Paper 2022/1590

Misuse-resistant MGM2 mode

Liliya Akhmetzyanova, CryptoPro LLC
Evgeny Alekseev, CryptoPro LLC
Alexandra Babueva, CryptoPro LLC
Andrey Bozhko, CryptoPro LLC
Stanislav Smyshlyaev, CryptoPro LLC
Abstract

We introduce a modification of the Russian standardized AEAD MGM mode — an MGM2 mode, for which a nonce is not encrypted anymore before using it as an initial counter value. For the new mode we provide security bounds regarding security notions in the nonce-misuse setting (MRAE-integrity and CPA-resilience). The obtained bounds are even better than the bounds obtained for the original MGM mode regarding standard security notions.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. CTCrypt 2021 - 10th Workshop on Current Trends in Cryptology, June 1–4, 2021, Moscow, Russia
Keywords
MGM AEAD mode security notion security bounds nonce-misuse misuse-resistant
Contact author(s)
lah @ cryptopro ru
alekseev @ cryptopro ru
babueva @ cryptopro ru
bozhko @ cryptopro ru
svs @ cryptopro ru
History
2022-11-17: approved
2022-11-15: received
See all versions
Short URL
https://ia.cr/2022/1590
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/1590,
      author = {Liliya Akhmetzyanova and Evgeny Alekseev and Alexandra Babueva and Andrey Bozhko and Stanislav Smyshlyaev},
      title = {Misuse-resistant MGM2 mode},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1590},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1590}},
      url = {https://eprint.iacr.org/2022/1590}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.