Cryptology ePrint Archive: Report 2015/738

Authenticated Encryption without Tag Expansion (or, How to Accelerate AERO)

Kazuhiko Minematsu

Abstract: Standard form of authenticated encryption (AE) requires the ciphertext to be expanded by the nonce and the authentication tag. These expansions can be problematic when messages are relatively short and communication cost is high. This paper studies a form of AE scheme whose ciphertext is only expanded by nonce, with the help of stateful receiver which also enables detection of replays. While there is a scheme having this feature, called AERO, proposed by McGrew and Foley, there is no formal treatment based on the provable security framework.

We propose a provable security framework for such AE schemes, which we call MiniAE, and show several secure schemes using standard symmetric crypto primitives. Most notably, one of our schemes has a similar structure as OCB mode of operation and uses only one blockcipher call to process one input block, thus the computation cost is comparable to the nonce-based encryption-only schemes.

Category / Keywords: secret-key cryptography / Authenticated Encryption, Stateful Decryption, Provable Security, AERO, OCB

Date: received 23 Jul 2015

Contact author: k-minematsu at ah jp nec com

Available format(s): PDF | BibTeX Citation

Version: 20150724:124742 (All versions of this report)

Short URL: ia.cr/2015/738

Discussion forum: Show discussion | Start new discussion