Cryptology ePrint Archive: Report 2013/628
Parallelizable Rate-1 Authenticated Encryption from Pseudorandom Functions
Abstract: This paper proposes a new scheme for authenticated encryption (AE) which is typically realized as a blockcipher mode of operation.
The proposed scheme has attractive features for fast and compact operation.
When it is realized with a blockcipher, it requires one blockcipher call to process one input block (i.e. rate-1), and uses the encryption function of the blockcipher for both encryption and decryption.
Moreover, the scheme enables one-pass, parallel operation under two-block partition.
The proposed scheme thus attains similar characteristics as the seminal OCB mode, without using the inverse blockcipher.
The key idea of our proposal is a novel usage of two-round Feistel permutation, where the round functions are derived from the theory of tweakable blockcipher.
We also provide basic software results, and describe some ideas on using a non-invertible primitive, such as a keyed hash function.
Category / Keywords: Authenticated Encryption, Blockcipher Mode, Pseudorandom Function, OCB
Original Publication (with major differences): IACR-EUROCRYPT-2014
Date: received 30 Sep 2013, last revised 4 Apr 2016
Contact author: k-minematsu at ah jp nec com
Available format(s): PDF | BibTeX Citation
Note: Revised specification for masking constants, reflecting Bost and Sanders's report (eprint 2016/234).
Version: 20160404:102535 (All versions of this report)
Short URL: ia.cr/2013/628
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]