scispace - formally typeset
Search or ask a question
Topic

Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.


Papers
More filters
Proceedings ArticleDOI
27 May 2018
TL;DR: This paper focuses on optimizing the hardware architecture of NORX by applying a pipeline technique and results show that optimized NORX is 40.81% faster, 18.01% smaller, and improved the throughput per area by 76.9% when compared with state-of-the-art NORX implementation.
Abstract: Authenticated encryption with associated data (AEAD) plays a significant role in cryptography due to its ability to provide integrity, confidentiality and authenticity at the same time. There is an unceasing demand of high-performance and area-efficient AEAD ciphers due to the emergence of security at the edge of computing fabric, such as, sensors and smartphone devices. Currently, a worldwide contest, titled CAESAR, is being held to decide on a set of AEAD ciphers, which are distinguished by their security, runtime performance, energy-efficiency and low area budget. In this paper, we focus on optimizing the hardware architecture of NORX by applying a pipeline technique. Our pre-layout results using commercial ASIC TSMC 65 technology library show that optimized NORX is 40.81% faster, 18.01% smaller, and improved the throughput per area by 76.9% when compared with state-of-the-art NORX implementation.

3 citations

31 Oct 2011
TL;DR: This document defines how AES-GCM, AES-CCM, and other Authenticated Encryption with Associated Data (AEAD) algorithms, can be used to provide confidentiality and data authentication mechanisms in the SRTP protocol.
Abstract: This document defines how AES-GCM, AES-CCM, and other Authenticated Encryption with Associated Data (AEAD) algorithms, can be used to provide confidentiality and data authentication mechanisms in the SRTP protocol.

3 citations

Posted Content
TL;DR: This work addresses the practice of key-wrapping, where one symmetric cryptographic key is used to encrypt another, and considers notions that mirror the usual security requirements for symmetric encryption, except that the inputs to be encrypted are random rather than adversarially chosen.
Abstract: We address the practice of key-wrapping, where one symmetric cryptographic key is used to encrypt another. This practice is used extensively in key-management architectures, often to create an "adapter layer" between incompatible legacy systems. Although in principle any secure encryption scheme can be used for key wrapping, practical constraints (which are commonplace when dealing with legacy systems) may severely limit the possible implementations, sometimes to the point of ruling out any "secure general-purpose encryption." It is therefore desirable to identify the security requirements that are "really needed" for the key-wrapping application, and have a large variety of implementations that satisfy these requirements. This approach was developed in a work by Rogaway and Shrimpton at EUROCRYPT 2006. They focused on allowing deterministic encryption, and defined a notion of deterministic authenticated encryption (DAE), which roughly formalizes "the strongest security that one can get without randomness." Although DAE is weaker than full blown authenticated encryption, it seems to suffice for the case of key wrapping (since keys are random and therefore the encryption itself can be deterministic). Rogaway and Shrimpton also described a mode of operation for block ciphers (called SIV) that realizes this notion. We continue in the direction initiated by Rogaway and Shirmpton. We first observe that the notion of DAE still rules out many practical and "seemingly secure" implementations. We thus look for even weaker notions of security that may still suffice. Specifically we consider notions that mirror the usual security requirements for symmetric encryption, except that the inputs to be encrypted are random rather than adversarially chosen. These notions are all strictly weaker than DAE, yet we argue that they suffice for most applications of key wrapping. As for implementations, we consider the key-wrapping notion that mirrors authenticated encryption, and investigate a template of Hash-then-Encrypt (HtE), which seems practically appealing: In this method the key is first "hashed" into a short nonce, and then the nonce and key are encrypted using some standard encryption mode. We consider a wide array of "hash functions", ranging from a simple XOR to collision-resistant hashing, and examine what "hash function" can be used with what encryption mode.

3 citations

Posted Content
TL;DR: Sec-cs as mentioned in this paper is a hash-table-like data structure for file contents on untrusted storage that is both secure and storage-efficient, achieving authenticity and confidentiality with zero storage overhead using deterministic authenticated encryption.
Abstract: We present sec-cs, a hash-table-like data structure for file contents on untrusted storage that is both secure and storage-efficient. We achieve authenticity and confidentiality with zero storage overhead using deterministic authenticated encryption. State-of-the-art data deduplication approaches prevent redundant storage of shared parts of different contents irrespective of whether relationships between contents are known a priori or not. Instead of just adapting existing approaches, we introduce novel (multi-level) chunking strategies, ML-SC and ML-CDC, which are significantly more storage-efficient than existing approaches in presence of high redundancy. We prove sec-cs's security, publish a ready-to-use implementation, and present results of an extensive analytical and empirical evaluation that show its suitability for, e.g., future backup systems that should preserve many versions of files on little available cloud storage.

3 citations

Proceedings ArticleDOI
06 Apr 2008
TL;DR: This work proposes two secure publicly verifiable authenticated encryption schemes to overcome the flaws of MC scheme and Hung-Yu Chien scheme, and shows that the two schemes are extremely insecure.
Abstract: An authenticated encryption scheme is a message transmission, which sends messages in secure and authentic way. It is very suitable to mobile device. Recently, C.S.Ma and K.F.Chen give a new authenticated encryption scheme, and Hung-Yu Chien also give a convertible authenticated encryption scheme. However, our analysis shows that the two schemes are extremely insecure. The common flaw of the two schemes is forgeability and repudiation. After we give the corresponding attack to the two authenticated encryption schemes respectively, we propose two secure publicly verifiable authenticated encryption schemes to overcome the flaws of MC scheme and Hung-Yu Chien scheme. As for efficiency, the computation cost and communication overhead of our proposed schemes are as small as the two original schemes: the MC scheme and the Hung-Yu Chien scheme. Finally, we give secure proof to the proposed schemes.

3 citations


Network Information
Related Topics (5)
Public-key cryptography
27.2K papers, 547.7K citations
90% related
Cryptography
37.3K papers, 854.5K citations
89% related
Encryption
98.3K papers, 1.4M citations
86% related
Hash function
31.5K papers, 538.5K citations
84% related
Authentication
74.7K papers, 867.1K citations
83% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202319
202252
202167
2020109
2019111
201897