Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.

Tweaks and Keys for Block Ciphers: the TWEAKEY Framework.

Abstract: We propose the TWEAKEY framework with goal to unify the design of tweakable block ciphers and of block ciphers resistant to related-key attacks. Our framework is simple, extends the key-alternating construction, and allows to build a primitive with arbitrary tweak and key sizes, given the public round permutation (for instance, the AES round). Increasing the sizes renders the security analysis very difficult and thus we identify a subclass of TWEAKEY, that we name STK, which solves the size issue by the use of finite field multiplications on low hamming weight constants. We give very efficient instances of STK, in particular, a 128-bit tweak/key/state block cipher Deoxys-BC that is the first AES-based ad-hoc tweakable block cipher. At the same time, Deoxys-BC could be seen as a secure alternative to AES-256, which is known to be insecure in the related-key model. As another member of the TWEAKEY framework, we describe Kiasu-BC, which is a very simple and even more efficient tweakable variation of AES-128 when the tweak size is limited to 64 bits. In addition to being efficient, our proposals, compared to the previous schemes that use AES as a black box, offer security beyond the birthday bound. Deoxys-BC and Kiasu-BC represent interesting pluggable primitives for authenticated encryption schemes, for instance, ΘCB3 instantiated with Kiasu-BC runs at about 0.75 c/B on Intel Haswell. Our work can also be seen as advances on the topic of secure key schedule design for AES-like ciphers, describing several proposals in this direction.

The OCB Authenticated-Encryption Algorithm

Abstract: This document specifies OCB, a shared-key blockcipher-based encryption scheme that provides confidentiality and authenticity for plaintexts and authenticity for associated data. This document is a product of the Crypto Forum Research Group (CFRG).

Authenticated encryption scheme with (t, n) shared verification

Abstract: A new authenticated encryption scheme with (t, n) shared verification based on discrete logarithms is proposed. In the scheme any ciphertext of signature for a message is addressed to a specified group of verifiers in such a way that the ability to decrypt the ciphertext of signature is regulated by the adopted (t, n) threshold scheme. That is, any t out of n verifiers in the group share the responsibility (or authority) for message recovery. The proposed scheme preserves the merits inherent in the signature scheme with message recovery and the (t, n) shared verification scheme. As compared to Harn's (t, n) shared verification scheme and its further modifications, the proposed scheme has the following advantages: it requires smaller bandwidth and achieves more secrecy of data transmission; it is more efficient for signature verification.

Bitstream encryption and authentication with AES-GCM in dynamically reconfigurable systems

Abstract: A high-speed and secure dynamic partial reconfiguration (DPR) system is realized with AES-GCM that guarantees both confidentiality and authenticity of FPGA bitstreams. In DPR systems, bitstream authentication is essential for avoiding fatal damage caused by unintended bitstreams. An encryption-only system can prevent bitstream cloning and reverse engineering, but cannot prevent erroneous or malicious bitstreams from being configured. Authenticated encryption is a relatively new concept that provides both message encryption and authentication, and AES-GCM is one of the latest authenticated encryption algorithms suitable for hardware implementation. We implemented the AES-GCM-based DPR system targeting the Virtex-5 device on an off-the-shelf board, and evaluated its throughput and hardware resource utilization. For comparison, we also implemented AES-CBC and SHA-256 modules on the same device. The experimental results showed that the AES-GCM-based system achieved higher throughput with less resource utilization than the AES/SHA-based system. The AES-GCM-module achieved more than 1 Gbps throughput and the entire system achieved about 800 Mbps throughput with reasonable resource utilization. This paper clarifies the advantage of using AES-GCM for protecting DPR systems.