scispace - formally typeset
Search or ask a question
Topic

Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.


Papers
More filters
Journal ArticleDOI
TL;DR: A practical generalized signcryption scheme ECGSC, which will seamlessly switch to the Elliptic Curve Digital Signature Algorithm or a provable secure asymmetric encryption scheme when recipient's keys or sender's keys are absent, and saves 9–14% communication costs in the signc encryption mode.
Abstract: Traditional signcryption is not feasible for some information security scenarios, though it is a new cryptographic primitive that simultaneously fulfills both the functions of signature and encryption. Generalized signcryption is an adaptive primitive which achieves both secrecy and authenticity or provides them respectively by a generic structure. The notions related to generalized signcryption such as syntax, correctness, and security are proposed in the paper. A practical generalized signcryption scheme ECGSC is evaluated carefully also. The formal proofs for the unforgeability and confidentiality of ECGSC in the Random Oracle model are provided. To give a solution for multiple user settings, an efficient multicast scheme is also designed. ECGSC will seamlessly switch to the Elliptic Curve Digital Signature Algorithm (ECDSA) or a provable secure asymmetric encryption scheme when recipient's keys or sender's keys are absent. Compared with other schemes, it saves 9–14% communication costs in the signcryption mode. It also saves 78–82% computational costs. Copyright © 2007 John Wiley & Sons, Ltd.

23 citations

Patent
10 Jul 2007
TL;DR: In this article, the authors proposed a method of authenticated encryption by concatenating a first user-datum with a second datum and a third datum, encrypting the results, concatenated the encrypted results and transmitting the result to a recipient.
Abstract: A device for and method of authenticated encryption by concatenating a first user-datum with a second datum, concatenating the first datum with a third datum, encrypting the results, concatenating the encrypted results, concatenating the result with a message and a fifth user-definable datum, hashing the result, concatenating the result with the message, dividing the result into blocks, concatenating the first datum with a sixth datum, generating key-stream blocks from the result using a block cipher in counter mode, combining the blocks and key-stream blocks, concatenating the result with the first datum and the fifth datum, and transmitting the result to a recipient. The recipient extracts the hash value from the received ciphertext, generates a hash value from the first through fifth datums and plaintext derived from the ciphertext, and compares the two. If they match then the plaintext and fifth datum are as the sender intended.

23 citations

Posted Content
TL;DR: A new primitive for identity-concealed authenticated encryption in the public-key setting, referred to as higncryption, is introduced, which can be viewed as a novel monolithic integration of public- key encryption, digital signature, and identity concealment, and a security definitional framework is proposed.
Abstract: Identity concealment and zero-round trip time (0-RTT) connection are two of current research focuses in the design and analysis of secure transport protocols, like TLS1.3 and Google's QUIC, in the client-server setting. In this work, we introduce a new primitive for identity-concealed authenticated encryption in the public-key setting, referred to as higncryption, which can be viewed as a novel monolithic integration of public-key encryption, digital signature, and identity concealment. We then present the security definitional framework for higncryption, and a conceptually simple (yet carefully designed) protocol construction. As a new primitive, higncryption can have many applications. In this work, we focus on its applications to 0-RTT authentication, showing higncryption is well suitable to and compatible with QUIC and OPTLS, and on its applications to identity-concealed authenticated key exchange (CAKE) and unilateral CAKE (UCAKE). Of independent interest is a new concise security definitional framework for CAKE and UCAKE proposed in this work, which unifies the traditional BR and (post-ID) frameworks, enjoys composability, and ensures very strong security guarantee. Along the way, we make a systematically comparative study with related protocols and mechanisms including Zheng's signcryption, one-pass HMQV, QUIC, TLS1.3 and OPTLS, most of which are widely standardized or in use.

23 citations

Book ChapterDOI
07 Jul 2014
TL;DR: A new online secure authenticated encryption, called ELmE or Encrypt-Linear mix-Encrypt, which is completely (two-stage) parallel (even in associated data) and pipeline implementable and provides full privacy when associated data is not repeated.
Abstract: The authenticated encryptions which resist misuse of initial value (or nonce) at some desired level of privacy are two-pass or Mac-then-Encrypt constructions (inherently inefficient but provide full privacy) and online constructions, e.g., McOE, sponge-type authenticated encryptions (such as duplex) and COPA. Only the last one is almost parallelizable with some bottleneck in processing associated data. In this paper, we design a new online secure authenticated encryption, called ELmE or Encrypt-Linear mix-Encrypt, which is completely (two-stage) parallel (even in associated data) and pipeline implementable. It also provides full privacy when associated data (which includes initial value) is not repeated. The basic idea of our construction is based on EME, an Encrypt-Mix-Encrypt type SPRP constructions (secure against chosen plaintext and ciphertext). But unlike EME, we have used an online computable efficient linear mixing instead of a non-linear mixing. Our construction optionally supports intermediate tags which can be verified faster with less buffer size. Intermediate tag provides security against block-wise adversaries which is meaningful in low-end device implementation.

23 citations

Patent
Thomas Cordella1, John Profumo1
28 Jun 2012
TL;DR: In this paper, the contents of a memory are authenticated using redundant encryption by comparing the plaintext generated by decrypting the cipher text and the authentication tag, and the matching results indicate the data was not corrupted or modified during storage in the memory.
Abstract: Contents of a memory may be authenticated using redundant encryption. In some examples, data to be stored by a memory is encrypted with two unique encryption keys—a first encryption key is used generate a cipher text and a second encryption key (different than the first encryption key) is used to generate an authentication tag. The cipher text and authentication tag are stored by the memory. At a later time, the cipher text and authentication tag may be retrieved from the memory and decrypted using the respective encryption keys. After decrypting the cipher text and the authentication tag, the data retrieved from the memory may be authenticated by comparing the plaintext generated by decrypting the cipher text and with the plaintext generated by decrypting the authentication tag. A match between the plaintext indicates the data was not corrupted or modified during storage in the memory.

22 citations


Network Information
Related Topics (5)
Public-key cryptography
27.2K papers, 547.7K citations
90% related
Cryptography
37.3K papers, 854.5K citations
89% related
Encryption
98.3K papers, 1.4M citations
86% related
Hash function
31.5K papers, 538.5K citations
84% related
Authentication
74.7K papers, 867.1K citations
83% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202319
202252
202167
2020109
2019111
201897