Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.

Authenticated Encryption Method and Apparatus

Abstract: An authenticated encryption method and apparatus are described in which plaintext data is encrypted, using a secret key, to form ciphertext data. A message authentication code, MAC, is also formed in dependence on a combination of the ciphertext data and data characteristic of the plaintext data. The ciphertext data and the MAC are then output, for example, for storage to a storage medium. In a preferred embodiment a block cipher operating in GCM mode is adapted to cause the stored message authentication code to be dependent on the plaintext data.

On Weak Keys and Forgery Attacks Against Polynomial-Based MAC Schemes

Abstract: Universal hash functions are commonly used primitives for fast and secure message authentication in the form of Message Authentication Codes (MACs) or Authenticated Encryption with Associated Data (AEAD) schemes These schemes are widely used and standardised, the most well known being McGrew and Viega’s Galois/Counter Mode (GCM) In this paper we identify some properties of hash functions based on polynomial evaluation that arise from the underlying algebraic structure As a result we are able to describe a general forgery attack, of which Saarinen’s cycling attack from FSE 2012 is a special case Our attack removes the requirement for long messages and applies regardless of the field in which the hash function is evaluated Furthermore we provide a common description of all published attacks against GCM, by showing that the existing attacks are the result of these algebraic properties of the polynomial-based hash function Finally, we greatly expand the number of known weak GCM keys and show that almost every subset of the keyspace is a weak key class

On Leakage-Resilient Authenticated Encryption with Decryption Leakages

Abstract: At CCS 2015, Pereira et al. introduced a pragmatic model enabling the study of leakage-resilient symmetric cryptographic primitives based on the minimal use of a leak-free component. This model was recently used to prove the good integrity and confidentiality properties of an authenticated encryption scheme called DTE when the adversary is only given encryption leakages. In this paper, we extend this work by analyzing the case where decryption leakages are also available. We first exhibit attacks exploiting such leakages against the integrity of DTE (and variants) and show how to mitigate them. We then consider message confidentiality in a context where an adversary can observe decryption leakages but not the corresponding messages. The latter is motivated by applications such as secure bootloading and bitstream decryption. We finally formalize the confidentiality requirements that can be achieved in this case and propose a new construction satisfying them, while providing integrity properties with leakage that are as good as those of DTE.

Fast Message Franking: From Invisible Salamanders to Encryptment

Abstract: Message franking enables cryptographically verifiable reporting of abusive messages in end-to-end encrypted messaging. Grubbs, Lu, and Ristenpart recently formalized the needed underlying primitive, what they call compactly committing authenticated encryption (AE), and analyze security of a number of approaches. But all known secure schemes are still slow compared to the fastest standard AE schemes. For this reason Facebook Messenger uses AES-GCM for franking of attachments such as images or videos.