Cryptology ePrint Archive: Report 2021/1541

Revisiting the Security of COMET Authenticated Encryption Scheme

Shay Gueron and Ashwin Jha and Mridul Nandi

Abstract: COMETv1, by Gueron, Jha and Nandi, is a mode of operation for nonce-based authenticated encryption with associated data functionality. It was one of the second round candidates in the ongoing NIST Lightweight Cryptography Standardization Process. In this paper, we study a generalized version of COMETv1, that we call gCOMET, from provable security perspective. First, we present a comprehensive and complete security proof for gCOMET in the ideal cipher model. Second, we view COMET, the underlying mode of operation in COMETv1, as an instantiation of gCOMET, and derive its concrete security bounds. Finally, we propose another instantiation of gCOMET, dubbed COMETv2, and show that this version achieves better security guarantees as well as memory-efficient implementations as compared to COMETv1.

Category / Keywords: secret-key cryptography / COMET, ICM, provable security, rekeying, lightweight, AEAD

Original Publication (with major differences): Indocrypt 2021

Date: received 22 Nov 2021, last revised 23 Nov 2021

Contact author: shay gueron at gmail com, ashwin jha at cispa de, mridul nandi at gmail com

Available format(s): PDF | BibTeX Citation

Note: Minor correction in title.

Version: 20211123:190358 (All versions of this report)

Short URL: ia.cr/2021/1541


[ Cryptology ePrint archive ]