Abstract Multi-authenticated encryption is an important message transmission technique, which can send message in a secure and authentic way, and allows a group of signers to cooperatively produce a valid authenticated ciphertext so that only the specific recipient can recover the message and verify the signature. In 2008, Wu et al. proposed a convertible multi-authenticated encryption scheme. ...

Cryptographic primitives are required to protect an IT (Information Technology) system. They are used to provide CIA (Confidentiality, Integrity, and Availability) and other security attributes to the system. So far, NIST (National Institute of Standard and Technology) has successfully standardized AES (Advanced Encryption Standard) for confidentiality and SHA (Secure Hash Algorithm) for integr...

We study homomorphic authenticated encryption, where privacy and authenticity of data are protected simultaneously. We define homomorphic versions of various security notions for privacy and authenticity, and investigate relations between them. In particular, we show that it is possible to give a natural definition of IND-CCA for homomorphic authenticated encryption, unlike the case of homomorp...

This paper presents an efficient authenticated encryption construction based on a universal hash function and block cipher. Encryption is achieved via counter-mode while authentication uses the Wegman-Carter paradigm. A single block-cipher key is used for both operations. The construction is instantiated using the hash functions of UMAC and VMAC, resulting in authenticated encryption with peak ...

We consider communication sessions in which a pair of parties begin by running an au-thenticated key-exchange protocol to obtain a shared session key, and then secure successivedata transmissions between them via an authenticated encryption scheme based on the sessionkey. We show that such a communication session meets the notion of a secure channel protocolproposed by Canetti a...

A convertible authenticated encryption scheme allows a specified recipient to recover and verify a message simultaneously. Moreover the recipient can prove the dishonesty of the sender to any third party if the sender repudiates her signature later. Recently, Lv et al. (2005) showed that the Wu et al.’s (1999) and the Huang et al.’s (2003) convertible authenticated encryption schemes cannot pro...

To send the message to the recipient securely, authenticated encryption schemes were proposed. In 2008, Wu et al. [T.S. Wu, C.L. Hsu, K.Y. Tsai, H.Y. Lin, T.C. Wu, Convertible multi-authenticated encryption scheme, Information Sciences 178 (1) 256–263.] first proposed a convertible multi-authenticated encryption scheme based on discrete logarithms. However, the author finds that the computation...

We describe a systematic framework for using a stream cipher supporting an initialisation vector (IV) to perform various tasks of authentication and authenticated encryption. These include message authentication code (MAC), authenticated encryption (AE), authenticated encryption with associated data (AEAD) and deterministic authenticated encryption (DAE) with associated data. Several schemes ar...

It was long thought that symmetric cryptography only mildly affected by quantum attacks, and doubling the key length sufficient to restore security. However, recent works have shown Simon’s period finding algorithm breaks a large number of MAC authenticated encryption algorithms when adversary can query MAC/encryption oracle with superposition messages. In particular, OCB mode is broken in this...

Nyberg and Ruppel first proposed a signature scheme with message recovery based on DSA in 1993, and the authenticated encryption scheme is a special application of their scheme. Afterward, there are many papers proposed about the authenticated encryption schemes. The signature scheme can reduce the transmitted cost, because the message has been contained in the signature of the message and the ...