eprint.iacr.org will be offline for approximately an hour for routine maintenance again at 10pm UTC on Wednesday, April 17.

Paper 2013/790

Parallelizable and Authenticated Online Ciphers

Elena Andreeva, Andrey Bogdanov, Atul Luykx, Bart Mennink, Elmar Tischhauser, and Kan Yasuda


Online ciphers encrypt an arbitrary number of plaintext blocks and output ciphertext blocks which only depend on the preceding plaintext blocks. All online ciphers proposed so far are essentially serial, which significantly limits their performance on parallel architectures such as modern general-purpose CPUs or dedicated hardware. We propose the first parallelizable online cipher, COPE. It performs two calls to the underlying block cipher per plaintext block and is fully parallelizable in both encryption and decryption. COPE is proven secure against chosen-plaintext attacks assuming the underlying block cipher is a strong PRP. We then extend COPE to create COPA, the first parallelizable, online authenticated cipher with nonce-misuse resistance. COPA only requires two extra block cipher calls to provide integrity. The privacy and integrity of the scheme is proven secure assuming the underlying block cipher is a strong PRP. Our implementation with Intel AES-NI on a Sandy Bridge CPU architecture shows that both COPE and COPA are about \textit{5 times faster} than their closest competition: TC1, TC3, and McOE-G. This high factor of advantage emphasizes the paramount role of parallelizability on up-to-date computing platforms.

Available format(s)
Secret-key cryptography
Publication info
A major revision of an IACR publication in ASIACRYPT 2013
Block ciphertweakable cipheronline cipherauthenticated encryptionnonce-misuse resistanceparallelizabilityAES
Contact author(s)
atul luykx @ esat kuleuven be
2013-11-30: received
Short URL
Creative Commons Attribution


      author = {Elena Andreeva and Andrey Bogdanov and Atul Luykx and Bart Mennink and Elmar Tischhauser and Kan Yasuda},
      title = {Parallelizable and Authenticated Online Ciphers},
      howpublished = {Cryptology ePrint Archive, Paper 2013/790},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/790}},
      url = {https://eprint.iacr.org/2013/790}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.