COBRA: A Parallelizable Authenticated Online Cipher Without Block Cipher Inverse
نویسندگان
چکیده
We present a new, misuse-resistant scheme for online authenticated encryption, following the framework set forth by Fleischmann et al. (FSE 2012). Our scheme, COBRA, is roughly as efficient as the GCM mode of operation for nonce-based authenticated encryption, performing one block cipher call plus one finite field multiplication per message block in a parallelizable way. The major difference from GCM is that COBRA preserves privacy up to prefix under nonce repetition. However, COBRA only provides authenticity against nonce-respecting adversaries. As compared to COPA (ASIACRYPT 2013), our new scheme requires no block cipher inverse and hence enjoys provable security under a weaker assumption about the underlying block cipher. In addition, COBRA can possibly perform better than COPA on platforms where finite field multiplication can be implemented faster than the block cipher in use, since COBRA essentially replaces half of the block cipher calls in COPA with finite field multiplications.
منابع مشابه
Parallelizable and Authenticated Online Ciphers
Online ciphers encrypt an arbitrary number of plaintext blocks and output ciphertext blocks which only depend on the preceding plaintext blocks. All online ciphers proposed so far are essentially serial, which significantly limits their performance on parallel architectures such as modern general-purpose CPUs or dedicated hardware. We propose the first parallelizable online cipher, COPE. It per...
متن کاملComments to NIST concerning AES Modes of Operation: OCB Mode: Parallelizable Authenticated Encryption
This note describes a parallelizable block-cipher mode of operation that simultaneously provides privacy and authenticity. It does this using only djM j=ne + 2 block cipher invocations. Here M is the plaintext (an arbitrary bit string) and n is the block length. The scheme refines one recently suggested by Jutla [Ju00].
متن کاملCPA on COLM Authenticated Cipher and the Protection Using Domain-Oriented Masking
Authenticated encryption schemes are important cryptographic primitives that received extensive attention recently. They can provide both confidentiality and authenticity services, simultaneously. Correlation power analysis (CPA) can be a thread for authenticated ciphers, similar to the any physical implementation of any other cryptographic scheme. In this paper, a three-step CPA attack against...
متن کاملParallelizable Encryption Mode with Almost Free Message Integrity
In this document we propose a new mode of operation for symmetric key block cipher algorithms. The main feature distinguishing the proposed mode from existing modes is that along with providing con dentiality of the message, it also provides message integrity. In other words, the new mode is not just a mode of operation for encryption, but a mode of operation for authenticated encryption. As th...
متن کاملParallelizable Rate-1 Authenticated Encryption from Pseudorandom Functions
This paper proposes a new scheme for authenticated encryption (AE) which is typically realized as a blockcipher mode of operation. The proposed scheme has attractive features for fast and compact operation. When it is realized with a blockcipher, it requires one blockcipher call to process one input block (i.e. rate-1), and uses the encryption function of the blockcipher for both encryption and...
متن کامل