In Jutla's proposal (as well as in some of the other proposals), the masks themselves are derived from an IV via the same block cipher as used for the encryption (perhaps with a different key). In this work we note, however, that the function for deriving these masks need not be cryptographic at all. In particular, we prove that a universal hash function (a-la-Carter-Wegman) is sufficient for this purpose.
Category / Keywords: secret-key cryptography / block ciphers, modes of operation Date: received 22 Feb 2001, last revised 2 Apr 2001 Contact author: shaih at watson ibm com Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation Version: 20010402:162725 (All versions of this report) Short URL: ia.cr/2001/015