Cryptology ePrint Archive: Report 2019/892
CCM-SIV: Single-PRF Nonce-Misuse-Resistant Authenticated Encryption
Patrick Kresmer and Alexander Zeh
Abstract: We propose a new nonce-misuse-resistant authenticated encryption scheme, which instantiates the SIV paradigm of Rogaway and Shrimpton. In contrast to the GCM-SIV approach proposed by Gueron and Lindell, we do only use a single type of cryptographic primitive, which can be advantageous in restricted embedded devices. Furthermore, we use three independent and fixed subkeys derived from a single master key. Similar to the CCM mode, our scheme uses a combination of the CTR mode for the symmetric encryption and a MAC based on the CBC construction and is therefore called CCM-SIV. We provide a detailed security proof for our scheme. Furthermore, we outline its extension to a nonce-based key derivation as the AES-GCM-SIV approach.
Category / Keywords: secret-key cryptography / AEAD, AES-GCM, AES-GCM-SIV, AES-CCM, Nonce
Date: received 2 Aug 2019
Contact author: alexzeh at gmx de, patrick kresmer at infineon com
Available format(s): PDF | BibTeX Citation
Version: 20190805:222830 (All versions of this report)
Short URL: ia.cr/2019/892
[ Cryptology ePrint archive ]