Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.

AES-GCM and AEGIS: Efficient and High Speed Hardware Implementations

Abstract: Authenticated Encryption (AE) is a block cipher mode of operation which provides confidentiality and integrity simultaneously. In terms of the hardware implementation, it produces smaller area compared to two separated algorithms. Therefore, it has become popular and a number of modes have been proposed. This paper presents two efficient hardware implementations for AE schemes, AES-GCM and AEGIS. In terms of AES-GCM, the performance of the system is always determined by the Galois Hash (GHASH) architecture because of the inherent computation feedback. This paper introduces an efficient method for implementing the pipelined Karatsuba Ofman Algorithm (KOA)-based GHASH on FPGAs. In particular, the computation feedback is removed by analyzing the complexity of the computation process. In addition, an efficient AEGIS is also implemented using only five AES rounds. The proposed architectures are evaluated with three different implementations of AES SubBytes (BRAMs-based SubBytes, composite field-based SubBytes, and LUT-based SubBytes) to increase the flexibility of the presented work. The presented architectures are implemented using Xilinx Virtex-5 FPGAs. Our comparison to previous work reveals that our architectures are more performance-efficient (Throughput/Slices).

An Improved Signcryption Scheme and Its Variation

Abstract: Signcryption is a new cryptographic primitive which simultaneously provides both confidentiality and authenticity. This paper proposes an improved signcryption scheme and a variant scheme providing message recovery. The first scheme is revised from an authenticated encryption scheme which has been found to have a security-flaw. Our scheme solves the security-flaw and provides an additional property called the public verifiability of the signature. The second scheme is a message recovery type. It surpasses most of the current signcryption schemes on the size of the signcrypted ciphertext. That is, in our second scheme, we require only two parameters, (r, s), with r epsi Zp and s epsi Z q while most signcryption schemes require three parameters (c, r, s) with the additional parameter c epsi Zp. This second scheme is modified from an authenticated encryption scheme with message recovery and surpasses the based authenticated encryption scheme on the property of non-repudiation of the origin

Efficient and side-channel resistant authenticated encryption of FPGA bitstreams

Abstract: State-of-the-art solutions for FPGA bitstream protection rely on encryption and authentication of the bitstream to both ensure its confidentiality, thwarting unauthorized copying and reverse engineering, and prevent its unauthorized modification, maintaining a root of trust in the field. Adequate protection of the FPGA bitstream is of paramount importance to sustain the central functionality of dynamic reconfiguration in a hostile environment. In this work, we propose a new solution for authenticated encryption (AE) tailored for FPGA bitstream protection. It is based on the recent proposal presented at DIAC'12: the AES-based authenticated encryption scheme ALE. Our comparison to existing AES-based schemes reveals that ALE is at least twice more resource-efficient than the best AE modes of operation instantiated with AES. In the view of the recent successful side-channel attacks on Xilinx Virtex bitstream encryption, we investigate the possibility for side-channel resistant implementations of all these AES-based AE algorithms using state-of-the-art threshold masking techniques. Also in this side-channel resistant setting, the protected ALE design is about twice more resource-efficient than the best AE modes of operation with the same countermeasure. We conclude that the deployment of dedicated AE schemes such as ALE significantly facilitates the real-world efficiency and security of FPGA bitstream protection in practice: Not only our solution enables authenticated encryption for bitstream on low-cost FPGAs but it also aims to mitigate physical attacks which have been lately shown to undermine the security of the bitstream protection mechanisms in the field.

Forking a Blockcipher for Authenticated Encryption of Very Short Messages.

Abstract: Highly efficient encryption and authentication of short messages has been identified as an essential requirement for enabling security in constrained computation and communication scenarios such as the CAN FD in automotive systems (with maximum message length of 64 bytes), massive IoT and critical communication domains of 5G, and Narrowband IoT (NB-IoT), to mention some. Accordingly, NIST has specified, as a design requirement in the lightweight cryptography project, that AEAD submissions shall be “optimized to be efficient for short messages (e.g., as short as 8 bytes)”. We propose AEAD schemes that exceed in efficiency over all previous general-purpose modular AEAD designs at processing (very) short inputs. The main ingredient in our solution is a new low-level primitive, called a tweakable forkcipher, which we introduce and formalize in this paper. We give an instance of the tweakable forkcipher and dub it ForkAES. It is based on the tweakable blockcipher KIASU, which relies on the round function of AES and uses the TWEAKEY framework to derive round keys from a 128-bit secret key and a 64-bit tweak. Finally, we demonstrate the applicability of a tweakable forkcipher by designing several provablysecure nonce-based AEAD modes of operation, optimized to be efficient for short messages. Considering the AES block size (16 bytes) as a reference, our new AE schemes can beat all known schemes for single-block messages while still performing better than majority of the existing schemes for combined message and associated data lengths up to 4 blocks. While ForkAES as a concrete instantiation for a forkcipher is based on KIASU, we note that our solution provides a general recipe for lightweight AEAD for short messages, even for very resource-constrained scenarios in which AES may not be considered a lightweight option. In those environments, our schemes can be instantiated using a forkcipher that is realized based on the best off-the-shelf lightweight blockcipher, following the TWEAKEY framework.

Unconditionally secure authenticated encryption

Abstract: In this paper, we formally define and analyze the security notions of authenticated encryption in unconditional security setting. For confidentiality, we define the notions, APS (almost perfect secrecy) and NM (non-malleability), in terms of an information-theoretic viewpoint along with our model where multiple senders and receivers exist. For authenticity, we define the notions, IntC (integrity of ciphertexts) and IntP (integrity of plaintexts), from a view point of information theory. And then we combine the above notions to define the security notions of unconditionally secure authenticated encryption. Then, we analyze relations among the security notions. In particular, it is shown that the strongest security notion is the combined notion of APS and IntC. Finally, we formally define and analyze the following generic composition methods in the unconditional security setting along with our model: Encrypt-and-Sign, Sign-then-Encrypt and Encrypt-then-Sign. Consequently, it is shown that: the Encrypt-and-Sign composition method is not always secure; the Sign-then-Encrypt composition method is not always secure; and the Encrypt-then-Sign composition method is always secure, if a given encryption meets APS and a given signature is secure. key words: unconditional security, encryption, authenticated encryption, signcryption