Cryptology ePrint Archive: Report 2013/628

Parallelizable Rate-1 Authenticated Encryption from Pseudorandom Functions

Kazuhiko Minematsu

Abstract: This paper proposes a new scheme for authenticated encryption (AE) which is typically realized as a blockcipher mode of operation. The proposed scheme has attractive features for fast and compact operation. When it is realized with a blockcipher, it requires one blockcipher call to process one input block (i.e. rate-1), and uses the encryption function of the blockcipher for both encryption and decryption. Moreover, the scheme enables one-pass, parallel operation under two-block partition. The proposed scheme thus attains similar characteristics as the seminal OCB mode, without using the inverse blockcipher. The key idea of our proposal is a novel usage of two-round Feistel permutation, where the round functions are derived from the theory of tweakable blockcipher. We also provide basic software results, and describe some ideas on using a non-invertible primitive, such as a keyed hash function.

Category / Keywords: Authenticated Encryption, Blockcipher Mode, Pseudorandom Function, OCB

Original Publication (with major differences): IACR-EUROCRYPT-2014

Date: received 30 Sep 2013, last revised 4 Jun 2017

Contact author: k-minematsu at ah jp nec com

Available format(s): PDF | BibTeX Citation

Note: Added a new variant of OTR (called OTRC) reusing decryption core for AD processing in Appendix D.

Version: 20170605:025700 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]