McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes [chapter]

Ewan Fleischmann, Christian Forler, Stefan Lucks
2012 Lecture Notes in Computer Science  
On-Line Authenticated Encryption (OAE) combines privacy with data integrity and is on-line computable. Most block cipher-based schemes for Authenticated Encryption can be run on-line and are provably secure against nonce-respecting adversaries. But they fail badly for more general adversaries. This is not a theoretical observation only -in practice, the reuse of nonces is a frequent issue 1 . In recent years, cryptographers developed misuse-resistant schemes for Authenticated Encryption. These
more » ... uarantee excellent security even against general adversaries which are allowed to reuse nonces. Their disadvantage is that encryption can be performed in an off-line way, only. This paper considers OAE schemes dealing both with nonce-respecting and with general adversaries. It introduces McOE, an efficient design for OAE schemes. For this we present in detail one of the family members, McOE-X, which is a design solely based on a standard block cipher. As all the other member of the McOE family, it provably guarantees reasonable security against general adversaries as well as standard security against nonce-respecting adversaries.
doi:10.1007/978-3-642-34047-5_12 fatcat:yeu2qvbyxfgydogncmxvzyg3zi