Paper 2019/892

CCM-SIV: Single-PRF Nonce-Misuse-Resistant Authenticated Encryption

Patrick Kresmer and Alexander Zeh

Abstract

We propose a new nonce-misuse-resistant authenticated encryption scheme, which instantiates the SIV paradigm of Rogaway and Shrimpton. In contrast to the GCM-SIV approach proposed by Gueron and Lindell, we do only use a single type of cryptographic primitive, which can be advantageous in restricted embedded devices. Furthermore, we use three independent and fixed subkeys derived from a single master key. Similar to the CCM mode, our scheme uses a combination of the CTR mode for the symmetric encryption and a MAC based on the CBC construction and is therefore called CCM-SIV. We provide a detailed security proof for our scheme. Furthermore, we outline its extension to a nonce-based key derivation as the AES-GCM-SIV approach.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
AEADAES-GCMAES-GCM-SIVAES-CCMNonce
Contact author(s)
alexzeh @ gmx de
patrick kresmer @ infineon com
History
2019-08-05: received
Short URL
https://ia.cr/2019/892
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/892,
      author = {Patrick Kresmer and Alexander Zeh},
      title = {{CCM}-{SIV}: Single-{PRF} Nonce-Misuse-Resistant Authenticated Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/892},
      year = {2019},
      url = {https://eprint.iacr.org/2019/892}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.