Paper 2014/157

CLOC: Authenticated Encryption for Short Input

Tetsu Iwata, Kazuhiko Minematsu, Jian Guo, and Sumio Morioka


We define and analyze the security of a blockcipher mode of operation, CLOC, for provably secure authenticated encryption with associated data. The design of CLOC aims at optimizing previous schemes, CCM, EAX, and EAX-prime, in terms of the implementation overhead beyond the blockcipher, the precomputation complexity, and the memory requirement. With these features, CLOC is suitable for handling short input data, say 16 bytes, without needing precomputation nor large memory. This property is especially beneficial to small microprocessors, where the word size is typically 8 bits or 16 bits, and there are significant restrictions in the size and the number of registers. CLOC uses a variant of CFB mode in its encryption part and a variant of CBC MAC in the authentication part. We introduce various design techniques in order to achieve the above mentioned design goals. We prove CLOC secure, in a reduction-based provable security paradigm, under the assumption that the blockcipher is a pseudorandom permutation. We also present our preliminary implementation results.

Note: A preliminary version of this paper appears in the pre-proceedings of FSE 2014. This is the full version.

Available format(s)
Secret-key cryptography
Publication info
A major revision of an IACR publication in FSE 2014
CLOCblockciphersecurity analysisefficiency analysis.
Contact author(s)
iwata @ cse nagoya-u ac jp
2014-03-01: received
Short URL
Creative Commons Attribution


      author = {Tetsu Iwata and Kazuhiko Minematsu and Jian Guo and Sumio Morioka},
      title = {CLOC: Authenticated Encryption for Short Input},
      howpublished = {Cryptology ePrint Archive, Paper 2014/157},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.