How to construct random functions
Journal of the ACM (JACM)
The security of the cipher block chaining message authentication code
Journal of Computer and System Sciences
Securely combining public-key cryptosystems
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Authenticated-encryption with associated-data
Proceedings of the 9th ACM conference on Computer and communications security
On the Security of CTR + CBC-MAC
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Universal Padding Schemes for RSA
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
LFSR-based Hashing and Authentication
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
A Block-Cipher Mode of Operation for Parallelizable Message Authentication
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Authenticated-encryption with associated-data
Proceedings of the 9th ACM conference on Computer and communications security
OCB: A block-cipher mode of operation for efficient authenticated encryption
ACM Transactions on Information and System Security (TISSEC)
A composable cryptographic library with nested operations
Proceedings of the 10th ACM conference on Computer and communications security
ACM Transactions on Information and System Security (TISSEC)
Attacking and repairing the winZip encryption scheme
Proceedings of the 11th ACM conference on Computer and communications security
Versatile padding schemes for joint signature and encryption
Proceedings of the 11th ACM conference on Computer and communications security
Accelerating AES with Vector Permute Instructions
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Application and performance analysis of various AEAD techniques for space telecommand authentication
IEEE Transactions on Wireless Communications
SARFUM: Security Architecture for Remote FPGA Update and Monitoring
ACM Transactions on Reconfigurable Technology and Systems (TRETS)
Concealment and its applications to authenticated encryption
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Authenticated encryption mode for beyond the birthday bound security
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Security enhancement for space telecommand link
ICICS'09 Proceedings of the 7th international conference on Information, communications and signal processing
Pseudo-random functions and parallelizable modes of operations of a block cipher
IEEE Transactions on Information Theory
On the soundness of authenticate-then-encrypt: formalizing the malleability of symmetric encryption
Proceedings of the 17th ACM conference on Computer and communications security
A Simple and Generic Construction of Authenticated Encryption with Associated Data
ACM Transactions on Information and System Security (TISSEC)
The software performance of authenticated-encryption modes
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Authenticated and misuse-resistant encryption of key-dependent data
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
PolyE+CTR: a swiss-army-knife mode for block ciphers
ProvSec'11 Proceedings of the 5th international conference on Provable security
A general construction of tweakable block ciphers and different modes of operations
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Two-pass authenticated encryption faster than generic composition
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
New blockcipher modes of operation with beyond the birthday bound security
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Justifying a dolev-yao model under active attacks
Foundations of Security Analysis and Design III
Combining message encryption and authentication
Annales UMCS, Informatica - Cryptography and data protection
The security and performance of the galois/counter mode (GCM) of operation
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
Analysis of a database and index encryption scheme – problems and fixes
SDM'06 Proceedings of the Third VLDB international conference on Secure Data Management
WWIC'10 Proceedings of the 8th international conference on Wired/Wireless Internet Communications
A provable-security treatment of the key-wrap problem
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Duplexing the sponge: single-pass authenticated encryption and other applications
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Designing the API for a cryptographic library: a misuse-resistant application programming interface
Ada-Europe'12 Proceedings of the 17th Ada-Europe international conference on Reliable Software Technologies
Web-based attacks on host-proof encrypted storage
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
McOE: a family of almost foolproof on-line authenticated encryption schemes
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
The low-call diet: authenticated encryption for call counting HSM users
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
DupLESS: server-aided encryption for deduplicated storage
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.06 |
When a message is transformed into a ciphertext in a way designed to protect both its privacy and authenticity, there may be additional information, such as a packet header, that travels alongside the ciphertext (at least conceptually) and must get authenticated with it. We formalize and investigate this authenticated-encryption with associated-data (AEAD) problem. Though the problem has long been addressed in cryptographic practice, it was never provided a definition or even a name. We do this, and go on to look at efficient solutions for AEAD, both in general and for the authenticated-encryption scheme OCB. For the general setting we study two simple ways to turn an authenticated-encryption scheme that does not support associated-data into one that does: nonce stealing and ciphertext translation. For the case of OCB we construct an AEAD-scheme by combining OCB and the pseudorandom function PMAC, using the same key for both algorithms. We prove that, despite "interaction" between the two schemes when using a common key, the combination is sound. We also consider achieving AEAD by the generic composition of a nonce-based, privacy-only encryption scheme and a pseudorandom function.