Fast Decryption: a New Feature of Misuse-Resistant AE

  • Kazuhiko Minematsu NEC, Kawasaki, Japan
Keywords: Authenticated Encryption, Nonce Misuse, MRAE, Decryption, SIV, OCB, Provable Security


Misuse-resistant AE (MRAE) is a class of authenticated encryption (AE) that has a resistance against a potential misuse (repeat) of nonce. MRAE has received significant attention from the initial proposal by Rogaway and Shrimpton. They showed a generic MRAE construction called SIV. SIV becomes a de-facto scheme for MRAE, however, one notable drawback is its two-pass operation for both encryption and decryption. This implies that MRAE built on SIV is slower than the integrated nonce-based AE schemes, such as OCB.
In this paper, we propose a new method to improve this situation. Particularly, our MRAE proposal (decryption-fast SIV or DFV) allows to decrypt as fast as a plain decryption, hence theoretically doubles its speed from the original SIV, while keeping the encryption speed equivalent to SIV. We present several generic compositions for DFV and their instantiations.

How to Cite
Minematsu, K. (2020). Fast Decryption: a New Feature of Misuse-Resistant AE. IACR Transactions on Symmetric Cryptology, 2020(3), 87-118.