Boosting authenticated encryption robustness with minimal modifications

Tomer Ashur, Orr Dunkelman, Atul Luykx

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

18 Citaten (Scopus)


Secure and highly efficient authenticated encryption (AE) algorithms which achieve data confidentiality and authenticity in the symmetric-key setting have existed for well over a decade. By all conventional measures, AES-OCB seems to be the AE algorithm of choice on any platform with AES-NI: it has a proof showing it is secure assuming AES is, and it is one of the fastest out of all such algorithms. However, algorithms such as AES-GCM and ChaCha20+Poly1305 have seen more widespread adoption, even though they will likely never outperform AES-OCB on platforms with AES-NI. Given the fact that changing algorithms is a long and costly process, some have set out to maximize the security that can be achieved with the already deployed algorithms, without sacrificing efficiency: ChaCha20+Poly1305 already improves over GCM in how it authenticates, GCM-SIV uses GCM’s underlying components to provide nonce misuse resistance, and TLS1.3 introduces a randomized nonce in order to improve GCM’s multi-user security. We continue this line of work by looking more closely at GCM and ChaCha20+Poly1305 to see what robustness they already provide over algorithms such as OCB, and whether minor variants of the algorithms can be used for applications where defense in depth is critical. We formalize and illustrate how GCM and ChaCha20+Poly1305 offer varying degrees of resilience to nonce misuse, as they can recover quickly from repeated nonces, as opposed to OCB, which loses all security. More surprisingly, by introducing minor tweaks such as an additional XOR, we can create a GCM variant which provides security even when unverified plaintext is released.
Originele taal-2Engels
TitelAdvances in Cryptology – CRYPTO 2017 - 37th Annual International Cryptology Conference, Proceedings
RedacteurenJonathan Katz, Hovav Shacham
Plaats van productieCham
Aantal pagina's31
ISBN van elektronische versie978-3-319-63697-9
ISBN van geprinte versie978-3-319-63696-2
StatusGepubliceerd - 2017
Extern gepubliceerdJa
Evenement37th Annual International Cryptology Conference - Santa Barbara, Verenigde Staten van Amerika
Duur: 20 aug 201724 aug 2017

Publicatie series

NaamLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10403 LNCS
ISSN van geprinte versie0302-9743
ISSN van elektronische versie1611-3349


Congres37th Annual International Cryptology Conference
LandVerenigde Staten van Amerika
StadSanta Barbara

Vingerafdruk Duik in de onderzoeksthema's van 'Boosting authenticated encryption robustness with minimal modifications'. Samen vormen ze een unieke vingerafdruk.

Citeer dit