Blockcipher-Based Authenticated Encryption: How Small Can We Go?

Chakraborti, Avik; Iwata, Tetsu; Minematsu, Kazuhiko; Nandi, Mridul

doi:10.1007/s00145-019-09325-z

Cited by 30 publications

(46 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…at least n/2-bit auxiliary state is necessary for security up to 2 n/2 queries. Thus, our result implies that COFB [CIMN17a] is almost-optimal 3 in terms of auxiliary state size.…”

Section: Our Contributionsmentioning

confidence: 53%

“…In CHES 2017, Chakraborti et al [CIMN17a,CIMN17b] came up with a new feedback based function, termed combined feedback that uses a combination of previous block cipher output and the plaintext block to define the next block cipher input as depicted in Fig. 3.…”

Section: Combined Feedback-based Authenticated Encryptionmentioning

confidence: 99%

“…where G = I is an invertible matrix such that I + G is also invertible (see [CIMN17a,CIMN17b] for the exact instance of G), U i matrix for COFB corresponds to the matrix for field mutiplication with 2 or 3 using the primitive polynomial p(x) = x 64 + x 4 + x 3 + x + 1 over F 2 64 . We use the notation J b to denote the matrix…”

Section: Combined Feedback-based Authenticated Encryptionmentioning

confidence: 99%

“…As a result, several lightweight AE schemes have mushroomed in recent years, including: Ascon [DEMS16], ACORN [Wu16], CLOC/SILC [IMG + ,IMG + 16], JAMBU [WH16] etc. from the CAESAR competition, and COFB [CIMN17a], Beetle [CDNY18], SUNDAE [BBLT18], SAEB [NMSS18] etc. from the ongoing NIST LwC project.…”

Section: Introductionmentioning

confidence: 99%

“…The results for CLOC-AES-Optimized and NORX-Optimized implementations (based on custom API, but not CAESAR API) have been taken from [KHKC17]. Results for COFB have been taken from [CIMN17b]. '-' implies data not available…”

mentioning

confidence: 99%

See 4 more Smart Citations

From Combined to Hybrid: Making Feedback-based AE even Smaller

Chakraborti

Datta

Jha

et al. 2020

ToSC

Self Cite

View full text Add to dashboard Cite

In CHES 2017, Chakraborti et al. proposed COFB, a rate-1 sequential block cipher-based authenticated encryption (AE) with only 1.5n-bit state, where n denotes the block size. They used a novel approach, the so-called combined feedback, where each block cipher input has a combined effect of the previous block cipher output and the current plaintext block. In this paper, we first study the security of a general rate-1 feedback-based AE scheme in terms of its overall internal state size. For a large class of feedback functions, we show that the overlying AE scheme can be attacked in 2r queries if the internal state size is n + r bits for some r ≥ 0. This automatically shows that a birthday bound (i.e. 2n/2 queries) secure AE scheme must have at least 1.5n-bit state, whence COFB is almost-optimal (use 1.5n-bit state and provides security up to 2n/2/n queries). We propose a new feedback function, called the hybrid feedback or HyFB, which is a hybrid composition of plaintext and ciphertext feedbacks. HyFB has a key advantage of lower XOR counts over the combined feedback function. This essentially helps in reducing the hardware footprint. Based on HyFB we propose a new AE scheme, called HyENA, that achieves the state size, rate, and security of COFB. In addition, HyENA has significantly lower XOR counts as compared to COFB, whence it is expected to have a smaller implementation as compared to COFB.

show abstract

“…at least n/2-bit auxiliary state is necessary for security up to 2 n/2 queries. Thus, our result implies that COFB [CIMN17a] is almost-optimal 3 in terms of auxiliary state size.…”

Section: Our Contributionsmentioning

confidence: 53%

Section: Combined Feedback-based Authenticated Encryptionmentioning

confidence: 99%

Section: Combined Feedback-based Authenticated Encryptionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

See 3 more Smart Citations