Introduction
Often when two parties communicate over a network, they have two main security goals: privacy and authentication. In fact, there is compelling evidence that one should never use encryption without also providing authentication [8]. Many solutions for the privacy and authentication problems have existed for decades, and the traditional approach to solving both simultaneously has been to combine them in a straightforward manner using so-called generic composition. However, recently there have been a number of new constructions which achieve both privacy and authenticity simultaneously, often much faster than any solution which uses generic composition. In this article we will explore the various approaches to achieving both privacy and authenticity, the so-called Authenticated Encryption problem. We will often abbreviate this as simply “AE.” We will start with generic composition methods and then explore the newer combined methods.
Background
Throughout this article we will...
This is a preview of subscription content, log in via an institution.
References
Bellare, M., R. Canetti, H. and Krawczyk (1996) “Keying hash functions for message authentication.” Advances in Cryptology—CRYPTO '96 vol. 1109 of Lecture Notes in Computer Science Springer-Verlag, Berlin 115
Bellare, M., A. Desai, D. Pointcheval, and P. Rogaway, (1998). “Relations among notions of security for public-key encryption schemes.” Advances in Cryptology—CRYPTO '98 vol. 1462 of LNCS, H. Krawczyk, Springer-Verlag, 232–249.
Bellare, M., J. Kilian, and P. Rogaway (2000). “The security of the cipher block chaining message authentication code.” Journal of Computer and System Sciences (JCSS), 61 (3) 362–399. Earlier version in CRYPTO '94. See www.cs.ucdavis.edu/~rogaway
Bellare, M., T. Kohno, and C. Namprempre (2002). “Authenticated encryption in SSH: Provably fixing the SSH binary packet protocol.” ACM Conference on Computer and Communications Security (CCS-9) (2002), ACM Press, New York, 1–11.
Bellare, M., and C. Namprempre (2000). “Authenticated encryption: Relations among notions and analysis of the generic composition paradigm.” Advances in Cryptology—ASIACRYPT '00, vol. 1976 of Lecture Notes in Computer Science, Springer-Verlag, Berlin.
Bellare, M., and P. Rogaway (2000). “Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient encryption.” Advances in Cryptology—ASIACRYPT '00, vol. 1976 of Lecture Notes in Computer Science. ed. T. Okamoto. Springer-Verlag, 317–330. See www.cs.ucdavis.edu/~rogaway
Bellare, M., P. Rogaway, and D Wagner, “EAX: A conventional authenticated-encryption mode.” Cryptology ePrint archive, reference number 2003/069, submitted Apr 13, 2003, revised Sep 9, 2003. See eprint.iacr.org.
Bellovin, S. “Problem areas for the IP security protocols.” Proceedings of the Sixth USENIX Security Symposium, July 1996, 1–16.
Berendschot, A., B. den Boer, J. Boly, A. Bosselaers, J. Brandt, D. Chaum, I. Damgård, M. Dichtl, W. Fumy, M. van der Ham, C. Jansen, P. Landrock, B. Preneel, G. Roelofsen, P. de Rooij, and J. Vandewalle (1995). Final Report of Race Integrity Primitives, vol. 1007 of Lecture Notes in Computer Science.” Springer-Verlag, Berlin.
Bernstein, D. (2000). Floating-point arithmetic and message authentication. Available from http://cr.yp.to/hash127.html.
Black, J.,S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. (1999). “UMAC: Fast and secure message authentication.” Advances in Cryptology—CRYPTO '99, Lecture Notes in Computer Science, Springer-Verlag, Berlin.
Black, J., and P. Rogaway. (2000). “CBC MACs for arbitrary-length messages: The three-key constructions.” Advances in Cryptology—CRYPTO '00, Lecture Notes in Computer Science, Springer-Verlag, Berlin.
Black, J., and P. Rogaway. (2002). “A block-cipher mode of operation for parallelizable message authentication.” Advances in Cryptology—EUROCRYPT 2002, vol. 2332 of Lecture Notes in Computer Science, L. Knudsen. Springer-Verlag, Berlin, 384–397.
Black, J., and H. Urtubia. (2002). “Side-channel attacks on symmetric encryption schemes: The case for authenticated encryption.” Proceedings of the Eleventh USENIX Security SymposiumAug. 2002, ed. D. Boneh, 327–338.
Borisov, N. I. Goldberg, D. Wagner (2001) “Intercepting mobile communications: The insecurity of 802.11.” MOBICOMACM press, New York 180-189
Carter, L., and M. Wegman. (1979). “Universal hash functions.” J. of Computer and System Sciences, 18, 143–154.
Ferguson, N., D. Whiting, B. Schneier, J. Kelsey, S. Lucks, and T. Kohno (2003). “Helix: Fast encryption and authentication in a single cryptographic primitive.” Fast Software Encryption, 10th International Workshop, FSE 2003, Lecture Notes in Computer Science. ed. T. Johansson. Springer-Verlag, Berlin.
Gligor, V., and P. Donescu. (2002). “Fast encryption and authentication: XCBC encryption and XECB authentication modes.” Fast Software Encryption, 8th International Workshop, FSE 2001, vol. 2355 of Lecture Notes in Computer Science, Ed., M. Matsui. Springer-Verlag, 92–108. See www.ece.umd.edu/~gligor/
Goldwasser, S., S. Micali, and R. Rivest. (1998). “A digital signature scheme secure against adaptive chosen-message attacks” SIAM Journal of Computing, 17, (2) 281–308.
H. Krawczyk, M. B., and R Canetti, “HMAC: Keyed hashing for message authentication.” IETF RFC-2104.
Halevi, S. (2000). “An observation regarding Jutla's modes of operation.” Cryptology ePrint archive, reference number 2001/015, submitted Feb 22, 2001, revised Apr 2, 2001. See eprint.iacr.org
Hawkes, P., and Rose, G. (2003). “Primitive specification for SOBER-128.” Available from http://www.qualcomm.com.au/Sober128.html.
Iwata, T., and K. Kurosawa. (2003). “OMAC: One-key CBC MAC.” Fast Software Encryption, vol. 2887 of Lecture Notes in Computer Science, ed., T. Johansson. Springer-Verlag, Berlin.
Jonsson, J. (2002). “On the security of CTR + CBC-MAC.” Selected Areas in Cryptography–SAC 2002, vol. 2595 of Lecture Notes in Computer Science, eds. K. Nyberg and H. M. Heys. Springer-Verlag, Berlin, 76–93.
Jutla, C. (2003). “Encryption modes with almost free message integrity.” Advances in Cryptology — EUROCRYPT 2001, vol. 2045 of Lecture Notes in Computer Science, ed. B. Pfitzmann. Springer-Verlag, Berlin, 529–544.
Katz, J., and M. Yung. (2000). “Unforgeable encryption and chosen ciphertext secure modes of operation.” Fast Software Encryption, 7th International Workshop, FSE 2000 (2000), vol. 1121 of Lecture Notes in Computer Science.
Kohno, T., Palacio, A., and Black, J. (2003). “Building secure cryptographic transforms, or how to encrypt and MAC.” Cryptology ePrint archive, reference number 2003/177, submitted Aug 28, 2003. See eprint.iacr.org
Kohno, T., J. Viega, and D. Whiting. (2003). “High-speed encryption and authentication: A patent-free solution for 10 Gbps network devices.” Cryptology ePrint archive, reference number 2003/106, submitted May 27, 2003, revised Sep 1, 2003. See eprint.iacr.org
Krawczyk, H. “The order of encryption and authentication for protecting communications (or: How secure is SSL?).” Advances in Cryptology—CRYPTO 2001, vol. 2139 of Lecture Notes in Computer Science, Springer-Verlag, Berlin 310–331.
Liskov, M., R. Rivest, and D. Wagner. (2002). “Tweakable block ciphers.” Advances in Cryptology—CRYPTO '02, vol. 2442 of Lecture Notes in Computer Science, ed. M. Yung, Springer-Verlag, Berlin 31–46.
Petrank, E., and C. Rackoff. (2000). “CBC MAC for real-time data sources.” Journal of Cryptology, 13 (3), 315–338.
P. Rogaway 2002 “ Authenticated-encryption with associated-data.” ACM Conference on Computer and Communications Security (CCS-9). ACM Press, New York. 196-205
Rogaway, P., M. Bellare, and J. Black. (2003). “OCB: A block-cipher mode of operation for efficient authenticated encryption.” ACM Transactions on Information and System Security (TISSEC), 6 (3), 365–403.
Wegman, M., and L. Carter. (1981) “New hash functions and their use in authentication and set equality.” J. of Comp. and System Sciences 22, 265–279.
Whiting, D., R. Housley, and N. Ferguson. (2002). “Counter with CBC-MAC (CCM)0” Available from csrc.nist.gov/encryption/modes/proposedmodes/
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Black, J. (2005). Authenticated encryption. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_15
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_15
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering