Next Article in Journal
Trusted Time-Based Verification Model for Automatic Man-in-the-Middle Attack Detection in Cybersecurity
Next Article in Special Issue
CMCC: Misuse Resistant Authenticated Encryption with Minimal Ciphertext Expansion
Previous Article in Journal
An Attack Bound for Small Multiplicative Inverse of φ(N) mod e with a Composed Prime Sum p + q Using Sublattice Based Techniques
Previous Article in Special Issue
The Definition and Software Performance of Hashstream, a Fast Length-Flexible PRF
Article Menu

Export Article

Open AccessArticle
Cryptography 2018, 2(4), 37;

Deterministic Authenticated Encryption Scheme for Memory Constrained Devices

Indraprastha Institute of Information Technology, Delhi 110020, Indian
Center for Information Security Technologies (CIST), Korea University, Seoul 02841, Korea
Author to whom correspondence should be addressed.
Received: 10 September 2018 / Revised: 13 November 2018 / Accepted: 28 November 2018 / Published: 4 December 2018
(This article belongs to the Special Issue Authenticated Encryption)
Full-Text   |   PDF [510 KB, uploaded 7 December 2018]   |  


A technique of authenticated encryption for memory constrained devices called sp-AELM was proposed by Agrawal et al. at ACISP 2015. The sp-ALEM construction utilizes a sponge-based primitive to support online encryption and decryption functionalities. Online encryption in the construction is achieved in the standard manner by processing plaintext blocks as they arrive to produce ciphertext blocks. However, decryption is achieved by storing only one intermediate state and releasing it to the user upon correct verification. This intermediate state allows a legitimate user to generate the plaintext herself. However, the scheme is nonce-respecting, i.e., the scheme is insecure if the nonce is repeated. Implementation of a nonce is non-trivial in practice, and reuse of a nonce in an AE scheme is often devastating. In this paper, we propose a new AE scheme called dAELM, which stands for deterministic authenticated encryption (DAE) scheme for low memory devices. DAE is used in domains such as the key wrap, where the available message entropy omits the overhead of a nonce. For limiting memory usage, our idea is to use a session key to encrypt a message and share the session key with the user depending upon the verification of a tag. We provide the security proof of the proposed construction in the ideal cipher model. View Full-Text
Keywords: authenticated encryption; nonce-misuse resistance; memory constrained devices authenticated encryption; nonce-misuse resistance; memory constrained devices

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).

Share & Cite This Article

MDPI and ACS Style

Agrawal, M.; Chang, D.; Kang, J. Deterministic Authenticated Encryption Scheme for Memory Constrained Devices. Cryptography 2018, 2, 37.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Metrics

Article Access Statistics



[Return to top]
Cryptography EISSN 2410-387X Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top