Cryptology ePrint Archive: Report 2014/793

Robust Authenticated-Encryption: AEZ and the Problem that it Solves

Viet Tung Hoang and Ted Krovetz and Phillip Rogaway

Abstract: With a scheme for \textit{robust} authenticated-encryption a user can select an arbitrary value $\lambda \ge 0$ and then encrypt a plaintext of any length into a ciphertext that's $\lambda$ characters longer. The scheme must provide all the privacy and authenticity possible for the requested~$\lambda$. We formalize and investigate this idea, and construct a well-optimized solution, AEZ, from the AES round function. Our scheme encrypts strings at almost the same rate as OCB-AES or CTR-AES (on Haswell, AEZ has a peak speed of about 0.7 cpb). To accomplish this we employ an approach we call \textit{prove-then-prune}: prove security and then instantiate with a \textit{scaled-down} primitive (e.g., reducing rounds for blockcipher calls).

Category / Keywords: secret-key cryptography / AEZ, arbitrary-input blockciphers, authenticated encryption, robust AE, misuse resistance, nonce reuse, CAESAR competition, blockcipher modes, provable security, symmetric encryption

Original Publication (with minor differences): IACR-EUROCRYPT-2015

Date: received 4 Oct 2014, last revised 31 Mar 2017

Contact author: hviettung at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20170331:203301 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]