Bellare, Canetti and Krawczyk proposed a security model (BCK-model) for authentication and key exchange protocols in 1998. The model not only reasonably captures the power of practical attackers but also provides a modular approach to the design of secure key exchange protocols. One important element in this approach is the MTauthenticator. An MT-authenticator transforms a message transmission ...

Awareness of the significance of securing communication and data has increased dramatically due to the countless examples showing that systems with little or no protection can and will be attacked. Lack of adoption, or improper use of strong cryptographic techniques could be attributed to the fact that cryptographic solutions are not efficient enough, impose impractical constraints on their use...

This work presents an adaptation of the classical diagonal fault attack on APE which is a member of the PRIMATEs family of authenticated encryption (AE) schemes. APE is the rst nonce misuseresistant permutation based AE scheme and is one of the submissions to the CAESAR competition. In this work we showcase how nonce reuse can be misused in the context of di erential fault analysis of on-line a...

In this note we introduce a variation of the standard definition of chosen-ciphertext security, which we call IND-CCA3, and prove that IND-CCA3 is equivalent to authenticated-encryption.

With a scheme for robust authenticated-encryption a user can select an arbitrary value λ≥ 0 and then encrypt a plaintext of any length into a ciphertext that’s λ characters longer. The scheme must provide all the privacy and authenticity possible for the requested λ. We formalize and investigate this idea, and construct a well-optimized solution, AEZ, from the AES round function. Our scheme enc...

The Sponge function is known to achieve 2 security, where c is its capacity. This bound was carried over to keyed variants of the function, such as SpongeWrap, to achieve a min{2, 2} security bound, with κ the key length. Similarly, many CAESAR competition submissions are designed to comply with the classical 2 security bound. We show that Spongebased constructions for authenticated encryption ...

In this paper we present JHAE, an authenticated encryption (AE) mode based on the JH hash mode. JHAE is a dedicated AE mode based on permutation. We prove that this mode, based on ideal permutation, is provably secure.

In this article, we propose a publicly verifiable authenticated encryption scheme based on factoring and discrete logarithms. We point out that even if either factoring or discrete logarithms is broken, this scheme still could keep the authentication, integration, and confidentiality of the message.

In this paper, we analyse the higher order differential properties of NORX, an AEAD scheme submitted to CAESAR competition. NORX is a sponge based construction. Previous efforts, by the designers themselves, have focused on the first order differentials and rotational properties for a small number of steps of the NORX core permutation, which turn out to have quite low biases when extended to th...

We evaluate the security of the recently proposed authenticated encryption scheme POET with regard to weak keys when its universal hash functions are instantiated with finite field multiplications. We give explicit constructions for weak key classes not covered by POET’s weak key testing strategy, and demonstrate how to leverage them to obtain universal forgeries.