We propose pure OMD (p-OMD) as a new variant of the Offset Merkle-Damgård (OMD) authenticated encryption scheme. Our new scheme inherits all desirable security features of OMD while having a more compact structure and providing higher efficiency. The original OMD scheme, as submitted to the CAESAR competition, couples a single pass of a variant of the Merkle-Damgård (MD) iteration with the counter-based XOR MAC algorithm to provide privacy and authenticity. Our improved p-OMD scheme dispenses with the XOR MAC algorithm and is purely based on the MD iteration; hence, the name “pure” OMD. To process a message of ℓ blocks and associated data of a blocks, OMD needs ℓ + a + 2 calls to the compression function while p-OMD only requires max {ℓ, a} + 2 calls. Therefore, for a typical case where ℓ ≥ a, p-OMD makes just ℓ+2 calls to the compression function; that is, associated data is processed almost freely compared to OMD. We prove the security of p-OMD under the same standard assumption (pseudorandomness of the compression function) as made in OMD; moreover, the security bound for p-OMD is the same as that of OMD, showing that the modifications made to boost the performance are without any loss of security.
CITATION STYLE
Reyhanitabar, R., Vaudenay, S., & Vizár, D. (2015). Boosting OMD for almost free authentication of associated data. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9054, pp. 411–427). Springer Verlag. https://doi.org/10.1007/978-3-662-48116-5_20
Mendeley helps you to discover research relevant for your work.