Paper 2011/499
Duplexing the sponge: single-pass authenticated encryption and other applications
Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche
Abstract
This paper proposes a novel construction, called duplex, closely related to the sponge construction, that accepts message blocks to be hashed and, at no extra cost, provides digests on the input blocks received so far. It can be proven equivalent to a cascade of sponge functions and hence inherits its security against single-stage generic attacks. The main application proposed here is an authenticated encryption mode based on the duplex construction. This mode is efficient, namely, enciphering and authenticating together require only a single call to the underlying permutation per block, and is readily usable in, e.g., key wrapping. Furthermore, it is the first mode of this kind to be directly based on a permutation instead of a block cipher and to natively support intermediate tags. The duplex construction can be used to efficiently realize other modes, such as a reseedable pseudo-random bit sequence generators and a sponge variant that overwrites part of the state with the input block rather than to XOR it in.
Metadata
- Available format(s)
-
PDF
- Category
- Foundations
- Publication info
- Published elsewhere. Extended version of the paper to appear in SAC 2011
- Keywords
- sponge functionsduplex constructionauthenticated encryptionkey wrappingprovable securitypseudo-random bit sequence generatorKeccak
- Contact author(s)
- gilles vanassche @ st com
- History
- 2011-09-18: received
- Short URL
- https://ia.cr/2011/499
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2011/499,
author = {Guido Bertoni and Joan Daemen and Michaël Peeters and Gilles Van Assche},
title = {Duplexing the sponge: single-pass authenticated encryption and other applications},
howpublished = {Cryptology {ePrint} Archive, Paper 2011/499},
year = {2011},
url = {https://eprint.iacr.org/2011/499}
}
