scispace - formally typeset
Search or ask a question
Topic

Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.


Papers
More filters
Book ChapterDOI
13 Jul 2009
TL;DR: This work proposes the HBS (Hash Block Stealing) mode of operation, the first single-key mode that provably achieves the goal of providing deterministic authenticated encryption.
Abstract: We propose the HBS (Hash Block Stealing) mode of operation. This is the first single-key mode that provably achieves the goal of providing deterministic authenticated encryption. The authentication part of HBS utilizes a newly-developed, vector-input polynomial hash function. The encryption part uses a blockcipher-based, counter-like mode. These two parts are combined in such a way as the numbers of finite-field multiplications and blockcipher calls are minimized. Specifically, for a header of h blocks and a message of m blocks, the HBS algorithm requires just h + m + 2 multiplications in the finite field and m + 2 calls to the blockcipher. Although the HBS algorithm is fairly simple, its security proof is rather complicated.

55 citations

Book ChapterDOI
29 Nov 2015
TL;DR: This work unify, simplify, and generalize these results about the security and applicability of full-state keyed Sponge and Duplex constructions; in particular, for designing more efficient authenticated encryption schemes.
Abstract: We provide a security analysis for full-state keyed Sponge and full-state Duplex constructions. Our results can be used for making a large class of Sponge-based authenticated encryption schemes more efficient by concurrent absorption of associated data and message blocks. In particular, we introduce and analyze a new variant of SpongeWrap with almost free authentication of associated data. The idea of using full-state message absorption for higher efficiency was first made explicit in the Donkey Sponge MAC construction, but without any formal security proof. Recently, Gaži, Pietrzak and Tessaro CRYPTO 2015 have provided a proof for the fixed-output-length variant of Donkey Sponge. Yasuda and Sasaki CT-RSA 2015 have considered partially full-state Sponge-based authenticated encryption schemes for efficient incorporation of associated data. In this work, we unify, simplify, and generalize these results about the security and applicability of full-state keyed Sponge and Duplex constructions; in particular, for designing more efficient authenticated encryption schemes. Compared to the proof of Gaži et al., our analysis directly targets the original Donkey Sponge construction as an arbitrary-output-length function. Our treatment is also more general than that of Yasuda and Sasaki, while yielding a more efficient authenticated encryption mode for the case that associated data might be longer than messages.

54 citations

Journal ArticleDOI
TL;DR: The concept of self-certified public keys is adopted to propose a new signature scheme with message recovery that has two properties that the signer's public key can simultaneously be authenticated in verifying the signature, and the receiver also obtains the message.

54 citations

Journal ArticleDOI
TL;DR: This work presents a symmetric authenticated encryption scheme that is secure against DPA attacks and that does not have such a usage restriction, which means that the scheme fully complies with the requirements given in the CAESAR call and hence, can be used like other noncebased authenticated encryption schemes without loss of side-channel protection.
Abstract: Side-channel attacks and in particular differential power analysis (DPA) attacks pose a serious threat to cryptographic implementations. One approach to counteract such attacks are cryptographic schemes based on fresh re-keying. In settings of pre-shared secret keys, such schemes render DPA attacks infeasible by deriving session keys and by ensuring that the attacker cannot collect side-channel leakage on the session key during cryptographic operations with different inputs. While these schemes can be applied to secure standard communication settings, current re-keying approaches are unable to provide protection in settings where the same input needs to be processed multiple times. In this work, we therefore adapt the re-keying approach and present a symmetric authenticated encryption scheme that is secure against DPA attacks and that does not have such a usage restriction. This means that our scheme fully complies with the requirements given in the CAESAR call and hence, can be used like other noncebased authenticated encryption schemes without loss of side-channel protection. Its resistance against side-channel analysis is highly relevant for several applications in practice, like bulk storage settings in general and the protection of FPGA bitfiles and firmware images in particular.

54 citations

Book ChapterDOI
04 Nov 2009
TL;DR: A new blockcipher mode of operation named BTM, which stands for Bivariate Tag Mixing, which makes all-around improvements over the previous two DAE constructions, SIV (Eurocrypt 2006) and HBS (FSE 2009).
Abstract: We present a new blockcipher mode of operation named BTM, which stands for Bivariate Tag Mixing. BTM falls into the category of Deterministic Authenticated Encryption, which we call DAE for short. BTM makes all-around improvements over the previous two DAE constructions, SIV (Eurocrypt 2006) and HBS (FSE 2009). Specifically, our BTM requires just one blockcipher key, whereas SIV requires two. Our BTM does not require the decryption algorithm of the underlying blockcipher, whereas HBS does. The BTM mode utilizes bivariate polynomial hashing for authentication, which enables us to handle vectorial inputs of dynamic dimensions. BTM then generates an initial value for its counter mode of encryption by mixing the resulting tag with one of the two variables (hash keys), which avoids the need for an implementation of the inverse cipher.

53 citations


Network Information
Related Topics (5)
Public-key cryptography
27.2K papers, 547.7K citations
90% related
Cryptography
37.3K papers, 854.5K citations
89% related
Encryption
98.3K papers, 1.4M citations
86% related
Hash function
31.5K papers, 538.5K citations
84% related
Authentication
74.7K papers, 867.1K citations
83% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202319
202252
202167
2020109
2019111
201897