Abstract
Authenticated encryption(AE) is the most widely used encryption, for it guarantee both integrity and confidentiality. Among oceans of AE algorithms, OCB is recognized as the best choice for its performance on platform supporting AES-NI instructions. But the problem is that the OCB is not robust, which is to say the security of OCB broke when it face complicated situation such as nonce-misuse or release of unverified plaintext. Although many new AE algorithm has been submitted to the CAESAR competition and the ongoing lightweight AEAD competition to solve these problem, their computational overhead is high. And in consideration of the fact that it is costly to change algorithm on machines which has already deployed OCB, we focus on fixing the RUP security along with nonce misuse property, with acceptable time-performance tradeoff.To solve this problem, we introduce two authenticated encryption schemes, named as OCB-RUP and nmOCB-RUP ,which combining the OCB mode with a tweakable blockcipher of variable tweakable length. We give a security proof of our schemes, and a optimized implementation using AES-NI and PLMULQDQ instructions. We give a comparison of performance between our schemes and the AES-OCB implementation in OpenSSL. Our measurement shows that OCB-RUP is only 34% slower than AES-OCB, and nmOCB-RUP, the more slower one achieve encryption under one cycle per byte. We conclude that our schemes is a practical option to enhance the OCB mode, providing RUP security and nonce misuse resistance at low cost. Both of the schemes achieve encryption at under one cycle per byte.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.