Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
OCB: a block-cipher mode of operation for efficient authenticated encryption
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Authenticated-encryption with associated-data
Proceedings of the 9th ACM conference on Computer and communications security
A Practice-Oriented Treatment of Pseudorandom Number Generators
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
OCB: A block-cipher mode of operation for efficient authenticated encryption
ACM Transactions on Information and System Security (TISSEC)
Slide Attacks on a Class of Hash Functions
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On the indifferentiability of the sponge construction
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Sponge-based pseudo-random number generators
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Careful with composition: limitations of the indifferentiability framework
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
The PHOTON family of lightweight Hash functions
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
SPONGENT: a lightweight hash function
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Solving systems of differential equations of addition
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
A provable-security treatment of the key-wrap problem
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Differential-linear attacks against the stream cipher Phelix
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
On the implementation aspects of sponge-based authenticated encryption for pervasive devices
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Power Analysis of Hardware Implementations Protected with Secret Sharing
MICROW '12 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops
FIDES: lightweight authenticated cipher with side-channel resistance for constrained hardware
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
This paper proposes a novel construction, called duplex, closely related to the sponge construction, that accepts message blocks to be hashed and---at no extra cost---provides digests on the input blocks received so far. It can be proven equivalent to a cascade of sponge functions and hence inherits its security against single-stage generic attacks. The main application proposed here is an authenticated encryption mode based on the duplex construction. This mode is efficient, namely, enciphering and authenticating together require only a single call to the underlying permutation per block, and is readily usable in, e.g., key wrapping. Furthermore, it is the first mode of this kind to be directly based on a permutation instead of a block cipher and to natively support intermediate tags. The duplex construction can be used to efficiently realize other modes, such as a reseedable pseudo-random bit sequence generators and a sponge variant that overwrites part of the state with the input block rather than to XOR it in.