Cryptology ePrint Archive: Report 2013/790

Parallelizable and Authenticated Online Ciphers

Elena Andreeva and Andrey Bogdanov and Atul Luykx and Bart Mennink and Elmar Tischhauser and Kan Yasuda

Abstract: Online ciphers encrypt an arbitrary number of plaintext blocks and output ciphertext blocks which only depend on the preceding plaintext blocks. All online ciphers proposed so far are essentially serial, which significantly limits their performance on parallel architectures such as modern general-purpose CPUs or dedicated hardware. We propose the first parallelizable online cipher, COPE. It performs two calls to the underlying block cipher per plaintext block and is fully parallelizable in both encryption and decryption. COPE is proven secure against chosen-plaintext attacks assuming the underlying block cipher is a strong PRP. We then extend COPE to create COPA, the first parallelizable, online authenticated cipher with nonce-misuse resistance. COPA only requires two extra block cipher calls to provide integrity. The privacy and integrity of the scheme is proven secure assuming the underlying block cipher is a strong PRP. Our implementation with Intel AES-NI on a Sandy Bridge CPU architecture shows that both COPE and COPA are about \textit{5 times faster} than their closest competition: TC1, TC3, and McOE-G. This high factor of advantage emphasizes the paramount role of parallelizability on up-to-date computing platforms.

Category / Keywords: secret-key cryptography / Block cipher, tweakable cipher, online cipher, authenticated encryption, nonce-misuse resistance, parallelizability, AES

Original Publication (with major differences): IACR-ASIACRYPT-2013

Date: received 26 Nov 2013

Contact author: atul luykx at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20131130:052454 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]