Paper 2018/128
Authenticated Encryption Mode IAPM using SHA-3's Public Random Permutation
Charanjit S. Jutla
Abstract
We study instantiating the random permutation of the block-cipher mode of operation IAPM (Integrity-Aware Parallelizable Mode) with the public random permutation of Keccak, on which the draft standard SHA-3 is built. IAPM and the related mode OCB are single-pass highly parallelizable authenticated-encryption modes, and while they were originally proven secure in the private random permutation model, Kurosawa has shown that they are also secure in the public random permutation model assuming the whitening keys are uniformly chosen with double the usual entropy. In this paper, we show a general composability result that shows that the whitening key can be obtained from the usual entropy source by a key-derivation function which is itself built on Keccak. We stress that this does not follow directly from the usual indifferentiability of key-derivation function constructions from Random Oracles. We also show that a simple and general construction, again employing Keccak, can also be used to make the IAPM scheme key-dependent-message secure. Finally, implementations on modern AMD-64 architecture supporting 128-bit SIMD instructions, and not supporting the native AES instructions, show that IAPM with Keccak runs three times faster than IAPM with AES.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Preprint. MINOR revision.
- Contact author(s)
- csjutla @ us ibm com
- History
- 2018-02-05: received
- Short URL
- https://ia.cr/2018/128
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/128, author = {Charanjit S. Jutla}, title = {Authenticated Encryption Mode {IAPM} using {SHA}-3's Public Random Permutation}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/128}, year = {2018}, url = {https://eprint.iacr.org/2018/128} }