Paper 2014/793

Robust Authenticated-Encryption: AEZ and the Problem that it Solves

Viet Tung Hoang, Ted Krovetz, and Phillip Rogaway

Abstract

With a scheme for \textit{robust} authenticated-encryption a user can select an arbitrary value $\lambda \ge 0$ and then encrypt a plaintext of any length into a ciphertext that's $\lambda$ characters longer. The scheme must provide all the privacy and authenticity possible for the requested~$\lambda$. We formalize and investigate this idea, and construct a well-optimized solution, AEZ, from the AES round function. Our scheme encrypts strings at almost the same rate as OCB-AES or CTR-AES (on Haswell, AEZ has a peak speed of about 0.7 cpb). To accomplish this we employ an approach we call \textit{prove-then-prune}: prove security and then instantiate with a \textit{scaled-down} primitive (e.g., reducing rounds for blockcipher calls).

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in EUROCRYPT 2015
Keywords
AEZarbitrary-input blockciphersauthenticated encryptionrobust AEmisuse resistancenonce reuseCAESAR competitionblockcipher modesprovable securitysymmetric encryption
Contact author(s)
hviettung @ gmail com
History
2017-03-31: last of 3 revisions
2014-10-10: received
See all versions
Short URL
https://ia.cr/2014/793
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2014/793,
      author = {Viet Tung Hoang and Ted Krovetz and Phillip Rogaway},
      title = {Robust Authenticated-Encryption: AEZ and the Problem that it Solves},
      howpublished = {Cryptology ePrint Archive, Paper 2014/793},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/793}},
      url = {https://eprint.iacr.org/2014/793}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.