Cryptology ePrint Archive: Report 2014/793

Robust Authenticated-Encryption: AEZ and the Problem that it Solves

Viet Tung Hoang and Ted Krovetz and Phillip Rogaway

Abstract: With a scheme for \textit{robust} authenticated-encryption a user can select an arbitrary value $\lambda \ge 0$ and then encrypt a plaintext of any length into a ciphertext that's $\lambda$ characters longer. The scheme must provide all the privacy and authenticity possible for the requested~$\lambda$. We formalize and investigate this idea, and construct a well-optimized solution, AEZ, from the AES round function. Our scheme encrypts strings at almost the same rate as OCB-AES or CTR-AES (on Haswell, AEZ has a peak speed of about 0.7 cpb). To accomplish this we employ an approach we call \textit{accelerated} provable security: the scheme is designed and proven secure in the provable-security tradition, but, to improve speed, one instantiates by scaling down most instances of the underlying primitive.

Category / Keywords: secret-key cryptography / AEZ, arbitrary-input blockciphers, authenticated encryption, robust AE, misuse resistance, nonce reuse, CAESAR competition, blockcipher modes, provable security, symmetric encryption

Date: received 4 Oct 2014

Contact author: rogaway at cs ucdavis edu

Available format(s): PDF | BibTeX Citation

Version: 20141010:042248 (All versions of this report)

Short URL: ia.cr/2014/793

Discussion forum: Show discussion | Start new discussion