PAE: Towards More Efficient and BBB-Secure AE from a Single Public Permutation

Document Type

Conference Article

Publication Title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Abstract

Four observations can be made regarding recent trends that have emerged in the evolution of authenticated encryption schemes: (1) regarding simplicity, the adoption of public permutations as primitives has allowed for sparing a key schedule and the need for storing round keys; (2) using the sums of permutation outputs, inputs, or outputs and inputs has been a well-studied means to achieve higher security beyond the birthday bound; (3) concerning robustness, schemes can provide graceful security degradation if a limited amount of nonces repeats during the lifetime of a key; and (4) Andreeva et al.’s ForkCipher approach can increase the efficiency of a scheme since they can use fewer rounds per output branch compared to full-round primitives. In this work, we improve the state of the art by combining those aspects for efficient authenticated encryption. We propose PAE, an efficient nonce-based AE scheme that employs a public permutation and one call to an XOR-universal hash function. PAE provides O(2n/3)-bit security and high throughput by combining forked public-permutation-based variants of and Encrypted Davies-Meyer. Thus, it can use a single, in part round-reduced, public permutation for most operations, spare a key schedule, and guarantee security beyond the birthday bound even under limited nonce reuse.

First Page

69

Last Page

87

DOI

10.1007/978-981-99-7356-9_5

Publication Date

1-1-2023

This document is currently not available here.

Share

COinS