Sciweavers

CCS
2015
ACM

GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte

8 years 7 months ago
GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte
Authenticated encryption schemes guarantee both privacy and integrity, and have become the default level of encryption in modern protocols. One of the most popular authenticated encryption schemes today is AES-GCM due to its impressive speed. The current CAESAR competition is considering new modes for authenticated encryption that will improve on existing methods. One property of importance that is being considered more today – due to multiple real-life cases of faulty sources of randomness – is that repeating nonces and IVs can have disastrous effects on security. A (full) nonce misuse-resistant authenticated encryption scheme has the property that if the same nonce is used to encrypt the same message twice, then the same ciphertext is obtained and so the fact that the same message was encrypted is detected. Otherwise, full security is obtained – even if the same nonce is used for different messages. In this paper, we present a new fully nonce misuse-resistant authenticated e...
Shay Gueron, Yehuda Lindell
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where CCS
Authors Shay Gueron, Yehuda Lindell
Comments (0)