@inproceedings{242242f1d6604bddbbe74cdcbb0645ea,
title = "Damaging, simplifying, and salvaging p-OMD",
abstract = "One of the submissions to the CAESAR competition for the design of a new authenticated encryption scheme is Offset Merkle-Damg{\aa}rd (OMD). At FSE 2015, Reyhanitabar et al. introduced p-OMD, an improvement of OMD that processes the associated data almost for free. As an extra benefit, p-OMD was claimed to offer integrity against nonce-misusing adversaries, a property that OMD does not have. In this work we show how a nonce-misusing adversary can forge a message for the original p-OMD using only 3 queries (including the forgery). As a second contribution, we generalize and simplify p-OMD. This is done via the introduction of the authenticated encryption scheme Spoed. The most important difference is the usage of a generalized padding function GPAD, which neatly eliminates the need for a case distinction in the design specification and therewith allows for a significantly shorter description of the scheme and a better security bound. Finally, we introduce the authenticated encryption scheme Spoednic, a variant of Spoed providing authenticity against a nonce-misusing adversary at a modest price.",
keywords = "Authenticated encryption, CAESAR, p-OMD, nonce-misuse, forgery, simplification",
author = "Tomer Ashur and B.J.M. Mennink",
year = "2016",
doi = "10.1007/978-3-319-45871-7_6",
language = "English",
isbn = "978-3-319-45870-0",
series = "Lecture Notes in Computer Science ",
publisher = "Springer",
pages = "73--92",
editor = "M. Bishop and A. Nascimento",
booktitle = "International Conference on Information Security",
address = "Germany",
}