An authenticated-encryption scheme is frequently used to provide a communication both with confidentiality and integrity. For stream ciphers, i.e., an encryption scheme using a cryptographic pseudorandom-number generator, this objective can be achieved by the simple combination of encryption and MAC generation. This naive approach, however, introduces the following drawbacks; the implementation...

When using an authenticated-encryption scheme (a shared-key mechanism that provides both privacy and authenticity) it is sometimes useful, when encrypting a message, to also authen­ ticate some additional information which is not privacy protected. We address this associateddata problem, wherein a Sender can bind to an authenticated ciphertext C a string AD, called its associated-data, and wher...

In this note, we study the security of the Galois/Counter mode authenticated encryption recently published by NIST. We show how an adversary can recover the secret key of the keyed hash function underlying the authentication, using a chosen IV attack. Once this secret key is known, the encryption mode is no longer authenticated. As a con­ sequence, all chosen ciphertext attacks against the conf...

Alomair proposed a new authenticated encryption scheme OKH at ACNS 2012, and proved the security, i.e. authenticity and privacy, of OKH. Our research shows that it is not the case. We only need one query to break the authenticity of OKH with success probability of 1, and two queries to break the privacy of OKH with success probability of 1− 1/2, where n is the block-length of underlying blockci...

A draft call for the CAESAR authenticated-encryption competition adopts an interface that is not aligned with existing definitions in the literature. It is the purpose of this brief note to formalize what we believe to be the intended definitions.

Authenticated encryption algorithms protect both the confidentiality and integrity of messages in a single processing pass. In this note we show how to utilize the L◦P ◦S transform of the Russian GOST R 34.11-2012 standard hash “Streebog” to build an efficient, lightweight algorithm for Authenticated Encryption with Associated Data (AEAD) via the Sponge construction and BLNK padding. The propos...

Authenticated encryption is a symmetric cryptography scheme that provides both confidentiality and authentication. In this work we describe an optimized implementation of authenticated encryption for the MSP430X family of microcontrollers. The CCM, GCM, SGCM, OCB3, Hummingbird-2 and MASHA authenticated encryption schemes were implemented at the 128-bit level of security and their performance wa...

This paper is primarily concerned with the CBC block cipher mode. The impact on the usability of this mode of recently proposed padding oracle attacks, together with other related attacks described in this paper, is considered. For applications where unauthenticated encryption is required, the use of CBC mode is compared with its major symmetric rival, namely the stream cipher. It is argued tha...

SOBER-128 is a stream cipher designed by Rose and Hawkes in 2003. It can be also used for generating Message Authentication Codes (MACs) and an authenticated encryption. The developers claimed that it is difficult to forge MACs generated by both functions of SOBER128, though, the security assumption in the proposal paper is not realistic in some instances. In this paper, we examine the security...

A convertible multi-authenticated encryption (CMAE) scheme allows a group of signers to cooperatively produce a valid authenticated encryption signature and still preserves the characteristic of convertible authenticated encryption (CAE) schemes. In 2008, Tsai proposed a CMAE scheme based on the intractability of one-way hash functions and discrete logarithms. However, we find that Tsai’s schem...