Skip to main content
Springer Nature Link
Log in

Toward a Fully Secure Authenticated Encryption Scheme from a Pseudorandom Permutation

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2021 (ASIACRYPT 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13092))

  • 1280 Accesses

Abstract

In this paper, we propose a new block cipher-based authenticated encryption scheme, dubbed the Synthetic Counter with Masking (\(\mathsf {SCM}\)) mode. \(\mathsf {SCM}\) follows the \(\mathsf {NSIV}\) paradigm proposed by Peyrin and Seurin (CRYPTO 2016), where a keyed hash function accepts a nonce N with associated data and a message, yielding an authentication tag T, and then the message is encrypted by a counter-like mode using both T and N. Here we move one step further by encrypting nonces; in the encryption part, the inputs to the block cipher are determined by T, counters, and an encrypted nonce, and all its outputs are also masked by an (additional) encrypted nonce, yielding keystream blocks.

As a result, we obtain, for the first time, a block cipher-based authenticated encryption scheme of rate 1/2 that provides n-bit security with respect to the query complexity (ignoring the influence of message length) in the nonce-respecting setting, and at the same time guarantees graceful security degradation in the faulty nonce model, when the underlying n-bit block cipher is modeled as a secure pseudorandom permutation. Seen as a slight variant of \(\mathsf {GCM}\)-\(\mathsf {SIV}\), \(\mathsf {SCM}\) is also parallelizable and inverse-free, and its performance is still comparable to \(\mathsf {GCM}\)-\(\mathsf {SIV}\).

J. Lee—This work was supported by Institute for Information & communications Technology Planning & Evaluation(IITP) grant funded by the Korea government (MSIT) (No. 2019-0-01343, Regional strategic industry convergence security core talent training business).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    \(\mathsf {POLYVAL}\) is a universal hash function used in \(\mathsf {AES}\)-\(\mathsf {GCM}\)-\(\mathsf {SIV}\).

  2. 2.

    https://boringssl.googlesource.com/boringssl.

  3. 3.

    https://bench.cr.yp.to/supercop.html.

  4. 4.

    We will view \(\mathsf {S}\) and \(\mathsf {R}\) as random variables, and also write them to denote their probability distributions.

  5. 5.

    A trail is a walk in which all edges are distinct.

  6. 6.

    We assume that either \(|A|>0\) or \(|M|>0\).

  7. 7.

    This property might allow an adversary to distinguish \(\mathsf {SCM.PRNG}^\#\) and \(\$\) by making redundant queries, and this aspect will be taken into account in Lemma 7 and 8.

References

  1. Andreeva, E., et al.: COLM v1. Submission to the CAESAR competition (2016). https://competitions.cr.yp.to/round3/colmv1.pdf

  2. Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-25937-4_25

    Chapter  Google Scholar 

  3. Bhattacharya, S., Nandi, M.: Revisiting variable output length XOR pseudorandom function. IACR Trans. Symmetric Cryptol. 2018(1), 314–335 (2018)

    Article  Google Scholar 

  4. Bose, P., Hoang, V.T., Tessaro, S.: Revisiting AES-GCM-SIV: multi-user security, faster key derivation, and better bounds. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 468–499. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_18

    Chapter  Google Scholar 

  5. Choi, W., Lee, B., Lee, J., Lee, Y.: Toward a fully secure authenticated encryption scheme from a pseudorandom permutation. IACR Cryptology ePrint Archive, Report 2021/1168 (2021). http://eprint.iacr.org/2021/1168

  6. Choi, W., Lee, B., Lee, Y., Lee, J.: Improved security analysis for nonce-based enhanced hash-then-mask MACs. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 697–723. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_23

    Chapter  Google Scholar 

  7. Datta, N., Dutta, A., Nandi, M., Yasuda, K.: Encrypt or decrypt? To make a single-key beyond birthday secure nonce-based MAC. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 631–661. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_21

    Chapter  Google Scholar 

  8. Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1.2. submission to the CAESAR competition (2016). https://competitions.cr.yp.to/round3/asconv12.pdf

  9. Dutta, A., Nandi, M., Talnikar, S.: Beyond birthday bound secure MAC in faulty nonce model. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 437–466. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_15

    Chapter  MATH  Google Scholar 

  10. Gueron, S., Langley, A., Lindell, Y.: AES-GCM-SIV: nonce misuse-resistant authenticated encryption. RFC 8452, April 2019

    Google Scholar 

  11. Gueron, S., Lindell, Y.: GCM-SIV: full nonce misuse-resistant authenticated encryption at under one cycle per byte. In: Ray, I. (ed.) ACM SIGSAC Conference on Computer and Communications Security - CCS 2015, pp. 109–119. Association for Computing Machinery (2015)

    Google Scholar 

  12. Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption AEZ and the problem that it solves. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 15–44. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_2

    Chapter  Google Scholar 

  13. Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 3–32. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_1

    Chapter  Google Scholar 

  14. Iwata, T.: Authenticated encryption mode for beyond the birthday bound security. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 125–142. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68164-9_9

    Chapter  Google Scholar 

  15. Iwata, T., Minematsu, K.: Stronger security variants of GCM-SIV. IACR Trans. Symmetric Cryptol. 2016(1), 134–157 (2016)

    Article  Google Scholar 

  16. Iwata, T., Minematsu, K., Peyrin, T., Seurin, Y.: ZMAC: a fast tweakable block cipher mode for highly secure message authentication. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 34–65. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_2

    Chapter  Google Scholar 

  17. Iwata, T., Seurin, Y.: Reconsidering the security bound of AES-GCM-SIV. IACR Trans. Symmetric Cryptol. 2017(4), 240–267 (2017)

    Article  Google Scholar 

  18. Jean, J., Nikolić, I., Peyrin, T., Seurin, Y.: Deoxys v1.41. Submission to the CAESAR competition (2016). https://competitions.cr.yp.to/round3/deoxysv141.pdf

  19. Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_18

    Chapter  MATH  Google Scholar 

  20. Krovetz, T., Rogaway, P.: OCB (v1.1). Submission to the CAESAR competition (2016). https://competitions.cr.yp.to/round3/ocbv11.pdf

  21. McGrew, D.A., Viega, J.: The security and performance of the Galois/counter mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30556-9_27

    Chapter  Google Scholar 

  22. Nir, Y., Langley, A.: ChaCha20 and Poly1305 for IETF protocols. RFC 7539 (2015)

    Google Scholar 

  23. Patarin, J.: Introduction to mirror theory: analysis of systems of linear equalities and linear non equalities for cryptography. IACR Cryptology ePrint Archive, Report 2010/287 (2010). http://eprint.iacr.org/2010/287

  24. Patarin, J.: Mirror theory and cryptography. IACR Cryptology ePrint Archive, Report 2016/702 (2016). http://eprint.iacr.org/2016/702

  25. Peyrin, T., Seurin, Y.: Counter-in-tweak: authenticated encryption modes for tweakable block ciphers. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 33–63. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_2

    Chapter  MATH  Google Scholar 

  26. Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_23

    Chapter  Google Scholar 

  27. Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). Submission to NIST (2002). https://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ccm/ccm.pdf

  28. Wu, H.: ACORN: a lightweight authenticated cipher (v3). Submission to the CAESAR competition (2016). https://competitions.cr.yp.to/round3/acornv3.pdf

  29. Wu, H., Preneel, B.: AEGIS: a fast authenticated encryption algorithm (v1.1). Submission to the CAESAR competition (2016). https://competitions.cr.yp.to/round3/aegisv11.pdf

Download references

Author information

Authors and Affiliations

  1. KAIST, Daejeon, Korea

    Wonseok Choi, Byeonghak Lee, Jooyoung Lee & Yeongmin Lee

Authors
  1. Wonseok Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Byeonghak Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jooyoung Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yeongmin Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Wonseok Choi , Byeonghak Lee or Jooyoung Lee .

Editor information

Editors and Affiliations

  1. NTT Corporation, Tokyo, Japan

    Mehdi Tibouchi

  2. Nanyang Technological University, Singapore, Singapore

    Huaxiong Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Choi, W., Lee, B., Lee, J., Lee, Y. (2021). Toward a Fully Secure Authenticated Encryption Scheme from a Pseudorandom Permutation. In: Tibouchi, M., Wang, H. (eds) Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science(), vol 13092. Springer, Cham. https://doi.org/10.1007/978-3-030-92078-4_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-92078-4_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92077-7

  • Online ISBN: 978-3-030-92078-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics