Cryptology ePrint Archive: Report 2000/039
Encryption Modes with Almost Free Message Integrity
Charanjit S. Jutla
Abstract: We define a new mode of operation for block encryption which in
addition to assuring confidentiality also assures message integrity.
In contrast, previously for message integrity a separate pass was
required to compute a cryptographic message authentication code (MAC).
The new mode of operation, called Integrity Aware CBC (IACBC),
requires a total of m + log m block encryptions on a plaintext of
length m blocks. The well known CBC (cipher block chaining) mode
requires m block encryptions. The second pass of computing the MAC
essentially requires additional m block encryptions. We also show a
lower bound of \Omega(log m) additional block encryptions for any
reasonably modeled (linear) scheme which assures message integrity
along with confidentiality.
Category / Keywords: secret-key cryptography / Block cipher, CBC, authentication, MAC, modes of operation
Original Publication (with minor differences): Journal of Cryptology
Date: received 1 Aug 2000, last revised 1 Sep 2016
Contact author: csjutla at us ibm com
Available format(s): PDF | BibTeX Citation
Note: This version corrects a gap in the proof of Theorem 2 published in the Journal of Cryptology.
Version: 20160901:191215 (All versions of this report)
Short URL: ia.cr/2000/039
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]