Parallel authenticated encryption with the duplex construction

نویسندگان

  • Pawel Morawiecki
  • Josef Pieprzyk
چکیده

The authentication encryption (AE) scheme based on the duplex construction can no be paralellized at the algorithmic level. To be competitive with some block cipher based modes like OCB (Offset CodeBook) or GCM (Galois Counter Mode), a scheme should allow parallel processing. In this note we show how parallel AE can be realized within the framework provided by the duplex construction. The first variant, pointed by the duplex designers, is a tree-like structure. Then we simplify the scheme replacing the final node by the bitwise xor operation and show that such a scheme has the same security level. 1 Duplex construction In 2010 Bertoni et al. introduced the duplex construction which provides the framework for an authenticated encryption scheme [3]. In this section we briefly discuss the construction with focus on the authenticated encryption. The duplex construction can be seen as a particular way to use the sponge construction [2], hence it inherits its security properties. The construction is based on the fixed permutation (or transformation) and allows the alternation of input and output blocks at the same rate as the sponge construction. Figure 1 shows the duplex construction. Similarly as in the sponge construction, there are two parameters: r (bitrate) and c (capacity). The sum of those two parameters makes the state size. Different values for bitrate and capacity give trade-offs between speed and security. A higher bitrate gives a faster construction at the expense of a lower security. Upon initialization all the bits of the state are set to zero. The duplex construction accepts input calls (denoted by in in Figure 1) to the underlying permutation f . The padded input strings have the size of r bits. After a call to the permutation f , an output r-bit string is returned (denoted by zn in Figure 1). Please note that the capacity part of the state is never directly manipulated by an input string in, nor is included in output strings zn. The authentication encryption scheme with associated data (AEAD) can be realized with the duplex construction. A secret key K, and message blocks Bi (optionally with associated data Ai) are processed as follows. Fig. 1. Duplex construction r f c pad i0 z0 pad i1

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

ELmE: A Misuse Resistant Parallel Authenticated Encryption

The authenticated encryptions which resist misuse of initial value (or nonce) at some desired level of privacy are two-pass or Macthen-Encrypt constructions (inherently inefficient but provide full privacy) and online constructions, e.g., McOE, sponge-type authenticated encryptions (such as duplex, AEGIS) and COPA. Only the last one is almost parallelizable with some bottleneck in processing as...

متن کامل

Cryptographic Applications of the Duplex Construction

Assured security is the desirable feature of modern cryptography. Most of modern cryptography primitives have no provably secure constructions. Their safety is defined on the basis of well-known in the given time cryptanalytic attacks. The duplex construction equipped with one ideal permutation and appropriate security parameters is suitable for building provably secure cryptographic primitives...

متن کامل

Security of Full-State Keyed and Duplex Sponge: Applications to Authenticated Encryption

We provide a security analysis for full-state keyed Sponge and full-state Duplex constructions. Our results can be used for making a large class of Sponge-based authenticated encryption schemes more efficient by concurrent absorption of associated data and message blocks. In particular, we introduce and analyze a new variant of SpongeWrap with almost free authentication of associated data. The ...

متن کامل

Security of Full-State Keyed Sponge and Duplex: Applications to Authenticated Encryption

We provide a security analysis for full-state keyed Sponge and full-state Duplex constructions. Our results can be used for making a large class of Sponge-based authenticated encryption schemes more efficient by concurrent absorption of associated data and message blocks. In particular, we introduce and analyze a new variant of SpongeWrap with almost free authentication of associated data. The ...

متن کامل

Duplexing the Sponge: Single-Pass Authenticated Encryption and Other Applications

This paper proposes a novel construction, calledduplex, closely related to the sponge construction, that acceptsmessage blocks to be hashed and—at no extra cost—provides digests on the input blocks received so far. It can be proven equivalent to a cascade of sponge functions and hence inherits its security against single-stage generic a acks. The main application proposed here is an authenticat...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2013  شماره 

صفحات  -

تاریخ انتشار 2013