Boosting authenticated encryption robustness with minimal modifications

Tomer Ashur, Orr Dunkelman, Atul Luykx

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

18 Citations (Scopus)

Abstract

Secure and highly efficient authenticated encryption (AE) algorithms which achieve data confidentiality and authenticity in the symmetric-key setting have existed for well over a decade. By all conventional measures, AES-OCB seems to be the AE algorithm of choice on any platform with AES-NI: it has a proof showing it is secure assuming AES is, and it is one of the fastest out of all such algorithms. However, algorithms such as AES-GCM and ChaCha20+Poly1305 have seen more widespread adoption, even though they will likely never outperform AES-OCB on platforms with AES-NI. Given the fact that changing algorithms is a long and costly process, some have set out to maximize the security that can be achieved with the already deployed algorithms, without sacrificing efficiency: ChaCha20+Poly1305 already improves over GCM in how it authenticates, GCM-SIV uses GCM’s underlying components to provide nonce misuse resistance, and TLS1.3 introduces a randomized nonce in order to improve GCM’s multi-user security. We continue this line of work by looking more closely at GCM and ChaCha20+Poly1305 to see what robustness they already provide over algorithms such as OCB, and whether minor variants of the algorithms can be used for applications where defense in depth is critical. We formalize and illustrate how GCM and ChaCha20+Poly1305 offer varying degrees of resilience to nonce misuse, as they can recover quickly from repeated nonces, as opposed to OCB, which loses all security. More surprisingly, by introducing minor tweaks such as an additional XOR, we can create a GCM variant which provides security even when unverified plaintext is released.
Original languageEnglish
Title of host publicationAdvances in Cryptology – CRYPTO 2017 - 37th Annual International Cryptology Conference, Proceedings
EditorsJonathan Katz, Hovav Shacham
Place of PublicationCham
PublisherSpringer
Pages3-33
Number of pages31
ISBN (Electronic)978-3-319-63697-9
ISBN (Print)978-3-319-63696-2
DOIs
Publication statusPublished - 2017
Externally publishedYes
Event37th Annual International Cryptology Conference - Santa Barbara, United States
Duration: 20 Aug 201724 Aug 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10403 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference37th Annual International Cryptology Conference
CountryUnited States
CitySanta Barbara
Period20/08/1724/08/17

Keywords

  • AES
  • Authenticated encryption
  • ChaCha20
  • OCB
  • Poly1305 GCM
  • RUP
  • Robust

Fingerprint Dive into the research topics of 'Boosting authenticated encryption robustness with minimal modifications'. Together they form a unique fingerprint.

Cite this