Attacks on the Authenticated Encryption Mode of Operation <italic>PAE</italic>

Attacks on the Authenticated Encryption Mode of Operation PAE

We show several concrete attacks on an authenticated encryption scheme PAE which appeared in IEEE Transactions on Information Theory, Vol. 56, no. 8, pp. 4025–4037. Additionally we show some flaws and oversights in the analysis (presented in the same paper) used to prove PAE to be a secure authenticated encryption scheme.

OMD: A Compression Function Mode of Operation for Authenticated Encryption

The AEM Authenticated-Encryption Mode

This note specifies AEM, a mode of operation giving authenticated encryption. AEM is a refinement to Rogaway, Bellare, and Black’s OCB mode [10], while OCB was, in turn, a refinement to Jutla’s IAPM [5]. AEM is also a successor to the work of Gligor and Donescu’s [4] and to the broader line of research that has defined and investigated authenticated encryption [1, 2, 6–8]. The acronym AEM stand...

Related-Mode Attacks on CTR Encryption Mode

In this paper, we discuss using CTR mode, another standard encryption mode, to attack other standard encryption modes and using other standard encryption modes to attack CTR mode under the related-mode attack model. In particular, we point out that when the adversary has access to an oracle under one proper mode, then almost all other related-cipher modes, whether they are encryption modes or a...

A Conventional Authenticated-Encryption Mode

We propose a block-cipher mode of operation, EAX, for authenticated-encryption with associateddata (AEAD). Given a nonce N , a message M , and a header H, the mode protects the privacy of M and the authenticity of both M and H. Strings N, M, H E {0, 1} are arbitrary, and the mode uses 2→M/n∈ + →H/n∈ + →N/n∈ block-cipher calls when these strings are nonempty and n is the block length of the unde...