Fast Decryption: a New Feature of Misuse-Resistant AE

Authors

  • Kazuhiko Minematsu NEC, Kawasaki, Japan

DOI:

https://doi.org/10.13154/tosc.v2020.i3.87-118

Keywords:

Authenticated Encryption, Nonce Misuse, MRAE, Decryption, SIV, OCB, Provable Security

Abstract

Misuse-resistant AE (MRAE) is a class of authenticated encryption (AE) that has a resistance against a potential misuse (repeat) of nonce. MRAE has received significant attention from the initial proposal by Rogaway and Shrimpton. They showed a generic MRAE construction called SIV. SIV becomes a de-facto scheme for MRAE, however, one notable drawback is its two-pass operation for both encryption and decryption. This implies that MRAE built on SIV is slower than the integrated nonce-based AE schemes, such as OCB.
In this paper, we propose a new method to improve this situation. Particularly, our MRAE proposal (decryption-fast SIV or DFV) allows to decrypt as fast as a plain decryption, hence theoretically doubles its speed from the original SIV, while keeping the encryption speed equivalent to SIV. We present several generic compositions for DFV and their instantiations.

Downloads

Published

2020-09-28

How to Cite

Minematsu, K. (2020). Fast Decryption: a New Feature of Misuse-Resistant AE. IACR Transactions on Symmetric Cryptology, 2020(3), 87–118. https://doi.org/10.13154/tosc.v2020.i3.87-118

Issue

Section

Articles