70 Hits in 8.4 sec

Beyond 2 c/2 Security in Sponge-Based Authenticated Encryption Modes [chapter]

Philipp Jovanovic, Atul Luykx, Bart Mennink
2014 Lecture Notes in Computer Science  
We show that Sponge-based constructions for authenticated encryption can achieve the significantly higher bound of min{2 b/2 , 2 c , 2 κ } asymptotically, with b > c the permutation size, by proving that  ...  The Sponge function is known to achieve 2 c/2 security, where c is its capacity.  ...  This work was supported in part by the Research Fund KU Leuven, OT/13/071, and in part by the Research Council KU Leuven: GOA TENSE (GOA/11/007).  ... 
doi:10.1007/978-3-662-45611-8_5 fatcat:kv2oj622yrhfndisdwpjdb2ybe

Beyond Conventional Security in Sponge-Based Authenticated Encryption Modes

Philipp Jovanovic, Atul Luykx, Bart Mennink, Yu Sasaki, Kan Yasuda
2018 Journal of Cryptology  
We show that Sponge-based constructions for authenticated encryption can achieve the significantly higher bound of min{2 b/2 , 2 c , 2 κ }, with b > c the permutation size, by proving that the CAESAR submission  ...  The Sponge function is known to achieve 2 c/2 security, where c is its capacity.  ...  In particular, we thank Samuel Neves for his useful comments. The authors furthermore thank the reviewers for their insightful comments.  ... 
doi:10.1007/s00145-018-9299-7 fatcat:jqdqmvr2wnec3ip5qy5gmy3hl4

Duplexing the Sponge: Single-Pass Authenticated Encryption and Other Applications [chapter]

Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche
2012 Lecture Notes in Computer Science  
The main application proposed here is an authenticated encryption mode based on the duplex construction.  ...  This mode is efficient, namely, enciphering and authenticating together require only a single call to the underlying permutation per block, and is readily usable in, e.g., key wrapping.  ...  In this specific case, the security proof goes beyond the 2 c/2 complexity if the number of input or output blocks for which the key is used (data complexity) is upper bounded by M < 2 c/2−1 .  ... 
doi:10.1007/978-3-642-28496-0_19 fatcat:rvxusw35hrayvcowchq42lfmji

The BRUTUS automatic cryptanalytic framework

Markku-Juhani O. Saarinen
2015 Journal of Cryptographic Engineering  
Although authenticated encryption with associated data are often defined (and are best used) as discrete primitives that authenticate and transmit only complete messages, in practice, these algorithms  ...  This report summarizes our results from security analysis covering all 57 competitions for authenticated encryption: security, applicability, and robustness (CAE-SAR) first-round candidates and over 210  ...  We refer to [1] and the authenticated encryption zoo web site for classification and current status of each one of the candidates. 2 Here's our rough breakdown: 8 Clearly based on the Sponge construction  ... 
doi:10.1007/s13389-015-0114-1 fatcat:nubvjj5p65ac5emvq3tdtfukg4

Security of Keyed Sponge Constructions Using a Modular Proof Approach [chapter]

Elena Andreeva, Joan Daemen, Bart Mennink, Gilles Van Assche
2015 Lecture Notes in Computer Science  
Earlier security bounds, mostly due to the well-known sponge indifferentiability result, guarantee a security level of c/2 bits with c the capacity.  ...  Sponge functions were originally proposed for hashing, but find increasingly more applications in keyed constructions, such as encryption and authentication.  ...  In other words, our bounds imply security beyond the birthday bound on the capacity for all existing keyed sponge based modes. We remark that a recent work of Jovanovic et al.  ... 
doi:10.1007/978-3-662-48116-5_18 fatcat:snabyqljfbelngix3uojj2p6iu

Towards Low-Energy Leakage-Resistant Authenticated Encryption from the Duplex Sponge Construction

Chun Guo, Olivier Pereira, Thomas Peters, François-Xavier Standaert
2020 IACR Transactions on Symmetric Cryptology  
We also provides the first rigorous methodology for the leakage-resistance of sponge/duplex-based AEs based on a minimal non-invertibility assumption on leakages, which leads to various insights on designs  ...  It offers: (i) provable integrity (resp. confidentiality) guarantees in the presence of leakage during both encryption and decryption (resp. encryption only), (ii) some level of nonce misuse robustness  ...  This work has been funded in parts by the European Union through the ERC project SWORD (724725), and the European Union and Walloon Region FEDER USERMedia project 501907-379156.  ... 
doi:10.13154/tosc.v2020.i1.6-42 dblp:journals/tosc/GuoPPS20 fatcat:rqfvudal2re6znqzn7umrtdxnm

Security of Full-State Keyed Sponge and Duplex: Applications to Authenticated Encryption [chapter]

Bart Mennink, Reza Reyhanitabar, Damian Vizár
2015 Lecture Notes in Computer Science  
Yasuda and Sasaki (CT-RSA 2015) have considered partially full-state Sponge-based authenticated encryption schemes for efficient incorporation of associated data.  ...  Our results can be used for making a large class of Sponge-based authenticated encryption schemes more efficient by concurrent absorption of associated data and message blocks.  ...  [18] re-investigated Sponge-based authenticated encryption schemes, starring NORX, and derived beyond birthday-bound security. These results are, however, all for the usual -bit absorption.  ... 
doi:10.1007/978-3-662-48800-3_19 fatcat:lu6ck4fwsrgtzltbbw6l46b55i

The Oribatida v1.3 Family of Lightweight Authenticated Encryption Schemes

Arghya Bhattacharjee, Cuauhtemoc Mancillas López, Eik List, Mridul Nandi
2021 Journal of Mathematical Cryptology  
Permutation-based modes have been established for lightweight authenticated encryption, as can be seen from the high interest in the ongoing NIST lightweight competition.  ...  While authenticated encryption can be performed in an on-line manner, authenticated decryption assumes that the resulting plaintext is buffered and never released if the corresponding tag is incorrect.  ...  We the authors hereby declare that we have no conflict of interest in connection with evaluated manuscripts.  ... 
doi:10.1515/jmc-2020-0018 fatcat:i4bgdxscfbcb7hju5p7ihoyomy

Dumbo, Jumbo, and Delirium: Parallel Authenticated Encryption for the Lightweight Circus

Tim Beyne, Yu Long Chen, Christoph Dobraunig, Bart Mennink
2020 IACR Transactions on Symmetric Cryptology  
With the trend to connect more and more devices to the Internet, authenticated encryption has become a major backbone in securing the communication, not only between these devices and servers, but also  ...  Most authenticated encryption algorithms used in practice are developed to perform well on modern high-end devices, but are not necessarily suited for usage on resource-constrained devices.  ...  authenticated encryption mode is specified in Section 4.1, and it is proven to be secure relative to the tweakable block cipher security of SiM in Section 4.2.  ... 
doi:10.13154/tosc.v2020.is1.5-30 dblp:journals/tosc/BeyneCDM20 fatcat:tbbqtqvntncdhe5cakydkzma5m


Christof Beierle, Jérémy Jean, Stefan Kölbl, Gregor Leander, Amir Moradi, Thomas Peyrin, Yu Sasaki, Pascal Sasdrich, Siang Meng Sim
2020 IACR Transactions on Symmetric Cryptology  
In particular, for authenticated encryption, we show how to instantiate members of SKINNY in the Deoxys-I-like ΘCB3 framework to fulfill the submission requirements of the NIST lightweight cryptography  ...  We present the family of authenticated encryption schemes SKINNY-AEAD and the family of hashing schemes SKINNY-Hash.  ...  Acknowledgements The work described in this paper has been supported in part by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy -EXC 2092 CASA  ... 
doi:10.13154/tosc.v2020.is1.88-131 dblp:journals/tosc/BeierleJKLMPSSS20 fatcat:u4jtzsxthjgs7gkroyq5o7mv6y

Stream cipher designs: a review

Lin Jiao, Yonglin Hao, Dengguo Feng
2020 Science China Information Sciences  
Figure 19 Block cipher work modes. m 1 m 2 m n c 1 c 2 c n E k E k E k E k E k E k E k E k E k c 1 c 2 c n c 1 c 2 c n m 1 m 2 m 1 m 2 m n m n +1 +1 +1 OFB.  ...  Deoxys [69] is an authenticated encryption cipher in the finalists of CAESAR, based on a tweakable block cipher Deoxys-BC with work mode.  ... 
doi:10.1007/s11432-018-9929-x fatcat:owggwpyki5dydekbh6dg7zvofm

Full-State Keyed Duplex with Built-In Multi-user Support [chapter]

Joan Daemen, Bart Mennink, Gilles Van Assche
2017 Lecture Notes in Computer Science  
Via the introduction of an additional parameter to the analysis, our bound demonstrates a significant security improvement in case of nonce-respecting adversaries.  ...  We present a generalization of the full-state keyed duplex that natively supports multiple instances by design, and perform a security analysis that improves over that of Mennink et al. in terms of a more  ...  Whereas the keyed sponge serves message authentication and stream encryption, authenticated encryption is mostly done via the keyed duplex construction [11] .  ... 
doi:10.1007/978-3-319-70697-9_21 fatcat:wrycumeznjgylcwhytzyxoljui

Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers

Yusuke Naito, Takeshi Sugawara
2019 Transactions on Cryptographic Hardware and Embedded Systems  
To employ a short block length without compromising security, we propose PFB, a lightweight TBC-based authenticated encryption with associated data mode, which achieves beyond-birthday-bound security.  ...  However, when such a 64-bit primitive is used for an authenticated encryption with birthday-bound security, it has only 32-bit data complexity, which is subject to practical attacks.  ...  Nonce-Based Authenticated Encryption with Associated Data A nonce-based authenticated encryption with associated data (nAEAD) scheme based on a keyed TBC E K , denoted by Π[ E K ], is a pair of encryption  ... 
doi:10.13154/tches.v2020.i1.66-94 dblp:journals/tches/NaitoS20 fatcat:me6xowgfuzcedckiakaeq6xjci

Duel of the Titans: The Romulus and Remus Families of Lightweight AEAD Algorithms

Tetsu Iwata, Mustafa Khairallah, Kazuhiko Minematsu, Thomas Peyrin
2020 IACR Transactions on Symmetric Cryptology  
In this article, we propose two new families of very lightweight and efficient authenticated encryption with associated data (AEAD) modes, Romulus and Remus, that provide security beyond the birthday bound  ...  Actually, our comparisons show that both our designs present superior performances when compared to all other recent lightweight AEAD modes, being BC-based, TBC-based or sponge-based, in the nonce-respecting  ...  ΘCB3 is a well-studied TBC-based AEAD mode. COFB is a BC-based lightweight AEAD mode. Beetle is a Sponge-based AEAD mode, but it holds a lot of resemblance to Remus-N.  ... 
doi:10.13154/tosc.v2020.i1.43-120 dblp:journals/tosc/IwataKMP20 fatcat:6awk43sy55av7fnczsrf3fynqa

Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption [chapter]

Robert Granger, Philipp Jovanovic, Bart Mennink, Samuel Neves
2016 Lecture Notes in Computer Science  
The schemes MRS and MRSO are proven secure up to complexity of about min{2 c/2 , 2 k/2 , 2 τ /2 } and min{2 (b−τ )/2 , 2 k , 2 τ /2 }, respectively, where c denotes the capacity of the Sponge.  ...  maskings, we can view the absorption and encryption as two independent functions and a classical MAC-then-Encrypt security proof shows that MRO is secure up to complexity dominated by min{2 b/2 , 2 k  ...  We would like to thank Miloslav Homer for spotting a bug in our OPP specification [44] , which is fixed in the current version of the paper.  ... 
doi:10.1007/978-3-662-49890-3_11 fatcat:7hajg3rx7zcfblb4hkyayncs6y
« Previous Showing results 1 — 15 out of 70 results