Cryptology ePrint Archive: Report 2017/231

EHE: nonce misuse-resistant message authentication

Sergey Agievich

Abstract: We propose a nonce misuse-resistant message authentication scheme called EHE (Encrypt-Hash-Encrypt). In EHE, a message-dependent polynomial is evaluated at the point which is an encrypted nonce. The resulting polynomial hash value is encrypted again and becomes an authentication tag. We prove the prf-security of the EHE scheme and extend it to two authenticated encryption modes which follow the "encrypt-then-authenticate" paradigm.

Category / Keywords: secret-key cryptography / message authentication, authenticated encryption, polynomial hashing, prf-security

Original Publication (with minor differences): Prikl. Discr. Mat. 39 (2018), pp. 33-41

Date: received 7 Mar 2017, last revised 16 Mar 2020

Contact author: agievich at bsu by

Available format(s): PDF | BibTeX Citation

Note: Fixed bounds on advantages in Theorems 1--4.

Version: 20200316:153015 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]