Security Proof of JAMBU under Nonce Respecting and Nonce Misuse Cases
نویسندگان
چکیده
JAMBU is an AEAD mode of operation which entered the third round of CAESAR competition. However, it does not have a security proof like other modes of operation do, and there was a cryptanalysis result that has overthrown the security claim under nonce misuse case by the designers. In this paper, we complement the shortage of the scheme by giving security proofs of JAMBU both under nonce respecting case and nonce misuse case. We prove that JAMBU under nonce respecting case has a slightly lower security than the birthday bound of n bits, and JAMBU under nonce misuse case has a tight security bound of n/2 bits.
منابع مشابه
Cryptanalysis of JAMBU
In this article, we analyse the security of the authenticated encryption mode JAMBU, a submission to the CAESAR competition that remains currently unbroken. We show that the security claims of this candidate regarding its nonce-misuse resistance can be broken. More precisely, we explain a technique to guess in advance a ciphertext block corresponding to a plaintext that has never been queried b...
متن کاملMcOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes
On-Line Authenticated Encryption (OAE) combines privacy with data integrity and is on-line computable. Most block cipher-based schemes for Authenticated Encryption can be run on-line and are provably secure against nonce-respecting adversaries. But they fail badly for more general adversaries. This is not a theoretical observation only – in practice, the reuse of nonces is a frequent issue. In ...
متن کاملCounter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers
We propose the Synthetic Counter-in-Tweak (SCT) mode, which turns a tweakable block cipher into a nonce-based authenticated encryption scheme (with associated data). The SCT mode combines in a SIV-like manner a Wegman-Carter MAC inspired from PMAC for the authentication part and a new counter-like mode for the encryption part, with the unusual property that the counter is applied on the tweak i...
متن کاملJAMBU Lightweight Authenticated Encryption Mode and AES-JAMBU
In this paper, we propose a lightweight authenticated encryption mode JAMBU. It only needs n-bit extra register for a block cipher with 2n-bit block size. It achieves n-bit authentication security when 2 bits are processed under a single key. When nonce (IV) is reused, the encryption security is similar to that of the CFB mode while the message authentication maintains strong security. We insta...
متن کاملGCM-SIV: Full Nonce Misuse-Resistant Auth- enticated Encryption at Under One C/B
Authenticated encryption schemes guarantee both privacy and integrity, and have become the default level of encryption in modern protocols. One of the most popular authenticated encryption schemes today is AES-GCM due to its impressive speed. The current CAESAR competition is considering new modes for authenticated encryption that will improve on existing methods. One property of importance tha...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017