OMD: A compression function mode of operation for authenticated encryption

14Citations
Citations of this article
15Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We propose the Offset Merkle-Damgård (OMD) scheme, a mode of operation to use a compression function for building a noncebased authenticated encryption with associated data. In OMD, the parts responsible for privacy and authenticity are tightly coupled to minimize the total number of compression function calls: for processing a message of ℓ blocks and associated data of a blocks, OMD needs ℓ+a+2 calls to the compression function (plus a single call during the whole lifetime of the key). OMD is provably secure based on the standard pseudorandom function (PRF) property of the compression function. Instantiations of OMD using the compression functions of SHA-256 and SHA-512, called OMD-SHA256 and OMD-SHA512, respectively, provide much higher quantitative level of security compared to the AES-based schemes. OMDSHA256 can benefit from the new Intel SHA Extensions on next-generation processors.

Cite

CITATION STYLE

APA

Cogliani, S., Maimut, D. Ş., Naccache, D., Do Canto, R. P., Reyhanitabar, R., Vaudenay, S., & Vizár, D. (2014). OMD: A compression function mode of operation for authenticated encryption. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8781, pp. 112–128). Springer Verlag. https://doi.org/10.1007/978-3-319-13051-4_7

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free