Paper 2000/039

Encryption Modes with Almost Free Message Integrity

Charanjit S. Jutla

Abstract

We define a new mode of operation for block ciphers which in addition to providing confidentiality also ensures message integrity. In contrast, previously for message integrity a separate pass was required to compute a cryptographic message authentication code (MAC). The new mode of operation, called Integrity Aware Parallelizable Mode (IAPM), requires a total of m+1 block cipher evaluations on a plain-text of length m blocks. For comparison, the well known CBC (cipher block chaining) encryption mode requires m block cipher evaluations, and the second pass of computing the CBC-MAC essentially requires additional m+1 block cipher evaluations. As the name suggests, the new mode is also highly parallelizable.

Note: The abstract has been changed to reflect the abstract in the published paper (as opposed to the original eprint submission from Aug 2000).

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. Journal of Cryptology
DOI
10.1007/s00145-008-9024-z
Keywords
Block cipherCBCauthenticationMACmodes of operation
Contact author(s)
csjutla @ us ibm com
History
2018-04-08: last of 2 revisions
2000-08-01: received
See all versions
Short URL
https://ia.cr/2000/039
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2000/039,
      author = {Charanjit S.  Jutla},
      title = {Encryption Modes with Almost Free Message Integrity},
      howpublished = {Cryptology ePrint Archive, Paper 2000/039},
      year = {2000},
      doi = {10.1007/s00145-008-9024-z},
      note = {\url{https://eprint.iacr.org/2000/039}},
      url = {https://eprint.iacr.org/2000/039}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.