Cryptology ePrint Archive: Report 2019/892

CCM-SIV: Single-PRF Nonce-Misuse-Resistant Authenticated Encryption

Patrick Kresmer and Alexander Zeh

Abstract: We propose a new nonce-misuse-resistant authenticated encryption scheme, which instantiates the SIV paradigm of Rogaway and Shrimpton. In contrast to the GCM-SIV approach proposed by Gueron and Lindell, we do only use a single type of cryptographic primitive, which can be advantageous in restricted embedded devices. Furthermore, we use three independent and fixed subkeys derived from a single master key. Similar to the CCM mode, our scheme uses a combination of the CTR mode for the symmetric encryption and a MAC based on the CBC construction and is therefore called CCM-SIV. We provide a detailed security proof for our scheme. Furthermore, we outline its extension to a nonce-based key derivation as the AES-GCM-SIV approach.

Category / Keywords: secret-key cryptography / AEAD, AES-GCM, AES-GCM-SIV, AES-CCM, Nonce

Date: received 2 Aug 2019

Contact author: alexzeh at gmx de, patrick kresmer at infineon com

Available format(s): PDF | BibTeX Citation

Version: 20190805:222830 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]