Paper 2024/051

Limits on Authenticated Encryption Use in TLS

Atul Luykx, Google (United States)
Kenneth G. Paterson, ETH Zurich
Abstract

This technical note presents limits on the security (as a function of the number of plaintext bytes encrypted and the number of forgery attempts made by an adversary) for the main Authenticated Encryption schemes available in TLS 1.2 and the draft of TLS 1.3. These limits are derived from security proofs for the considered schemes available in the literature. Our intention is to provide considered technical input to on-going discussions in the TLS Working Group of the IETF concerning, amongst other things, the necessity of adding a key update feature to the TLS 1.3 specification.

Note: This document was originally uploaded to the authors' websites in 2016, however it is no longer available there. The source code for the document is publicly available on github: https://github.com/atulluykx/securitybounds We're uploading this document to eprint to ensure the pdf is more easily accessible.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
AESGCMTLS
Contact author(s)
aluykx @ google com
History
2024-01-15: approved
2024-01-13: received
See all versions
Short URL
https://ia.cr/2024/051
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/051,
      author = {Atul Luykx and Kenneth G. Paterson},
      title = {Limits on Authenticated Encryption Use in {TLS}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/051},
      year = {2024},
      url = {https://eprint.iacr.org/2024/051}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.