Paper 2011/644

McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes

Ewan Fleischmann, Christian Forler, Stefan Lucks, and Jakob Wenzel


On-Line Authenticated Encryption (OAE) combines privacy with data integrity and is on-line computable. Most block cipher-based schemes for Authenticated Encryption can be run on-line and are provably secure against nonce-respecting adversaries. But they fail badly for more general adversaries. This is not a theoretical observation only --~in practice, the reuse of nonces is a frequent issue. In recent years, cryptographers developed misuse resistant schemes for Authenticated Encryption. These guarantee excellent security even against general adversaries which are allowed to reuse nonces. Their disadvantage is that encryption can be performed in an off-line way, only. This paper introduces a new family of OAE schemes --called McOE -- dealing both with nonce-respecting and with general adversaries. Furthermore, we present two family members, i.e., McOE-X and McOE-G. They are based on a 'simple' block cipher. In contrast to every other OAE scheme known in literature, they provably guarantee reasonable security against general adversaries as well as standard security against nonce-respecting adversaries.

Available format(s)
Secret-key cryptography
Publication info
A minor revision of an IACR publication in FSE 2012
authenticated encryptiononline encryptionprovable securitymisuse resistant
Contact author(s)
christian forler @ uni-weimar de
2013-12-13: last of 12 revisions
2011-11-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ewan Fleischmann and Christian Forler and Stefan Lucks and Jakob Wenzel},
      title = {McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes},
      howpublished = {Cryptology ePrint Archive, Paper 2011/644},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.