Cryptology ePrint Archive: Report 2013/269
CMCC: Misuse Resistant Authenticated Encryption with Minimal Ciphertext Expansion
Abstract: In some wireless environments, minimizing the size of messages is paramount due to the resulting significant energy savings. We present CCS which is a new family of tweakable enciphering schemes (TES). The main focus for this work is minimizing ciphertext expansion, especially for short messages including plaintext lengths less than the underlying block cipher length (e.g., 16 bytes). CMCC is an instantiation of the scheme providing misuse resistant authenticated
encryption with associated data (AEAD), and it leverages existing modes such as CBC, Counter, and CMAC. Our work can be viewed as extending the line of work starting with [HR03] on TES's to plaintext sizes smaller than the block cipher block length which is a problem
posed in [Hal04]. To the best of our knowledge, CCS is the first scheme that achieves CCA2 security with only 2-3 bytes of ciphertext expansion (for the message number), for a full range of message sizes. Since changes to the ciphertext randomize the plaintext, we can leverage the protocol checks in higher layer protocols as additional authentication bits allowing us to reduce the length of the authentication tag. For protocols that send short messages, our scheme is similar to Counter with CBC-MAC (CCM) for computation but has much shorter messages. We prove CCA2 security and misuse resistant authenticated encryption (MRAE) security for different variants of CMCC. Our contributions include both stateless and stateful versions which enable minimal sized message numbers using different network related trade-offs.
Category / Keywords: Private key CCA2 encryption, energy constrained cryptography, authenticated encryption
Publication Info: Has not been published elsewhere
Date: received 11 May 2013, last revised 29 Jun 2014
Contact author: jon49175 at yahoo com
Available format(s): PDF | BibTeX Citation
Note: Revised version.
Version: 20140630:020359 (All versions of this report)
Short URL: ia.cr/2013/269
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]