutations, and four lightweight 7 bit S-boxes. ACE and WAGE have the same external interface and follow the same I/O protocol to transition between phases. The paper illustrates how a hardware perspective influenced key aspects of the ACE and WAGE algorithms. The paper reports area, power, and energy results for both serial and parallel (unrolled) implementations using four different ASIC libraries: two 65 nm libraries, a 90 nm library, and a 130 nm library. ACE implementations range from a throughput of 0.5 bits-per-clock cycle (bpc) and an area of 4210 GE (averaged across the four ASIC libraries) up to 4 bpc and 7260 GE. WAGE results range from 0.57 bpc with 2920 GE to 4.57 bpc with 11080 GE.

Trick or Tweak: On the (In)security of OTR’s Tweaks

Abstract: Tweakable blockcipher (TBC) is a powerful tool to design authenticated encryption schemes as illustrated by Minematsu’s Offset Two Rounds (OTR) construction. It considers an additional input, called tweak, to a standard blockcipher which adds some variability to this primitive. More specifically, each tweak is expected to define a different, independent pseudo-random permutation.

Scope: On the Side Channel Vulnerability of Releasing Unverified Plaintexts

Abstract: In Asiacrypt 2014, Andreeva et al. proposed an interesting idea of intermittently releasing plaintexts before verifying the tag which was inspired from various practical applications and constraints. In this work we try to asses the idea of releasing unverified plaintexts in the light of side channel attacks like fault attacks. In particular we show that this opens up new avenues of attacking the decryption module. We further show a case-study on the APE authenticated encryption scheme and reduce its key space from $$2^{160}$$2160 to $$2^{50}$$250 using 12 faults and to $$2^{24}$$224 using 16 faults on the decryption module. These results are of particular interest since attacking the decryption enables the attacker to completely bypass the nonce constraint imposed by the encryption. Finally, at the outset this work also addresses a related problem of fault attacks with partial state information.

E-MACs: towards more secure and more efficient constructions of secure channels

Abstract: In cryptography, secure channels enable the confidential and authenticated message exchange between authorized users. A generic approach of constructing such channels is by combining an encryption primitive with an authentication primitive (MAC). In this work, we introduce the design of a new cryptographic primitive to be used in the construction of secure channels. Instead of using general purpose MACs, we propose the employment of special purpose MACs, named "∈-MACs". The main motive behind this work is the observation that, since the message must be both encrypted and authenticated, there can be a redundancy in the computations performed by the two primitives. If this turned out to be the case, removing such redundancy will improve the efficiency of the overall construction. In addition, computations performed by the encryption algorithm can be further utilized to improve the security of the authentication algorithm. In this work, we show how ∈-MACs can be designed to reduce the amount of computations required by standard MACs based on universal hash functions, and show how ∈-MACs can be secured against key-recovery attacks.

Efficient AES-GCM for VPNs using FPGAs

Abstract: Since its acceptance as the adopted authenticated encryption algorithm, AES-GCM has been utilized in various security-constrained applications. This paper describes the benefits of adding key-synthesized property to AES-GCM using FPGAs. Presented architectures can be used for applications which require encryption and authentication with slow changing keys like Virtual Private Networks (VPNs). Our architectures were evaluated using Virtex4 and Virtex5 FPGAs. It is shown that the performance of the presented AES-GCM architecture outperforms the previously reported ones.