We propose a nonce misuse-resistant message authentication scheme called EHE (Encrypt-Hash-Encrypt). In EHE, a message-dependent polynomial is evaluated at the point which is an encrypted nonce. The resulting polynomial hash value is encrypted again and becomes an authentication tag. We prove the prf-security of the EHE scheme and extend it to two authenticated encryption modes which follow the “encrypt-then-authenticate” paradigm.
Download file
Counter downloads: 191
- Title EHE: nonce misuse-resistant message authentication
- Headline EHE: nonce misuse-resistant message authentication
- Publesher
Tomsk State University - Issue Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics 39
- Date:
- DOI 10.17223/20710410/39/3
Keywords
message authentication, authenticated encryption, polynomial hashing, prf-security, имитозащита, одновременное шифрование и имитозащита, полиномиальное хэширование, prf-стойкостьAuthors
References
Wegman M. and Carter J. New hash functions and their use in authentication and set equality. J. Comp. and System Sci., 1981, vol.22, pp. 265-279.
Shoup V. On fast and provably secure message authentication based on universal hashing. CRYPTO’2006, LNCS, 1996, vol. 1109, pp.313-328.
Bernstein D. Stronger security bounds for Wegman - Carter - Shoup authenticators. EUROCRYPT’2005, LNCS, 2005, vol.3494, pp. 164-180.
McGrew D. A. and Viega J. The security and performance of the Galois / Counter Mode (GCM) of operation. INDOCRYPT’2004, LNCS, 2004, vol.3348, pp.343-355.
Dworkin M. Recommendation for Block Cipher Modes of Operation: Galois-Counter Mode (GCM) for Confidentiality and Authentication. NIST Special Publication 800-38D, 2007. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf.
Rogaway R. Evaluation of Some Blockcipher Modes of Operation, Cryptography Research and Evaluation Committees (CRYPTREC), 2011. http://www.cryptrec.go.jp/estimation/ techrep_id2012_2.pdf.
Gueron S. and Lindell Y. GCM-SIV: full nonce misuse-resistant authenticated encryption at under one cycle per byte. Proc. CCS’15, Denver, CO, USA, 2015, pp. 109-119.
STB 34.101.31-2011. Informatsionnye Tekhnologii i Bezopasnost’. Zashchita Informatsii. Kriptograficheskie algoritmy shifrovaniya i kontrolya tselostnosti [Information Technology and Security. Data Encryption and Integrity Algorithms]. Standard of Belarus, 2011. http: //apmi.bsu.by/assets/files/std/belt-spec27.pdf (in Russian)
Lidl R. and Niederraiter H. Finite Fields. Cambridge University Press, 1997.
Patarin J. Etude des Generateurs de Permutations Bases sur le Sch‘ema du D.E.S., Ph.D. Thesis, University of Paris, 1991. (in French)
Nandi M. Improved security analysis for OMAC as a pseudorandom function, J. Math. Cryptol., 2009, vol. 3, pp. 133-148.
EHE: nonce misuse-resistant message authentication | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2018. № 39. DOI: 10.17223/20710410/39/3
Download full-text version
Counter downloads: 594