OMD: A Compression Function Mode of Operation for Authenticated Encryption

We propose the Offset Merkle-Damgård (OMD) scheme, a mode of operation to use a compression function for building a nonce-based authenticated encryption with associated data. In OMD, the parts responsible for privacy and authenticity are tightly coupled to minimize the total number of compression function calls: for processing a message of l blocks and associated data of a blocks, OMD needs l+a+2 calls to the compression function (plus a single call during the whole lifetime of the key). OMD is provably secure based on the standard pseudorandom function (PRF) property of the compression function. Instantiations of OMD using the compression functions of SHA-256 and SHA-512, called OMD-SHA256 and OMD-SHA512, respectively, provide much higher quantitative level of security compared to the AES-based schemes. OMD-SHA256 can benefit from the new Intel SHA Extensions on next-generation processors.


Editor(s):
Joux, Antoine
Youssef, Amr
Published in:
Selected Areas in Cryptography -- SAC 2014, 112-128
Presented at:
Selected Areas in Cryptography -- SAC 2014, Montreal, Quebec, Canada, August 14-15, 2014
Year:
2014
Publisher:
Springer International Publishing
ISBN:
978-3-319-13050-7
Keywords:
Laboratories:




 Record created 2015-01-23, last modified 2018-03-17


Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)