Paper 2021/1283

Parallel Verification of Serial MAC and AE Modes

Kazuhiko Minematsu, Akiko Inoue, Katsuya Moriwaki, Maki Shigeri, and Hiroyasu Kubo


A large number of the symmetric-key mode of operations, such as classical CBC-MAC, have serial structures. While a serial mode gives an implementation advantage in terms of required memory or footprint compared to the parallel counterparts, it wastes the capability of parallel process even when it is available. The problem is becoming more relevant as lightweight cryptography is going to be deployed in the real world. In this article, we propose an alternative implementation strategy for serial MAC modes and serial authenticated encryption (AE) modes that allows 2-block parallel operation for verification/decryption. Our proposal maintains the original functionality and security. It is simple yet novel, and generally applicable to a wide range of existing modes including two NIST recommendations, CMAC and CCM. We demonstrate the effectiveness of our proposal by showing several case studies with software implementations.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Minor revision.Selected Areas in Cryptography 2021
Contact author(s)
k-minematsu @ nec com
a_inoue @ nec com
2021-09-24: received
Short URL
Creative Commons Attribution


      author = {Kazuhiko Minematsu and Akiko Inoue and Katsuya Moriwaki and Maki Shigeri and Hiroyasu Kubo},
      title = {Parallel Verification of Serial MAC and AE Modes},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1283},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.