The software performance of authenticated-encryption modes
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Combining message encryption and authentication
Annales UMCS, Informatica - Cryptography and data protection
Double ciphertext mode: a proposal for secure backup
International Journal of Applied Cryptography
The sum of CBC MACs is a secure PRF
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Double ciphertext mode: a proposal for secure backup
International Journal of Applied Cryptography
Security of hash-then-CBC key wrapping revisited
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
McOE: a family of almost foolproof on-line authenticated encryption schemes
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
| Hi-index | 0.00 |
We propose the HBS (Hash Block Stealing) mode of operation. This is the first single-key mode that provably achieves the goal of providing deterministic authenticated encryption. The authentication part of HBS utilizes a newly-developed, vector-input polynomial hash function. The encryption part uses a blockcipher-based, counter-like mode. These two parts are combined in such a way as the numbers of finite-field multiplications and blockcipher calls are minimized. Specifically, for a header of h blocks and a message of m blocks, the HBS algorithm requires just h + m + 2 multiplications in the finite field and m + 2 calls to the blockcipher. Although the HBS algorithm is fairly simple, its security proof is rather complicated.