Paper 2021/1168

Toward a Fully Secure Authenticated Encryption Scheme From a Pseudorandom Permutation (Full Version)

Wonseok Choi, Byeonghak Lee, Jooyoung Lee, and Yeongmin Lee

Abstract

In this paper, we propose a new block cipher-based authenticated encryption scheme, dubbed the Synthetic Counter with Masking~(SCM) mode. SCM follows the NSIV paradigm proposed by Peyrin and Seurin~(CRYPTO 2016), where a keyed hash function accepts a nonce N with associated data and a message, yielding an authentication tag T, and then the message is encrypted by a counter-like mode using both T and N. Here we move one step further by encrypting nonces; in the encryption part, the inputs to the block cipher are determined by T, counters, and an encrypted nonce, and all its outputs are also masked by an (additional) encrypted nonce, yielding keystream blocks. As a result, we obtain, for the first time, a block cipher-based authenticated encryption scheme of rate 1/2 that provides n-bit security with respect to the query complexity (ignoring the influence of message length) in the nonce-respecting setting, and at the same time guarantees graceful security degradation in the faulty nonce model, when the underlying n-bit block cipher is modeled as a secure pseudorandom permutation. Seen as a slight variant of GCM-SIV, SCM is also parallelizable and inverse-free, and its performance is still comparable to GCM-SIV.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2021
Keywords
authenticated encryptionbeyond-birthday-bound securitynonce-misuse resistancegraceful degradationblock cipher
Contact author(s)
lbh0307 @ kaist ac kr
hicalf @ kaist ac kr
History
2021-09-17: revised
2021-09-14: received
See all versions
Short URL
https://ia.cr/2021/1168
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1168,
      author = {Wonseok Choi and Byeonghak Lee and Jooyoung Lee and Yeongmin Lee},
      title = {Toward a Fully Secure Authenticated Encryption Scheme From a Pseudorandom Permutation (Full Version)},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1168},
      year = {2021},
      url = {https://eprint.iacr.org/2021/1168}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.