On the Security of Sponge-type Authenticated Encryption Modes

Beyond 2 c/2 Security in Sponge-Based Authenticated Encryption Modes

The Sponge function is known to achieve 2 security, where c is its capacity. This bound was carried over to keyed variants of the function, such as SpongeWrap, to achieve a min{2, 2} security bound, with κ the key length. Similarly, many CAESAR competition submissions are designed to comply with the classical 2 security bound. We show that Spongebased constructions for authenticated encryption ...

The Software Performance of Authenticated-Encryption Modes

We study the software performance of authenticated-encryption modes CCM, GCM, and OCB. Across a variety of platforms, we find OCB to be substantially faster than either alternative. For example, on an Intel i5 (“Clarkdale”) processor, good implementations of CCM, GCM, and OCB encrypt at around 4.2 cpb, 3.7 cpb, and 1.5 cpb, while CTR mode requires about 1.3 cpb. Still we find room for algorithm...

The Hardware Performance of Authenticated Encryption Modes

Authenticated encryption has long been a vital operation in cryptography by its ability to provide confidentiality, integrity and authenticity at the same time. Its use has progressed in parallel with the worldwide use of Internet Protocol (IP), which has led to development of several new schemes as well as improved versions of existing ones. There have already been studies investigating softwa...

Ring Authenticated Encryption: A New Type of Authenticated Encryption

By combining the two notations of ring signature and authenticated encryption together, we introduce a new type of authenticated encryption signature, called ring authenticated encryption, which has the following properties: signer-ambiguity, signer-verifiability, recipient-designation, semantic-security, verification-convertibility, verification-dependence and recipient-ambiguity. We also give...

Sufficient Conditions on Padding Schemes of Sponge Construction and Sponge-Based Authenticated-Encryption Scheme