Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.

Identity-based deniable authenticated encryption and its application to e-mail system

Abstract: An authenticated encryption (AE) scheme simultaneously achieves two security goals: confidentiality and authenticity. AE can be divided into symmetric AE and asymmetrical (public key) AE. In a symmetric AE scheme, deniability is gained automatically. However, a public key AE scheme can not gain deniability automatically; on the contrary, it provides non-repudiation. In this paper, we address a question on deniability of public key AE. Of course, we can achieve this goal by "deniable authentication followed by encryption" method. However, such method has the following two weaknesses: (1) the computational cost and communication overhead are the sum of two cryptographic primitives; (2) it is complex to design cryptographic protocols with deniable authentication and confidentiality using two cryptographic primitives. To overcome the two weaknesses, we propose a new concept called deniable authenticated encryption (DAE) that can achieve both the functions of deniable authentication and public key encryption simultaneously, at a cost significantly lower than that required by the "deniable authentication followed by encryption" method. This single cryptographic primitive can simplify the design of cryptographic protocols with deniable authentication and confidentiality. In particular, we construct an identity-based deniable authenticated encryption (IBDAE) scheme. Our construction uses tag-key encapsulation mechanism (KEM) and data encapsulation mechanism (DEM) hybrid techniques, which is more practical for true applications. We show how to construct an IBDAE scheme using an identity-based deniable authenticated tag-KEM (IBDATK) and a DEM. We also propose an IBDATK scheme and prove its security in the random oracle model. For typical security level, our scheme is at least 50.7 and 22.7 % faster than two straightforward "deniable authentication followed by encryption" schemes, respectively. The communication overhead is respectively reduced at least 21.3 and 31.1 %. An application of IBDAE to an e-mail system is described.

McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes

Abstract: On-Line Authenticated Encryption (OAE) combines privacy with data integrity and is on-line computable. Most block-cipher-based schemes for Authenticated Encryption can be run on-line and are provably secure against nonce-respecting adversaries. But they fail badly for more general adversaries. This is not a theoretical observation only – in practice, the reuse of nonces is a frequent issue. In recent years, cryptographers developed misuse-resistant schemes for Authenticated Encryption. These guarantee excellent security even against general adversaries which are allowed to reuse nonces. But they can not perfom on-line encryption. This work introduces a new family of OAE schemes –called McOE– dealing both with noncerespecting and with general adversaries. Furthermore, we present two block-cipher-based family members, i.e., McOE-X and McOE-G. In contrast to other published OAE, they provably guarantee reasonable security against general adversaries as well as standard security against noncerespecting adversaries.

A weakness in authenticated encryption schemes based on Tseng et al.'s schemes

Abstract: Tseng et al. have introduced in 2003 an authenticated encryption scheme by using self-certified public keys. Based on this scheme several authors have proposed new signature schemes avoiding some attacks against the original proposal. In this paper we show that there is a weakness on all these schemes affecting both the authentication of the signer’s public key and the own security of the system. We propose a slight but necessary modification to these schemes in order to avoid that weakness.

Differential Fault Analysis on Tiaoxin and AEGIS Family of Ciphers

Abstract: Tiaoxin and AEGIS are two second round candidates of the ongoing CAESAR competition for authenticated encryption. In 2014, Brice Minaud proposed a distinguisher for AEGIS-256 that can be used to recover bits of a partially known message, encrypted \(2^{188}\) times, regardless of the keys used. Also he reported a correlation between AEGIS-128 ciphertexts at rounds i and \(i + 2\), although the biases would require \(2^{140}\) data to be detected. Apart from that, to the best of our knowledge, there is no known cryptanalysis of AEGIS or Tiaoxin. In this paper we propose differential fault analyses of Tiaoxin and AEGIS family of ciphers in a nonce reuse setting. Analysis shows that the secret key of Tiaoxin can be recovered with 384 single bit faults and the states of AEGIS-128, AEGIS-256 and AEGIS-128L can be recovered respectively with 384, 512 and 512 single bit faults. Considering multi byte fault, the number of required faults and re-keying reduces 128 times.

Energy and Area Costs of Lightweight Cryptographic Algorithms for Authenticated Encryption in WSN

Abstract: Wireless Sensor Networks (WSN) aim at linking the cyber and physical worlds. Their security has taken relevance due to the sensitive data these networks might process under unprotected physical and cybernetic environments. The operational constraints in the sensor nodes demand security primitives with small implementation size and low power consumption. Authenticated encryption is a mechanism to provide these systems with confidentiality, integrity, and authentication of sensitive data. In this paper we explore hardware implementation alternatives of authenticated encryption through generic compositions, to assess the costs of this security approach in WSN. Two symmetric ciphers, AES and P RESENT, and two hash functions, SHA and SPONGENT, are used as the underlying primitives for the generic compositions. All the architectures studied in this work are implemented and evaluated in an FPGA-based WSN mote. The life time of the sensor node is used as the main evaluation metric but FPGA resources are also reported. From the experimental results obtained, it is shown how lightweight ciphers significantly contribute to reduce implementation area and energy consumption overheads, extending the lifetime of the sensor node.