Special Issue "Authenticated Encryption"

A special issue of Cryptography (ISSN 2410-387X).

Deadline for manuscript submissions: closed (28 February 2019)

Special Issue Editor

Guest Editor
Dr. Elena Andreeva

Department of Electrical Engineering, ESAT/COSIC, KU Leuven, Belgium
Website | E-Mail
Interests: symmetric cryptography; hash functions; provable security; authenticated encryption

Special Issue Information

Dear Colleagues,

The classical approach to realizing the two main cryptographic goals of confidentiality and integrity is by employing, independently, an encryption and authentication scheme, respectively. It has long been realized that, in most security scenarios, confidentiality and integrity go hand in hand. Yet, putting those two together has not been an easy task. Combining encryption and authentication with off-the-shelf existing schemes comes at a price and is not always a trivial task as attacks on TLS (Transport Layer Security) and SSH (Secure Shell) have exemplified it.

Recent years have seen a strong push towards using a single authenticated encryption (AE) algorithm. The demand for secure and efficient AE schemes is also reflected in the ongoing CAESAR cryptographic competition for the recommendation of a portfolio of AE algorithms. AE design methods vary from generic composition, which prescribes the way to combine existing encryption and authentication only designs, to fully dedicated approaches. Moreover, the target AE security definitions in recent years have proliferated and have been refined to give space for new design paradigms. In this Special Issue we will focus: a) on the analysis of newly developed AE schemes both as part of the CAESAR competition and independently; b) new AE algorithms and approaches to AE security; c) theoretical foundations of AE; d) long term future of AE schemes (security beyond birthday bound, post-quantum, etc.); e) new applications of AE; f) AE with enhanced features; and g) efficient hardware and software implementations of AE.

Dr. Elena Andreeva
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Cryptography is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) is waived for well-prepared manuscripts submitted to this issue. Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • authenticated encryption (AE)
  • cryptanalysis and design of  AE schemes
  • CAESAR competition
  • misuse resistance
  • implementations of AE schemes

Published Papers (4 papers)

View options order results:
result details:
Displaying articles 1-4
Export citation of selected articles as:

Research

Open AccessArticle Cryptanalysis of Round-Reduced Fantomas, Robin and iSCREAM
Received: 9 December 2018 / Revised: 31 December 2018 / Accepted: 7 January 2019 / Published: 10 January 2019
PDF Full-text (299 KB) | HTML Full-text | XML Full-text
Abstract
In this work, we focus on LS-design ciphers Fantomas, Robin, and iSCREAM. LS-designs are a family of bitslice ciphers aimed at efficient masked implementations against side-channel analysis. We have analyzed Fantomas and Robin with a technique that previously has not been applied to [...] Read more.
In this work, we focus on LS-design ciphers Fantomas, Robin, and iSCREAM. LS-designs are a family of bitslice ciphers aimed at efficient masked implementations against side-channel analysis. We have analyzed Fantomas and Robin with a technique that previously has not been applied to both algorithms or linear cryptanalysis. The idea behind linear cryptanalysis is to build a linear characteristic that describes the relation between plaintext and ciphertext bits. Such a relationship should hold with probability 0.5 (bias is zero) for a secure cipher. Therefore, we try to find a linear characteristic between plaintext and ciphertext where bias is not equal to zero. This non-random behavior of cipher could be converted to some key-recovery attack. For Fantomas and Robin, we find 5 and 7-round linear characteristics. Using these characteristics, we attack both the ciphers with reduced rounds and recover the key for the same number of rounds. We also apply linear cryptanalysis to the famous CAESAR candidate iSCREAM and the closely related LS-design Robin. For iScream, we apply linear cryptanalysis to the round-reduced cipher and find a 7-round best linear characteristics. Based on those linear characteristics we extend the path in the related-key scenario for a higher number of rounds. Full article
(This article belongs to the Special Issue Authenticated Encryption)
Figures

Figure 1

Open AccessArticle CMCC: Misuse Resistant Authenticated Encryption with Minimal Ciphertext Expansion
Cryptography 2018, 2(4), 42; https://doi.org/10.3390/cryptography2040042
Received: 21 September 2018 / Revised: 5 November 2018 / Accepted: 4 December 2018 / Published: 19 December 2018
PDF Full-text (597 KB) | HTML Full-text | XML Full-text
Abstract
In some wireless environments, minimizing the size of messages is paramount due to the resulting significant energy savings. We present CMCC (CBC-MAC-CTR-CBC), an authenticated encryption scheme with associated data (AEAD) that is also nonce misuse resistant. The main focus for this work is [...] Read more.
In some wireless environments, minimizing the size of messages is paramount due to the resulting significant energy savings. We present CMCC (CBC-MAC-CTR-CBC), an authenticated encryption scheme with associated data (AEAD) that is also nonce misuse resistant. The main focus for this work is minimizing ciphertext expansion, especially for short messages including plaintext lengths less than the underlying block cipher length (e.g., 16 bytes). For many existing AEAD schemes, a successful forgery leads directly to a loss of confidentiality. For CMCC, changes to the ciphertext randomize the resulting plaintext, thus forgeries do not necessarily result in a loss of confidentiality which allows us to reduce the length of the authentication tag. For protocols that send short messages, our scheme is similar to Synthetic Initialization Vector (SIV) mode for computational overhead but has much smaller expansion. We prove both a misuse resistant authenticated encryption (MRAE) security bound and an authenticated encryption (AE) security bound for CMCC. We also present a variation of CMCC, CWM (CMCC With MAC), which provides a further strengthening of the security bounds. Full article
(This article belongs to the Special Issue Authenticated Encryption)
Figures

Figure 1

Open AccessArticle Deterministic Authenticated Encryption Scheme for Memory Constrained Devices
Cryptography 2018, 2(4), 37; https://doi.org/10.3390/cryptography2040037
Received: 10 September 2018 / Revised: 13 November 2018 / Accepted: 28 November 2018 / Published: 4 December 2018
PDF Full-text (510 KB) | HTML Full-text | XML Full-text
Abstract
A technique of authenticated encryption for memory constrained devices called sp-AELM was proposed by Agrawal et al. at ACISP 2015. The sp-ALEM construction utilizes a sponge-based primitive to support online encryption and decryption functionalities. Online encryption in the construction is achieved in the [...] Read more.
A technique of authenticated encryption for memory constrained devices called sp-AELM was proposed by Agrawal et al. at ACISP 2015. The sp-ALEM construction utilizes a sponge-based primitive to support online encryption and decryption functionalities. Online encryption in the construction is achieved in the standard manner by processing plaintext blocks as they arrive to produce ciphertext blocks. However, decryption is achieved by storing only one intermediate state and releasing it to the user upon correct verification. This intermediate state allows a legitimate user to generate the plaintext herself. However, the scheme is nonce-respecting, i.e., the scheme is insecure if the nonce is repeated. Implementation of a nonce is non-trivial in practice, and reuse of a nonce in an AE scheme is often devastating. In this paper, we propose a new AE scheme called dAELM, which stands for deterministic authenticated encryption (DAE) scheme for low memory devices. DAE is used in domains such as the key wrap, where the available message entropy omits the overhead of a nonce. For limiting memory usage, our idea is to use a session key to encrypt a message and share the session key with the user depending upon the verification of a tag. We provide the security proof of the proposed construction in the ideal cipher model. Full article
(This article belongs to the Special Issue Authenticated Encryption)
Figures

Figure 1

Open AccessArticle The Definition and Software Performance of Hashstream, a Fast Length-Flexible PRF
Cryptography 2018, 2(4), 31; https://doi.org/10.3390/cryptography2040031
Received: 13 September 2018 / Revised: 5 October 2018 / Accepted: 11 October 2018 / Published: 15 October 2018
PDF Full-text (342 KB) | HTML Full-text | XML Full-text
Abstract
Two of the fastest types of cryptographic algorithms are the stream cipher and the almost-universal hash function. There are secure examples of each that process data in software using less than one CPU cycle per byte. Hashstream combines the two types of algorithms [...] Read more.
Two of the fastest types of cryptographic algorithms are the stream cipher and the almost-universal hash function. There are secure examples of each that process data in software using less than one CPU cycle per byte. Hashstream combines the two types of algorithms in a straightforward manner yielding a PRF that can both consume inputs of and produce pseudorandom outputs of any desired length. The result is an object useful in many contexts: authentication, encryption, authenticated encryption, random generation, mask generation, etc. The HS1-SIV authenticated-encryption algorithm—a CAESAR competition second round selection—was based on Hashstream and showed the promise of such an approach by having provable security and topping the speed charts in several test configurations. Full article
(This article belongs to the Special Issue Authenticated Encryption)
Figures

Figure 1

Cryptography EISSN 2410-387X Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top