Authenticated encryption (AE) is a cryptographic construction that simultaneously protects confidentiality and integrity. A considerable amount of research has been devoted to the area since its formal inception in 2000. Different lines of research have been proposed to enhance the available schemes in terms of security, efficiency, and design and to implement new ideas. However, a comprehensive systematic literature review (SLR) of the topic has not been provided to the best of the authors' knowledge. This study fills this gap in the literature by proposing a framework for classifying AE schemes and highlighting past contributions to help researchers familiarize themselves with the current state and directions for future research in the area. This SLR covered AE schemes proposed from 2000 to 2020. A total of 217 articles, selected from eight sources, were categorized into independent schemes, CAESAR competition schemes, and NIST lightweight competition schemes. These schemes were then classified according to their design approaches, security-related properties, and functional features. Our analysis reveals that a significant outstanding challenge in AE is to balance security, efficiency, and the provision of desirable features.
Authenticated Encryption (AE) protects confidentiality and integrity at the same time. The sponge construction is based on an iterated permutation or transformation that can be used to implement hashing, and AE schemes, among others. Sponge-based AE schemes offer desirable characteristics like parallelizability and incrementality. In addition, they provide security features such as protection against Chosen Plaintext Attacks, Chosen-Ciphertext Attacks, and Side-Channel Attacks (SCAs). Traditionally AE schemes assume the tag length, also called the stretch, as a fixed parameter per key, and the security is proved according to that assumption. However, the variable tag length per key could happen due to misconfiguration or misuse. In that case, the security would be violated, so it is vital to accommodate variable tag length without sacrificing other desirable features. Reyhanitabar et al. proposed Key Equivalent Separation by Stretch feature and concretized it for protection against tag length misuse attacks in block cipher-based AE schemes. However, the problem remains unresolved for sponge-based constructions, where current sponge-based schemes are vulnerable to tag length variation under the same key attacks. This work aims to bridge this gap by proposing a parallel, sponge-based AE scheme with a variable tag length per key that protects against SCAs and suggesting a lower bound for the recommended tag length. Finally, the security of the proposed scheme is discussed, and its performance is analyzed after implementing the proposed AE scheme in the C programming language.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.