Paper 2017/231

EHE: nonce misuse-resistant message authentication

Sergey Agievich

Abstract

We propose a nonce misuse-resistant message authentication scheme called EHE (Encrypt-Hash-Encrypt). In EHE, a message-dependent polynomial is evaluated at the point which is an encrypted nonce. The resulting polynomial hash value is encrypted again and becomes an authentication tag. We prove the prf-security of the EHE scheme and extend it to two authenticated encryption modes which follow the "encrypt-then-authenticate" paradigm.

Note: Fixed bounds on advantages in Theorems 1--4.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. Prikl. Discr. Mat. 39 (2018), pp. 33-41
DOI
10.17223/20710410/39/3
Keywords
message authenticationauthenticated encryptionpolynomial hashingprf-security
Contact author(s)
agievich @ bsu by
History
2020-03-16: last of 2 revisions
2017-03-08: received
See all versions
Short URL
https://ia.cr/2017/231
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/231,
      author = {Sergey Agievich},
      title = {EHE: nonce misuse-resistant message authentication},
      howpublished = {Cryptology ePrint Archive, Paper 2017/231},
      year = {2017},
      doi = {10.17223/20710410/39/3},
      note = {\url{https://eprint.iacr.org/2017/231}},
      url = {https://eprint.iacr.org/2017/231}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.