The software performance of authenticated-encryption modes
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Double ciphertext mode: a proposal for secure backup
International Journal of Applied Cryptography
Double ciphertext mode: a proposal for secure backup
International Journal of Applied Cryptography
Security of hash-then-CBC key wrapping revisited
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Designing the API for a cryptographic library: a misuse-resistant application programming interface
Ada-Europe'12 Proceedings of the 17th Ada-Europe international conference on Reliable Software Technologies
McOE: a family of almost foolproof on-line authenticated encryption schemes
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
| Hi-index | 0.00 |
We present a new blockcipher mode of operation named BTM, which stands for Bivariate Tag Mixing. BTM falls into the category of Deterministic Authenticated Encryption, which we call DAE for short. BTM makes all-around improvements over the previous two DAE constructions, SIV (Eurocrypt 2006) and HBS (FSE 2009). Specifically, our BTM requires just one blockcipher key, whereas SIV requires two. Our BTM does not require the decryption algorithm of the underlying blockcipher, whereas HBS does. The BTM mode utilizes bivariate polynomial hashing for authentication, which enables us to handle vectorial inputs of dynamic dimensions. BTM then generates an initial value for its counter mode of encryption by mixing the resulting tag with one of the two variables (hash keys), which avoids the need for an implementation of the inverse cipher.