Cryptology ePrint Archive: Report 2017/231

EHE: nonce misuse-resistant message authentication

Sergey Agievich

Abstract: We propose a nonce misuse-resistant message authentication scheme called EHE (Encrypt-Hash-Encrypt). In EHE, a message-dependent polynomial is evaluated at the point which is an encrypted nonce. The resulting polynomial hash value is encrypted again and becomes an authentication tag. We prove the prf-security of the EHE scheme and extend it to two authenticated encryption modes which follow the "encrypt-then-authenticate" paradigm.

Category / Keywords: secret-key cryptography / message authentication, authenticated encryption, polynomial hashing, prf-security

Original Publication (with minor differences): Prikl. Discr. Mat. 39 (2018), pp. 33-41
DOI:
10.17223/20710410/39/3

Date: received 7 Mar 2017, last revised 7 Sep 2019

Contact author: agievich at bsu by

Available format(s): PDF | BibTeX Citation

Note: Fixed bounds on advantages providing small-order terms, -= typos, ++editorial.

Version: 20190907:111216 (All versions of this report)

Short URL: ia.cr/2017/231


[ Cryptology ePrint archive ]