Authenticated Encryption Modes Based on Block Ciphers

doi:10.3969/j.issn.1671-1122.2014.11.002

Abstract

Abstract:

It is an inevitable trend to provide authentication encryption modes of operation, which satisfy all kinds of requirements, and have good performance such as high-efficiency, high security, low-cost and simple structure. Authenticated encryption modes based on block ciphers provide both privacy and authenticity of users’ information. As they have many good properties: high-speed, easy standardization, high-efficiency in hardware and software implementation, they have been widely used in the field of information security. In this paper, we give a survey on authenticated encryption modes based on block ciphers, and discuss further research trend in the future.

Key words: symmetric cryptography, block cipher, authenticated encryption, provable security

CLC Number:

TP309

ZHANG Ping, CHEN Chang-song, HU Hong-gang. Authenticated Encryption Modes Based on Block Ciphers[J]. Netinfo Security, 2014, 14(11): 8-10.

References 57

[1]	CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness. [EB/OL].
[2]	Alizadeh J, Aref M R, Bagheri N.JHAE: An authenticated encryption mode based on JH [J]. IACR Cryptology ePrint Archive, 2014.
[3]	Andreeva E, Bogdanov A.Parallelizable and authenticated online ciphers[C]. Sako K, Sarkar P (Eds.) ASIACRYPT 2013, 8269, 2013: 424-443.
[4]	Andreeva E, Bilgin B, Bogdanov A, et al.APE: authenticated permutation-based encryption for lightweight cryptography [J]. IACR Cryptology ePrint Archive, 2013(20132013.
[5]	Aoki K, Yasuda K.The security of the OCB mode of operation without the SPRP assumption[C]. ProvSec 2013, 8209, Springer-Verlag, 2013: 202-220.
[6]	Bertoni G, Daemen J.Permutation based encryption, authentication and authenticated encryption [J]. DIAC 2012, available from .
[7]	Bellare M, Desai A, Jokipii E, et al.A Concrete Security treatment of symmetric encryption[C]. In Proceedings of the 38th symposiun on FOCS, IEEE, 1997: 394-403.
[8]	Bertoni G, Daemen J, Peeters M, et al.Duplexing the sponge: Single-pass authenticated encryption and other applications[C]. SAC 2011 , Springer, 2011: 320-337.
[9]	Bogdanov A, Mendel F, Regazzoni F.ALE: AES-based lightweight authenticated encryption[C]. In Fast Software Encryption, FSE 2013, Lecture Notes in Computer Science, Moriai S (ed.), Springer-Verlag, 2013.
[10]	Bellare M, Namprempre C.Authenticated encryption: Relations among notions and analysis of the generic composition paradigm[C]. In Proc. ASIACRYPT, Okamoto T, Ed. Berlin, Germany: Springer-Verlag, 1976, 2000: 531-545.
[11]	Bellare M, Rogaway P.The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs[C]. Advances in Cryptology-EUROCRYPT 2006, Springer-Verlag, 2006.
[12]	Bellare M, Rogaway P, Wagner D.The EAX mode of operation[C]. In Proceedings of FSE 2004, LNCS vol. 3017, Springer, 2004: 389-407.
[13]	Datta N, Nandi M.Misuse Resistant parallel authenticated encryptions [J]. IACR Cryptology ePrint Archive, 2013(20132013.
[14]	Fleischmann E, Forler C, Lucks S, et al.McOE: A family of almost fool proof on-line authenticated encryption schemes (full version)[C]. FSE 2012, LNCS vol. 7549, Springer, Heidelberg, 2012: 196-215.
[15]	Ferguson N, Whiting D, Schneier B. Helix: fast encryption and authentication in a single cryptographic primitive [C]. Johansson T (Ed.): FSE2003, LNCS, Springer-verlag, 2003(2887): 330-346.
[16]	Gligor V D, Donescu P.Fast encryption and authentication: XCBC encryption and XECB authentication modes[C]. FSE 2001, Springer-Verlag, 2001: 99-111.
[17]	Gennaro R, Halevi S.More on key wrapping[C]. Selected Areas in Cryptography (SAC), Springer, 2009: 53-70.
[18]	Hastad J.The security of the IAPM and IACBC modes[J]. Journal of Cryptology, 20(2), 2007: 153-163.
[19]	Iwata T.New blockcipher modes of operation with beyond the birthday bound security[C]. Robshaw M J B.(ed.): FSE 2006, LNCS vol. 4047, 2006: 310-327.
[20]	Iwata T.Authenticated encryption mode for beyond the birthday bound security[C]. Vaudenay S (Ed.): AFRICACRYPT 2008, LNCS, vol. 5023, Springer-verlag, 2008: 125-142.
[21]	Iwata T, Minematsu K, Guo J.CLOC: Authenticated encryption for short input [J]. IACR Cryptology ePrint Archive, vol. 2014, available from .
[22]	Iwata T, Yasuda K.BTM: a single-key, inverse-cipher-free mode for deterministic authenticated encryption[C]. SAC 2009, LNCS, vol. 5867, Springer-verlag, 2009: 313-330.
[23]	Iwata T, Yasuda K.HBS: a single-key mode of operation for deterministic authenticated encryption[C]. Dunkelman O (Ed.): FSE 2009, LNCS, vol. 5665, 2009: 394-415.
[24]	Jutla C.Parallelizable encryption mode with almost free message integrity[C]. In Proc. EUROCRYPT (Lecture Notes in Computer Science), Ptzmann B, Ed. Berlin, Germany: Springer-Verlag, vol. 2045, 2000: 529-544.
[25]	Krovetz T, Rogaway P.The software performance of authenticated encryption modes[C]. FSE 2011, Springer, 2011.
[26]	Kohno T, Viega J, Whiting D.CWC: A high-performance conventional authenticated encryption mode[C]. In Proceedings of FSE 2004, LNCS 3017, Springer, 2004: 408-426.
[27]	Lucks S.Two-pass Authenticated Encryption faster than generic composition[C]. Gilbert H, Handschuh H (Eds.): FSE 2005, LNCS 3557, Springer, 2005: 284-298.
[28]	Minematsu K. Parallelizable authenticated encryption from functions [J]. IACR Cryptology ePrint Archive, Report 2013/628 (.
[29]	McGrew D A, Viega J. The security and performance of the Galois/counter mode (GCM) of operation[C]. In INDOCRYPT, vol. 3348 of LNCS, Springer, 2004: 343-355.
[30]	Osaki Y, Iwata T.Further more on key wrapping[J]. IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences, 95(1), 2012: 8-20.
[31]	Osaki Y, Iwata T.Security of Hash-then-CBC key wrapping revisited[J]. IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences, 96(1), 2013: 25-34.
[32]	Pieprzyk J. Parallel authenticated encryption with the duplex construction [J]. IACR Cryptology ePrint Archive, Report 2013/658 (.
[33]	Rogaway P.Authenticated-encryption with associated-data [J]. In Proc. 9th CCS, ACM Press, 2002: 98-107.
[34]	Rogaway P.Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC[C]. In Proc. ASIACRYPT (Lecture Notes in Computer Science), Lee P J, Ed. Berlin, Germany: Springer-Verlag, vol. 3329, 2004: 16-31.
[35]	Rogaway P, Bellare M, Black J.OCB: A block-cipher mode of operation for efficient authenticated encryption[J]. ACM Trans. Inf. Syst. Security, 6(3), 2003: 365-403.
[36]	Rogaway P, Bellare M, Black J.OCB: A block-cipher mode of operation for efficient authenticated encryption [C]. ACM Conference on Computer and Communications Security, ACM Press, 2001: 196-205.
[37]	Rogaway P, Shrimpton T.A provable security treatment of the key wrap problem[C]. Vaudenay S (Ed.): EUROCRYPT 2006, LNCS, vol. 4004, 2006: 373-390.
[38]	Rogaway P, Zhang H.Online ciphers from tweakable blockciphers[C]. CT-RSA 2011, LNCS, vol. 6558, Springer, Heidelberg, 2011: 237-249.
[39]	Sarkar P.Pseudo-random functions and parallelizable modes of operations of a block cipher[J]. IEEE Transactions on Information Theory, 56(8), 2010: 4025-4037.
[40]	Wu H, Preneel B.AEGIS: A fast authenticated encryption algorithm[C]. Selected Areas in Cryptography-SAC 2013, Springer, 2014:185-201.
[41]	Yasuda K.A one-pass mode of operation for deterministic message authentication security beyond the birthday barrier[C]. FSE 2008, LNCS, vol. 5086, Springer, 2008: 316-333.
[42]	Zhang L, Wu W, Wang P.PolyE+CTR: a swiss-army-knife mode for block ciphers[C]. ProvSec 2011, LNCS 6980, Springer-Verlag, 2011: 266-280.
[43]	吴文玲, 冯登国, 张文涛. 分组密码的设计与分析(第二版)[M]. 北京: 清华大学出版社, 2009.
[44]	张华, 温巧燕, 金正平. 可证明安全算法与协议[M]. 北京: 科学出版社, 2012.
[45]	Schaad J, Housley R.RFC 3394, Advanced Encryption Standard (AES) Key Wrap Algorithm [P]. IETF, 2012.
[46]	Goldwasser S, Micali S.Probabilistic encryption[J]. Journal of Computer and System Science, 8(2), 1984: 270-299.
[47]	Shoup V..
[48]	Vaudenay S.Decorrelation: A Theory for Block Cipher Security[J]. Journal of Cryptology, September 2003, 16(4), 2003: 249-286.
[49]	Patarin J.The “Coefficients H”Technique[C]. Avanzi R, Keliher L, Sica F (Eds.): SAC 2008, LNCS 5381, 2009: 328-345.
[50]	Patarin J.Pseudorandom Permutations based on the DES Scheme[C]. EUROCODE 1990. LNCS, vol. 514, Springer, Heidelberg, 1991: 193-204.
[51]	Maurer U.Indistinguishability of Random Systems[C]. Eurocrypt 2002, Lecture Notes in Computer Science, volume 2332, 2002: 110-132.
[52]	Lai X J, Massey J L, Murphy S.Markov Ciphers and Differential Cryptanalysis[C]. Eurocrypt 1991, Lecture Notes in Computer Science, volume 547, 1991: 17-38.
[53]	Lampe R, Seurin Y.Tweakable Blockciphers with Asymptotically Optimal Security[C]. FSE 2013, Moriai S (Ed.), LNCS 8424, 2014: 133-151.
[54]	Agren M, Hell M, Johansson T, et al.
[55]	Jonsson J.On the Security of CTR + CBC-MAC[C]. Nyberg K, Heys H (Eds.): SAC 2002, LNCS 2595, 2003: 76-93.
[56]	王鹏. 分组密码的工作模式、协议与应用[C]. 分组密码设计与分,2013.
[57]	王鹏. 认证加密的设计模式[C]. 2014年密码算法前沿论坛, 2014.