Cryptology ePrint Archive: Report 2022/268

Efficient Schemes for Committing Authenticated Encryption

Mihir Bellare and Viet Tung Hoang

Abstract: This paper provides efficient authenticated-encryption (AE) schemes in which a ciphertext is a commitment to the key. These are extended, at minimal additional cost, to schemes where the ciphertext is a commitment to all encryption inputs, meaning key, nonce, associated data and message. Our primary schemes are modifications of GCM (for basic, unique-nonce AE security) and AES-GCM-SIV (for misuse-resistant AE security) and add both forms of commitment without any increase in ciphertext size. We also give more generic, but somewhat more costly, solutions.

Category / Keywords: secret-key cryptography / Symmetric Encryption, Authenticated Encryption, GCM, PRF, Hash Function, commitment

Original Publication (with major differences): IACR-EUROCRYPT-2022

Date: received 28 Feb 2022, last revised 11 May 2022

Contact author: mihir at eng ucsd edu, tvhoang at cs fsu edu

Available format(s): PDF | BibTeX Citation

Version: 20220511:143540 (All versions of this report)

Short URL: ia.cr/2022/268