Abstract
A technique of authenticated encryption for memory constrained devices called sp-AELM was proposed by Agrawal et al. at ACISP 2015. The sp-ALEM construction utilizes a sponge-based primitive to support online encryption and decryption functionalities. Online encryption in the construction is achieved in the standard manner by processing plaintext blocks as they arrive to produce ciphertext blocks. However, decryption is achieved by storing only one intermediate state and releasing it to the user upon correct verification. This intermediate state allows a legitimate user to generate the plaintext herself. However, the scheme is nonce-respecting, i.e., the scheme is insecure if the nonce is repeated. Implementation of a nonce is non-trivial in practice, and reuse of a nonce in an AE scheme is often devastating. In this paper, we propose a new AE scheme called dAELM, which stands for deterministic authenticated encryption (DAE) scheme for low memory devices. DAE is used in domains such as the key wrap, where the available message entropy omits the overhead of a nonce. For limiting memory usage, our idea is to use a session key to encrypt a message and share the session key with the user depending upon the verification of a tag. We provide the security proof of the proposed construction in the ideal cipher model.
Highlights
Authenticated Encryption ( AE) is a symmetric encryption scheme that aims to provide authenticity as well as confidentiality using a single construction
We propose a new deterministic authenticated encryption (DAE) scheme, which we call dAELM
We propose a new deterministic authenticated encryption scheme dAELM for memory constrained devices
Summary
Authenticated Encryption ( AE) is a symmetric encryption scheme that aims to provide authenticity as well as confidentiality using a single construction. Thereafter, several notions of authenticated encryption have emerged over a series of works [3,4,5,6,7], which include misuse-resistant AE [8] and AE for memory constrained devices [9,10]. Due to the limited storage capabilities of these IoT devices, it has become necessary to design a AE scheme which can process long messages even with these memory constraints. Decrypting the ciphertext with limited memory poses a challenge. This is because the sender cannot return decrypted data without first verifying its authenticity, and verifying the authenticity requires the data to be seen in a first pass followed by the actual decryption in the second pass. Cryptography 2018, 2, 37 passes, the device needs to store the data, which may not be feasible for the devices with restricted memory space
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
