Abstract
We propose the Offset Merkle-Damgård (OMD) scheme, a mode of operation to use a compression function for building a noncebased authenticated encryption with associated data. In OMD, the parts responsible for privacy and authenticity are tightly coupled to minimize the total number of compression function calls: for processing a message of ℓ blocks and associated data of a blocks, OMD needs ℓ+a+2 calls to the compression function (plus a single call during the whole lifetime of the key). OMD is provably secure based on the standard pseudorandom function (PRF) property of the compression function. Instantiations of OMD using the compression functions of SHA-256 and SHA-512, called OMD-SHA256 and OMD-SHA512, respectively, provide much higher quantitative level of security compared to the AES-based schemes. OMDSHA256 can benefit from the new Intel SHA Extensions on next-generation processors.
Author supplied keywords
Cite
CITATION STYLE
Cogliani, S., Maimut, D. Ş., Naccache, D., Do Canto, R. P., Reyhanitabar, R., Vaudenay, S., & Vizár, D. (2014). OMD: A compression function mode of operation for authenticated encryption. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8781, pp. 112–128). Springer Verlag. https://doi.org/10.1007/978-3-319-13051-4_7
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
