### Authenticated Encryption Mode IAPM using SHA-3's Public Random Permutation

Charanjit S. Jutla

##### Abstract

We study instantiating the random permutation of the block-cipher mode of operation IAPM (Integrity-Aware Parallelizable Mode) with the public random permutation of Keccak, on which the draft standard SHA-3 is built. IAPM and the related mode OCB are single-pass highly parallelizable authenticated-encryption modes, and while they were originally proven secure in the private random permutation model, Kurosawa has shown that they are also secure in the public random permutation model assuming the whitening keys are uniformly chosen with double the usual entropy. In this paper, we show a general composability result that shows that the whitening key can be obtained from the usual entropy source by a key-derivation function which is itself built on Keccak. We stress that this does not follow directly from the usual indifferentiability of key-derivation function constructions from Random Oracles. We also show that a simple and general construction, again employing Keccak, can also be used to make the IAPM scheme key-dependent-message secure. Finally, implementations on modern AMD-64 architecture supporting 128-bit SIMD instructions, and not supporting the native AES instructions, show that IAPM with Keccak runs three times faster than IAPM with AES.

Available format(s)
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
csjutla @ us ibm com
History
Short URL
https://ia.cr/2018/128

CC BY

BibTeX

@misc{cryptoeprint:2018/128,
author = {Charanjit S.  Jutla},
title = {Authenticated Encryption Mode IAPM using SHA-3's Public Random Permutation},
howpublished = {Cryptology ePrint Archive, Paper 2018/128},
year = {2018},
note = {\url{https://eprint.iacr.org/2018/128}},
url = {https://eprint.iacr.org/2018/128}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.