International Association
for Cryptologic Research

A new authenticated encryption (AE) mode for blockcipher is presented.

The proposed scheme has attractive features for fast and compact operation.

It requires rate-1 blockcipher call, and uses the encryption function of a blockcipher for both encryption and decryption.

Moreover, the scheme enables one-pass, parallel operation under two-block partition.

The proposed scheme thus attains similar characteristics as the seminal OCB mode, without using the inverse blockcipher.

The key idea of our proposal is a novel usage of two-round Feistel permutation, where the round functions are derived from the theory of tweakable blockcipher.

We also describe an instantiation of our idea using a non-invertible primitive, such as a keyed hash function.