IACR News item: 24 July 2015
Kazuhiko Minematsu
ePrint Reportthe nonce and the authentication tag. These expansions can be problematic
when messages are relatively short and communication cost is high.
This paper studies a form of AE scheme whose ciphertext is only expanded by
nonce, with the help of stateful receiver which also enables detection of replays.
While there is a scheme having this feature, called AERO, proposed by McGrew and Foley,
there is no formal treatment based on the provable security framework.
We propose a provable security framework for such AE schemes, which we call MiniAE, and
show several secure schemes using standard symmetric crypto primitives.
Most notably, one of our schemes
has a similar structure as OCB mode of operation and uses only one blockcipher call
to process one input block, thus the computation cost is comparable to the
nonce-based encryption-only schemes.
Additional news items may be found on the IACR news page.