Paper 2016/534
Damaging, Simplifying, and Salvaging p-OMD
Tomer Ashur and Bart Mennink
Abstract
One of the submissions to the CAESAR competition for the design of a new authenticated encryption scheme is Offset Merkle-Damgård (OMD). At FSE 2015, Reyhanitabar et al. introduced p-OMD, an improvement of OMD that processes the associated data almost for free. As an extra benefit, p-OMD was claimed to offer integrity against nonce-misusing adversaries, a property that OMD does not have. In this work we show how a nonce-misusing adversary can forge a message for the original p-OMD using only 3 queries (including the forgery). As a second contribution, we generalize and simplify p-OMD. This is done via the introduction of the authenticated encryption scheme Spoed. The most important difference is the usage of a generalized padding function GPAD, which neatly eliminates the need for a case distinction in the design specification and therewith allows for a significantly shorter description of the scheme and a better security bound. Finally, we introduce the authenticated encryption scheme Spoednic, a variant of Spoed providing authenticity against a nonce-misusing adversary at a modest price.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Minor revision. ISC 2016
- Keywords
- Authenticated encryptionCAESARp-OMDnonce-misuseforgerysimplification
- Contact author(s)
- tashur @ esat kuleuven be
- History
- 2016-05-31: received
- Short URL
- https://ia.cr/2016/534
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2016/534,
author = {Tomer Ashur and Bart Mennink},
title = {Damaging, Simplifying, and Salvaging p-OMD},
howpublished = {Cryptology ePrint Archive, Paper 2016/534},
year = {2016},
note = {\url{https://eprint.iacr.org/2016/534}},
url = {https://eprint.iacr.org/2016/534}
}
