Topic
Authenticated encryption
About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.
Papers published on a yearly basis
Papers
More filters
TL;DR: A universal forgery attack on Araki et al.'s convertible authenticated encryption scheme is shown, and a new convertible authenticatedryption scheme is proposed that simplifies its security assumption on only a public hard problem - the discrete logarithm problem.
Abstract: An authenticated encryption allows the designated recipient to verify the authenticity while recovering the message. To protect the recipient's benefit in case of a later dispute, a convertible authenticated encryption scheme allows the recipient to convert the authenticated encryption into an ordinary signature so that it becomes a publicly verifiable. This paper shows a universal forgery attack on Araki et al.'s convertible authenticated encryption scheme, and proposes a new convertible authenticated encryption scheme. Without using any conventional one-way function, the proposed scheme simplifies its security assumption on only a public hard problem - the discrete logarithm problem.
18 citations
01 Aug 2017
TL;DR: This work applies the cube attack to a reduced round version of ACORN, a candidate cipher design in the CAESAR cryptographic competition, and shows that linear equations relating the initial state of the full version ofACORN can be easily generated.
Abstract: We investigated the application of cube attacks to MORUS, a candidate in the CAESAR competition. We applied the cube attack to a version of MORUS where the initialization phase is reduced from 16 steps to 4. Our analysis shows that the cube attack can successfully recover the secret key of MORUS-640 with a total complexity of about 2^10 for this reduced version, and similarly for MORUS-1280 with complexity 2^9. Additionally, we obtained cubes resulting in distinguishers for 5 steps of the initialization of MORUS- 1280; these can distinguish the cipher output function from a random function with complexity of 2^8. All our attacks are verified experimentally. Currently, the cube attack does not threaten the security of MORUS if the full initialization phase is performed.
18 citations
TL;DR: The requirements of the proposed design and the progress of candidate screening in the CAESAR competition are introduced, and the candidate AE schemes in the final round are classified according to their design structures and encryption modes.
Abstract: The Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) supported by the National Institute of Standards and Technology (NIST) is an ongoing project calling for submissions of authenticated encryption (AE) schemes. The competition itself aims at enhancing both the design of AE schemes and related analysis. The design goal is to pursue new AE schemes that are more secure than advanced encryption standard with Galois/counter mode (AES-GCM) and can simultaneously achieve three design aspects: security, applicability, and robustness. The competition has a total of three rounds and the last round is approaching the end in 2018. In this survey paper, we first introduce the requirements of the proposed design and the progress of candidate screening in the CAESAR competition. Second, the candidate AE schemes in the final round are classified according to their design structures and encryption modes. Third, comprehensive performance and security evaluations are conducted on these candidates. Finally, the research trends of design and analysis of AE for the future are discussed.
18 citations
17 Aug 2016
TL;DR: The concept of internal differential fault analysis which requires only one faulty ciphertext is introduced which is applicable to parallelizable ciphers that use the counter-mode and also presents the first analysis of PAEQ.
Abstract: This work exploits internal differentials within a cipher in the context of Differential Fault Analysis (DFA). This in turn overcomes the nonce barrier which acts as a natural counter-measure against DFA. We introduce the concept of internal differential fault analysis which requires only one faulty ciphertext. In particular, the analysis is applicable to parallelizable ciphers that use the counter-mode. As a proof of concept we develop an internal differential fault attack called Open image in new window on PAEQ which is an AES based parallelizable authenticated cipher presently in the second round of on-going CAESAR competition. The attack is able to uniquely retrieve the key of three versions of full-round PAEQ of key-sizes 64, 80 and 128 bits with complexities of about \(2^{16}\), \(2^{16}\) and \(2^{50}\) respectively. Finally, this work addresses in detail the instance of fault analysis with varying amounts of partial state information and also presents the first analysis of PAEQ.
18 citations
01 Jan 2014
TL;DR: AEZ encrypts by appending to the plaintext a fixed authentication block and then enciphering the resulting string with an arbitrary-input-length blockcipher, this tweaked by the nonce and AD.
Abstract: AEZ encrypts by appending to the plaintext a fixed authentication block and then enciphering the resulting string with an arbitrary-input-length blockcipher, this tweaked by the nonce and AD. The approach results in strong security and usability properties, including nonce-reuse misuse resistance, automatic exploitation of decryption-verified redundancy, and arbitrary, userselectable ciphertext expansion. AEZ is parallelizable and its computational cost is close to that of AES-CTR. On a recent Intel processor (Haswell), our C implementation achieves a peak speed of about 0.7 cpb.
18 citations