Beyond Conventional Security in Sponge-Based Authenticated Encryption Modes

Beyond 2 c/2 Security in Sponge-Based Authenticated Encryption Modes

The Sponge function is known to achieve 2 security, where c is its capacity. This bound was carried over to keyed variants of the function, such as SpongeWrap, to achieve a min{2, 2} security bound, with κ the key length. Similarly, many CAESAR competition submissions are designed to comply with the classical 2 security bound. We show that Spongebased constructions for authenticated encryption ...

Authenticated Encryption Mode for Beyond the Birthday Bound Security

A Conventional Authenticated-Encryption Mode

We propose a block-cipher mode of operation, EAX, for authenticated-encryption with associateddata (AEAD). Given a nonce N , a message M , and a header H, the mode protects the privacy of M and the authenticity of both M and H. Strings N, M, H E {0, 1} are arbitrary, and the mode uses 2→M/n∈ + →H/n∈ + →N/n∈ block-cipher calls when these strings are nonempty and n is the block length of the unde...

AES-Based Authenticated Encryption Modes in Parallel High-Performance Software

Authenticated encryption (AE) has recently gained renewed interest due to the ongoing CAESAR competition. This paper deals with the performance of block cipher modes of operation for AE in parallel software. We consider the example of the AES on Intel’s new Haswell microarchitecture that has improved instructions for AES and finite field multiplication. As opposed to most previous high-performa...

RSPAE: RFID Search Protocol based on Authenticated Encryption

Search protocols are among the main applications of RFID systems. Since a search protocol should be able to locate a certain tag among many tags, not only it should be secure against RFID threats but also it should be affordable. In this article, an RFID-based search protocol will be presented. We use an encryption technique that is referred to as authenticated encryption in order to boost the ...