Results 11  20
of
71
An Interface and Algorithms for Authenticated Encryption", RFC 5116, January 2008. Authors’ Addresses Kevin M. Igoe NSA/CSS Commercial Solutions Center National Security Agency USA EMail: kmigoe@nsa.gov Jerome A
 Solinas National Information Assurance Research Laboratory National Security Agency USA EMail: jasolin@orion.ncsc.mil Igoe & Solinas Informational [Page 10
"... This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards " (STD 1) for the standardization state and status of this pro ..."
Abstract

Cited by 19 (2 self)
 Add to MetaCart
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards " (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This document defines algorithms for Authenticated Encryption with Associated Data (AEAD), and defines a uniform interface and a registry for such algorithms. The interface and registry can be used as an applicationindependent set of cryptoalgorithm suites. This approach provides advantages in efficiency and security, and promotes
A general construction of tweakable block ciphers and different modes of operations
 IEEE Transactions on Information Theory
"... Abstract—This work builds on earlier work by Rogaway at Asiacrypt 2004 on tweakable block cipher (TBC) and modes of operations. Our first contribution is to generalize Rogaway’s TBC construction by working over a ring and by the use of a masking sequence of functions. The ring can be instantiated ..."
Abstract

Cited by 17 (7 self)
 Add to MetaCart
(Show Context)
Abstract—This work builds on earlier work by Rogaway at Asiacrypt 2004 on tweakable block cipher (TBC) and modes of operations. Our first contribution is to generalize Rogaway’s TBC construction by working over a ring and by the use of a masking sequence of functions. The ring can be instantiated as either GF or as. Further, over GF, efficient instantiations of the masking sequence of functions can be done using either a binary linear feedback shift register (LFSR); a powering construction; a cellular automata map; or by using a wordoriented LFSR. Rogaway’s TBC construction was built from the powering construction over GF. Our second contribution is to use the general TBC construction to instantiate constructions of various modes of operations including authenticated encryption (AE) and message authentication code (MAC). In particular, this gives rise to a family of efficient onepass AE modes of operation. Out of these, the mode of operation obtained by the use of wordoriented LFSR promises to provide a masking method which is more efficient than the one used in the well known AE protocol called OCB1. Index Terms—Authenticated encryption with associated data, message authentication code, modes of operations, tweakable block cipher (TBC). I.
A new mode of encryption providing a tweakable strong pseudorandom permutation, eprint.iacr.org
, 2006
"... Abstract. We present PEP, which is a new construction of a tweakable strong pseudorandom permutation. PEP uses a hashencrypthash approach which has been recently used in the construction of HCTR. This approach is different from the encryptmaskencrypt approach of constructions such as CMC, EME ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We present PEP, which is a new construction of a tweakable strong pseudorandom permutation. PEP uses a hashencrypthash approach which has been recently used in the construction of HCTR. This approach is different from the encryptmaskencrypt approach of constructions such as CMC, EME and EME∗. The general hashencrypthash approach was earlier used by NaorReingold to provide a generic construction technique for an SPRP (but not a tweakable SPRP). PEP can be seen as the development of the NaorReingold approach into a fully specified mode of operation with a concrete security reduction for a tweakable strong pseudorandom permutation. HCTR is also based on the NaorReingold approach but its security bound is weaker than PEP. Compared to previous known constructions, PEP is the only known construction of tweakable SPRP which uses a single key, is efficiently parallelizable and can handle an arbitrary number of blocks.
High Speed Architecture for Galois/Counter Mode of Operation (GCM)
 IACR PREPRINT ARCHIVE
, 2005
"... In this paper we present a fully pipelined high speed hardware architecture for Galois/Counter Mode of Operation (GCM) by analyzing the data dependencies in the GCM algorithm at the architecture level. We show that GCM encryption circuit and GCM authentication circuit have similar critical path dela ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
In this paper we present a fully pipelined high speed hardware architecture for Galois/Counter Mode of Operation (GCM) by analyzing the data dependencies in the GCM algorithm at the architecture level. We show that GCM encryption circuit and GCM authentication circuit have similar critical path delays resulting in an efficient pipeline structure. The proposed GCM architecture yields a throughput of 34 Gbps running at 271 MHz using a 0.18 µm CMOS standard cell library.
2006, Use of Galois Message Authentication Code (GMAC
 in IPsec ESP and AH, McAfee, Inc., RFC
"... This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards " (STD 1) for the standardization state and status of this pro ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards " (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). This memo describes the use of the Advanced Encryption Standard (AES) Galois Message Authentication Code (GMAC) as a mechanism to provide data origin authentication, but not confidentiality, within the IPsec Encapsulating Security Payload (ESP) and Authentication Header (AH). GMAC is based on the Galois/Counter Mode (GCM) of operation, and can be efficiently implemented in hardware for speeds of 10 gigabits per second and above, and is also wellsuited to software
PseudoRandom Functions and Parallelizable Modes of Operations of a Block Cipher
"... Abstract. This paper considers the construction and analysis of pseudorandom functions (PRFs) with specific reference to modes of operations of a block cipher. In the context of message authentication codes (MACs), earlier independent work by Bernstein and Vaudenay show how to reduce the analysis o ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
(Show Context)
Abstract. This paper considers the construction and analysis of pseudorandom functions (PRFs) with specific reference to modes of operations of a block cipher. In the context of message authentication codes (MACs), earlier independent work by Bernstein and Vaudenay show how to reduce the analysis of relevant PRFs to some probability calculations. In the first part of the paper, we revisit this result and use it to prove a general result on constructions which use a PRF with a “small ” domain to build a PRF with a “large ” domain. This result is used to analyse two new parallelizable PRFs which are suitable for use as MAC schemes. The first scheme, called iPMAC, is based on a block cipher and improves upon the wellknown PMAC algorithm. The improvements consist in faster masking operations and the removal of a design stage discrete logarithm computation. The second scheme, called VPMAC, uses a keyed compression function rather than a block cipher. The only previously known compression function based parallelizable PRF is called the protected counter sum (PCS) and is due to Bernstein. VPMAC improves upon PCS by requiring lesser number of calls to the compression function. The second part of the paper takes a new look at the construction and analysis of modes of operations for authenticated encryption (AE) and for authenticated encryption with associated data (AEAD). Usually, the most complicated part in the security analysis of such modes is the analysis of authentication
Online Ciphers from Tweakable Blockciphers
"... Online ciphers are deterministic lengthpreserving permutations EK: ({0, 1} n) + → ({0, 1} n) + where the ith block of ciphertext depends only on the first i blocks of plaintext. Definitions, constructions, and applications for these objects were first given by Bellare, Boldyreva, Knudsen, and Na ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
Online ciphers are deterministic lengthpreserving permutations EK: ({0, 1} n) + → ({0, 1} n) + where the ith block of ciphertext depends only on the first i blocks of plaintext. Definitions, constructions, and applications for these objects were first given by Bellare, Boldyreva, Knudsen, and Namprempre. We simplify and generalize their work, showing that online ciphers are rather trivially constructed from tweakable blockciphers, a notion of Liskov, Rivest, and Wagner. We go on to show how to define and achieve online ciphers for settings in which messages need not be a multiple of n bits.
Block Recombination Approach for Subquadratic Space Complexity Binary Field Multiplication based on Toeplitz MatrixVector Product
, 2010
"... In this paper, we present a new method for parallel binary finite field multiplication which results in subquadratic space complexity. The method is based on decomposing the building blocks of FanHasan subquadratic Toeplitz matrixvector multiplier. We reduce the space complexity of their architect ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
In this paper, we present a new method for parallel binary finite field multiplication which results in subquadratic space complexity. The method is based on decomposing the building blocks of FanHasan subquadratic Toeplitz matrixvector multiplier. We reduce the space complexity of their architecture by recombining the building blocks. In comparison to other similar schemes available in the literature, our proposal presents a better space complexity while having the same time complexity. We also show that block recombination can be used for efficient implementation of the GHASH function of Galois Counter Mode (GCM).
Information Theoretically Secure Encryption with Almost Free Authentication
"... Abstract: In cryptology, secure channels enable the exchange of messages in a confidential and authenticated manner. The literature of cryptology is rich with proposals and analysis that address the secure communication over public (insecure) channels. In this work, we propose an information theore ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
Abstract: In cryptology, secure channels enable the exchange of messages in a confidential and authenticated manner. The literature of cryptology is rich with proposals and analysis that address the secure communication over public (insecure) channels. In this work, we propose an information theoretically secure direction for the construction of secure channels. First, we propose a method of achieving unconditionally secure authentication with half the amount of key material required by traditional unconditionally secure message authentication codes (MACs). Key reduction is achieved by utilizing the special structure of the authenticated encryption system. That is, authentication exploits the secrecy of the message to reduce the key material required for authentication. After the description of our method, since key material is the most important concern in unconditionally secure authentication, given the message is encrypted with a perfectly secret onetime pad cipher, we extend our method to achieve unconditionally secure authentication with almost free key material. That is, we propose a method for unconditionally authenticating arbitrarily long messages with much shorter keys. Finally, we will show how the special structure of the authenticated encryption systems can be exploited to achieve provably secure authentication that is very efficient for the authentication of short messages.
Authentication weaknesses in GCM
, 2005
"... We show two weaknesses in the the authentication functionality of GCM when it is used with a short authentication tag. The first weakness raises the probability of a successful forgery significantly. The second weakness reveals the authentication key if the attacker manages to create successful forg ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
We show two weaknesses in the the authentication functionality of GCM when it is used with a short authentication tag. The first weakness raises the probability of a successful forgery significantly. The second weakness reveals the authentication key if the attacker manages to create successful forgeries. 1