International Association for Cryptologic Research

International Association
for Cryptologic Research


Fast Decryption: a New Feature of Misuse-Resistant AE

Kazuhiko Minematsu , NEC, Kawasaki, Japan
DOI: 10.13154/tosc.v2020.i3.87-118
Search ePrint
Search Google
Abstract: Misuse-resistant AE (MRAE) is a class of authenticated encryption (AE) that has a resistance against a potential misuse (repeat) of nonce. MRAE has received significant attention from the initial proposal by Rogaway and Shrimpton. They showed a generic MRAE construction called SIV. SIV becomes a de-facto scheme for MRAE, however, one notable drawback is its two-pass operation for both encryption and decryption. This implies that MRAE built on SIV is slower than the integrated nonce-based AE schemes, such as OCB.In this paper, we propose a new method to improve this situation. Particularly, our MRAE proposal (decryption-fast SIV or DFV) allows to decrypt as fast as a plain decryption, hence theoretically doubles its speed from the original SIV, while keeping the encryption speed equivalent to SIV. We present several generic compositions for DFV and their instantiations.
Video from TOSC 2020
  title={Fast Decryption: a New Feature of Misuse-Resistant AE},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universit├Ąt Bochum},
  volume={2020, Issue 3},
  author={Kazuhiko Minematsu},