Offset codebook mode (OCB) provides neither integrity under releasing unverified plaintext (INT-RUP) nor nonce-misuse resistance. The tag of OCB is generated by encrypting a plaintext checksum, which is vulnerable in the INT-RUP security model. This paper focuses on the weakness of the checksum processing in OCB. We describe a new type of structure, called plaintext and ciphertext checksum (PCC), which is a generalization of the plaintext checksum, and prove that all authenticated encryption schemes with PCC are insecure in the INT-RUP security model. Then, we fix the weakness of PCC and present another new type of structure, called intermediate checksum (IC), to generate the authentication tag. To settle the INT-RUP security of OCB in the nonce-misuse setting, we provide a modified OCB scheme based on IC, called OCB-IC. OCB-IC is proven INT-RUP secure up to the birthday bound in the nonce-misuse setting if the underlying tweakable blockcipher is a secure mixed tweakable pseudorandom permutation (MTPRP). Finally, we present some discussions about OCB-IC.
CITATION STYLE
Zhang, P., Wang, P., Hu, H., Cheng, C., & Kuai, W. (2017). INT-RUP security of checksum-based authenticated encryption. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10592 LNCS, pp. 147–166). Springer Verlag. https://doi.org/10.1007/978-3-319-68637-0_9
Mendeley helps you to discover research relevant for your work.