Skip to main content
SpringerLink
Log in

Authenticated encryption

  • Reference work entry
Encyclopedia of Cryptography and Security

Introduction

Often when two parties communicate over a network, they have two main security goals: privacy and authentication. In fact, there is compelling evidence that one should never use encryption without also providing authentication [8]. Many solutions for the privacy and authentication problems have existed for decades, and the traditional approach to solving both simultaneously has been to combine them in a straightforward manner using so-called generic composition. However, recently there have been a number of new constructions which achieve both privacy and authenticity simultaneously, often much faster than any solution which uses generic composition. In this article we will explore the various approaches to achieving both privacy and authenticity, the so-called Authenticated Encryption problem. We will often abbreviate this as simply “AE.” We will start with generic composition methods and then explore the newer combined methods.

Background

Throughout this article we will...

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Bellare, M., R. Canetti, H. and Krawczyk (1996) “Keying hash functions for message authentication.” Advances in Cryptology—CRYPTO '96 vol. 1109 of Lecture Notes in Computer Science Springer-Verlag, Berlin 115

    Google Scholar 

  2. Bellare, M., A. Desai, D. Pointcheval, and P. Rogaway, (1998). “Relations among notions of security for public-key encryption schemes.” Advances in Cryptology—CRYPTO '98 vol. 1462 of LNCS, H. Krawczyk, Springer-Verlag, 232–249.

    Google Scholar 

  3. Bellare, M., J. Kilian, and P. Rogaway (2000). “The security of the cipher block chaining message authentication code.” Journal of Computer and System Sciences (JCSS), 61 (3) 362–399. Earlier version in CRYPTO '94. See www.cs.ucdavis.edu/~rogaway

    Article  MATH  MathSciNet  Google Scholar 

  4. Bellare, M., T. Kohno, and C. Namprempre (2002). “Authenticated encryption in SSH: Provably fixing the SSH binary packet protocol.” ACM Conference on Computer and Communications Security (CCS-9) (2002), ACM Press, New York, 1–11.

    Google Scholar 

  5. Bellare, M., and C. Namprempre (2000). “Authenticated encryption: Relations among notions and analysis of the generic composition paradigm.” Advances in Cryptology—ASIACRYPT '00, vol. 1976 of Lecture Notes in Computer Science, Springer-Verlag, Berlin.

    Google Scholar 

  6. Bellare, M., and P. Rogaway (2000). “Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient encryption.” Advances in Cryptology—ASIACRYPT '00, vol. 1976 of Lecture Notes in Computer Science. ed. T. Okamoto. Springer-Verlag, 317–330. See www.cs.ucdavis.edu/~rogaway

    Google Scholar 

  7. Bellare, M., P. Rogaway, and D Wagner, “EAX: A conventional authenticated-encryption mode.” Cryptology ePrint archive, reference number 2003/069, submitted Apr 13, 2003, revised Sep 9, 2003. See eprint.iacr.org.

    Google Scholar 

  8. Bellovin, S. “Problem areas for the IP security protocols.” Proceedings of the Sixth USENIX Security Symposium, July 1996, 1–16.

    Google Scholar 

  9. Berendschot, A., B. den Boer, J. Boly, A. Bosselaers, J. Brandt, D. Chaum, I. Damgård, M. Dichtl, W. Fumy, M. van der Ham, C. Jansen, P. Landrock, B. Preneel, G. Roelofsen, P. de Rooij, and J. Vandewalle (1995). Final Report of Race Integrity Primitives, vol. 1007 of Lecture Notes in Computer Science.” Springer-Verlag, Berlin.

    Google Scholar 

  10. Bernstein, D. (2000). Floating-point arithmetic and message authentication. Available from http://cr.yp.to/hash127.html.

  11. Black, J.,S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. (1999). “UMAC: Fast and secure message authentication.” Advances in Cryptology—CRYPTO '99, Lecture Notes in Computer Science, Springer-Verlag, Berlin.

    Google Scholar 

  12. Black, J., and P. Rogaway. (2000). “CBC MACs for arbitrary-length messages: The three-key constructions.” Advances in Cryptology—CRYPTO '00, Lecture Notes in Computer Science, Springer-Verlag, Berlin.

    Google Scholar 

  13. Black, J., and P. Rogaway. (2002). “A block-cipher mode of operation for parallelizable message authentication.” Advances in Cryptology—EUROCRYPT 2002, vol. 2332 of Lecture Notes in Computer Science, L. Knudsen. Springer-Verlag, Berlin, 384–397.

    Google Scholar 

  14. Black, J., and H. Urtubia. (2002). “Side-channel attacks on symmetric encryption schemes: The case for authenticated encryption.” Proceedings of the Eleventh USENIX Security SymposiumAug. 2002, ed. D. Boneh, 327–338.

    Google Scholar 

  15. Borisov, N. I. Goldberg, D. Wagner (2001) “Intercepting mobile communications: The insecurity of 802.11.” MOBICOMACM press, New York 180-189

    Google Scholar 

  16. Carter, L., and M. Wegman. (1979). “Universal hash functions.” J. of Computer and System Sciences, 18, 143–154.

    Google Scholar 

  17. Ferguson, N., D. Whiting, B. Schneier, J. Kelsey, S. Lucks, and T. Kohno (2003). “Helix: Fast encryption and authentication in a single cryptographic primitive.” Fast Software Encryption, 10th International Workshop, FSE 2003, Lecture Notes in Computer Science. ed. T. Johansson. Springer-Verlag, Berlin.

    Google Scholar 

  18. Gligor, V., and P. Donescu. (2002). “Fast encryption and authentication: XCBC encryption and XECB authentication modes.” Fast Software Encryption, 8th International Workshop, FSE 2001, vol. 2355 of Lecture Notes in Computer Science, Ed., M. Matsui. Springer-Verlag, 92–108. See www.ece.umd.edu/~gligor/

    Google Scholar 

  19. Goldwasser, S., S. Micali, and R. Rivest. (1998). “A digital signature scheme secure against adaptive chosen-message attacks” SIAM Journal of Computing, 17, (2) 281–308.

    Article  MathSciNet  Google Scholar 

  20. H. Krawczyk, M. B., and R Canetti, “HMAC: Keyed hashing for message authentication.” IETF RFC-2104.

    Google Scholar 

  21. Halevi, S. (2000). “An observation regarding Jutla's modes of operation.” Cryptology ePrint archive, reference number 2001/015, submitted Feb 22, 2001, revised Apr 2, 2001. See eprint.iacr.org

    Google Scholar 

  22. Hawkes, P., and Rose, G. (2003). “Primitive specification for SOBER-128.” Available from http://www.qualcomm.com.au/Sober128.html.

  23. Iwata, T., and K. Kurosawa. (2003). “OMAC: One-key CBC MAC.” Fast Software Encryption, vol. 2887 of Lecture Notes in Computer Science, ed., T. Johansson. Springer-Verlag, Berlin.

    Google Scholar 

  24. Jonsson, J. (2002). “On the security of CTR + CBC-MAC.” Selected Areas in Cryptography–SAC 2002, vol. 2595 of Lecture Notes in Computer Science, eds. K. Nyberg and H. M. Heys. Springer-Verlag, Berlin, 76–93.

    Google Scholar 

  25. Jutla, C. (2003). “Encryption modes with almost free message integrity.” Advances in Cryptology — EUROCRYPT 2001, vol. 2045 of Lecture Notes in Computer Science, ed. B. Pfitzmann. Springer-Verlag, Berlin, 529–544.

    Google Scholar 

  26. Katz, J., and M. Yung. (2000). “Unforgeable encryption and chosen ciphertext secure modes of operation.” Fast Software Encryption, 7th International Workshop, FSE 2000 (2000), vol. 1121 of Lecture Notes in Computer Science.

    Google Scholar 

  27. Kohno, T., Palacio, A., and Black, J. (2003). “Building secure cryptographic transforms, or how to encrypt and MAC.” Cryptology ePrint archive, reference number 2003/177, submitted Aug 28, 2003. See eprint.iacr.org

    Google Scholar 

  28. Kohno, T., J. Viega, and D. Whiting. (2003). “High-speed encryption and authentication: A patent-free solution for 10 Gbps network devices.” Cryptology ePrint archive, reference number 2003/106, submitted May 27, 2003, revised Sep 1, 2003. See eprint.iacr.org

    Google Scholar 

  29. Krawczyk, H. “The order of encryption and authentication for protecting communications (or: How secure is SSL?).” Advances in Cryptology—CRYPTO 2001, vol. 2139 of Lecture Notes in Computer Science, Springer-Verlag, Berlin 310–331.

    Google Scholar 

  30. Liskov, M., R. Rivest, and D. Wagner. (2002). “Tweakable block ciphers.” Advances in Cryptology—CRYPTO '02, vol. 2442 of Lecture Notes in Computer Science, ed. M. Yung, Springer-Verlag, Berlin 31–46.

    Google Scholar 

  31. Petrank, E., and C. Rackoff. (2000). “CBC MAC for real-time data sources.” Journal of Cryptology, 13 (3), 315–338.

    Article  MATH  MathSciNet  Google Scholar 

  32. P. Rogaway 2002 “ Authenticated-encryption with associated-data.” ACM Conference on Computer and Communications Security (CCS-9). ACM Press, New York. 196-205

    Google Scholar 

  33. Rogaway, P., M. Bellare, and J. Black. (2003). “OCB: A block-cipher mode of operation for efficient authenticated encryption.” ACM Transactions on Information and System Security (TISSEC), 6 (3), 365–403.

    Article  Google Scholar 

  34. Wegman, M., and L. Carter. (1981) “New hash functions and their use in authentication and set equality.” J. of Comp. and System Sciences 22, 265–279.

    Article  MATH  MathSciNet  Google Scholar 

  35. Whiting, D., R. Housley, and N. Ferguson. (2002). “Counter with CBC-MAC (CCM)0” Available from csrc.nist.gov/encryption/modes/proposedmodes/

    Google Scholar 

Download references

Authors
  1. J. Black
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Eindhoven University of Technology, Eindhoven, The Netherlands

    Henk C. A. van Tilborg

Rights and permissions

Reprints and permissions

Copyright information

© 2005 International Federation for Information Processing

About this entry

Cite this entry

Black, J. (2005). Authenticated encryption. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_15

Download citation

Publish with us

Policies and ethics

Search

Navigation