Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.

Encryption/decryption device and method, encryption device and method, decryption device and method, and transmission/reception apparatus

Abstract: The encryption/decryption device includes: a data structure analysis block for receiving encrypted data or data to be encrypted and outputting control data and also the encrypted data or the data to be encrypted as processing block input data; a data control block for determining a mode selection signal according to the control data; and a shared processing block for performing encryption or decryption for the processing block input data and outputting the result. The shared processing block is configured to have the ability to perform encryption and decryption in either of the CBC mode and the CFB mode by performing ECB processing using input key data, and performs encryption or decryption in the mode indicated by the mode selection signal.

JHAE: An Authenticated Encryption Mode Based on JH.

Abstract: In this paper we present JHAE, an authenticated encryption (AE) mode based on the JH hash mode. JHAE is a dedicated AE mode based on permutation. We prove that this mode, based on ideal permutation, is provably secure.

Security of Online AE Schemes in RUP Setting

Abstract: Authenticated encryption (AE) combines privacy with data integrity, and in the process of decryption, the plaintext is always kept until successful verification But in applications with insufficient memory or with realtime requirement, release of unverified plaintext is unavoidable Furthermore most of present online AE schemes claim to keep the unverified plaintext, leading to online encryption but offline decryption, which seems unreasonable for online applications Thus, security of the releasing unverified plaintext (RUP) setting, especially for online AE scheme need to be taken seriously The notion of plaintext awareness (PA) together with IND-CPA have been formalized to achieve privacy in RUP setting by Andreeva et al in 2014 But notion of PA is too strong and conflicts to online property, namely no online AE scheme can be PA secure according to their results, leading PA to lose its practical significance In this paper, we define a similar security notion OPA and combine OPA with OPRP-CPA (IND-CPA) to achieve privacy of online AE scheme in RUP setting, which solves the conflicts between PA and online property And we analysis the relation between OPA and some other notions Then we study OPA security of existing online AE schemes, and show OPA insecurity of Stream Structure and structures with the property of “controll ciphertext to jump between two plaintexts" (CCJP), which are adopted by most of schemes in the ongoing CAESAR competition At last, combining the property CCJP with the simple tag-producing process, we look upon the INT-RUP insecurity of existing schemes from new different angle

Authenticated Encryption without Tag Expansion (or, How to Accelerate AERO).

Abstract: Standard form of authenticated encryption (AE) requires the ciphertext to be expanded by the nonce and the authentication tag These expansions can be problematic when messages are relatively short and communication cost is high This paper studies a form of AE scheme whose ciphertext is only expanded by nonce, with the help of stateful receiver which also enables detection of replays While there is a scheme having this feature, called AERO, proposed by McGrew and Foley, there is no formal treatment based on the provable security framework We propose a provable security framework for such AE schemes, which we call MiniAE, and show several secure schemes using standard symmetric crypto primitives Most notably, one of our schemes has a similar structure as OCB mode of operation and uses only one blockcipher call to process one input block, thus the computation cost is comparable to the nonce-based encryption-only schemes

Analysis and Design of Symmetric Cryptographic Algorithms

Abstract: This doctoral thesis is dedicated to the analysis and the design of symmetric cryptographic algorithms. In the first part of the dissertation, we deal with fault-based attacks on cryptographic circuits which belong to the field of active implementation attacks and aim to retrieve secret keys stored on such chips. Our main focus lies on the cryptanalytic aspects of those attacks. In particular, we target block ciphers with a lightweight and (often) non-bijective key schedule where the derived subkeys are (almost) independent from each other. An attacker who is able to reconstruct one of the subkeys is thus not necessarily able to directly retrieve other subkeys or even the secret master key by simply reversing the key schedule. We introduce a framework based on differential fault analysis that allows to attack block ciphers with an arbitrary number of independent subkeys and which rely on a substitution-permutation network. These methods are then applied to the lightweight block ciphers LED and PRINCE and we show in both cases how to recover the secret master key requiring only a small number of fault injections. Moreover, we investigate approaches that utilize algebraic instead of differential techniques for the fault analysis and discuss advantages and drawbacks. At the end of the first part of the dissertation, we explore fault-based attacks on the block cipher Bel-T which also has a lightweight key schedule but is not based on a substitution-permutation network but instead on the so-called Lai-Massey scheme. The framework mentioned above is thus not usable against Bel-T. Nevertheless, we also present techniques for the case of Bel-T that enable full recovery of the secret key in a very efficient way using differential fault analysis. In the second part of the thesis, we focus on authenticated encryption schemes. While regular ciphers only protect privacy of processed data, authenticated encryption schemes also secure its authenticity and integrity. Many of these ciphers are additionally able to protect authenticity and integrity of so-called associated data. This type of data is transmitted unencrypted but nevertheless must be protected from being tampered with during transmission. Authenticated encryption is nowadays the standard technique to protect in-transit data. However, most of the currently deployed schemes have deficits and there are many leverage points for improvements. With NORX we introduce a novel authenticated encryption scheme supporting associated data. This algorithm was designed with high security, efficiency in both hardware and software, simplicity, and robustness against side-channel attacks in mind. Next to its specification, we present special features, security goals, implementation details, extensive performance measurements and discuss advantages over currently deployed standards. Finally, we describe our preliminary security analysis where we investigate differential and rotational properties of NORX. Noteworthy are in particular the newly developed techniques for differential cryptanalysis of NORX which exploit the power of SAT- and SMT-solvers and have the potential to be easily adaptable to other encryption schemes as well.