Cryptology ePrint Archive: Report 2000/039

Encryption Modes with Almost Free Message Integrity

Charanjit S. Jutla

Abstract: We define a new mode of operation for block ciphers which in addition to providing confidentiality also ensures message integrity. In contrast, previously for message integrity a separate pass was required to compute a cryptographic message authentication code (MAC). The new mode of operation, called Integrity Aware Parallelizable Mode (IAPM), requires a total of m+1 block cipher evaluations on a plain-text of length m blocks. For comparison, the well known CBC (cipher block chaining) encryption mode requires m block cipher evaluations, and the second pass of computing the CBC-MAC essentially requires additional m+1 block cipher evaluations. As the name suggests, the new mode is also highly parallelizable.

Category / Keywords: secret-key cryptography / Block cipher, CBC, authentication, MAC, modes of operation

Original Publication (with minor differences): Journal of Cryptology

Date: received 1 Aug 2000, last revised 8 Apr 2018

Contact author: csjutla at us ibm com

Available format(s): PDF | BibTeX Citation

Note: The abstract has been changed to reflect the abstract in the published paper (as opposed to the original eprint submission from Aug 2000).

Version: 20180408:142909 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]