TY - GEN
T1 - Enhancing RUP security for the OCB mode
AU - Duan, Yuchen
AU - Qian, Haifeng
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Authenticated encryption(AE) is the most widely used encryption, for it guarantee both integrity and confidentiality. Among oceans of AE algorithms, OCB is recognized as the best choice for its performance on platform supporting AES-NI instructions. But the problem is that the OCB is not robust, which is to say the security of OCB broke when it face complicated situation such as nonce-misuse or release of unverified plaintext. Although many new AE algorithm has been submitted to the CAESAR competition and the ongoing lightweight AEAD competition to solve these problem, their computational overhead is high. And in consideration of the fact that it is costly to change algorithm on machines which has already deployed OCB, we focus on fixing the RUP security along with nonce misuse property, with acceptable time-performance tradeoff.To solve this problem, we introduce two authenticated encryption schemes, named as OCB-RUP and nmOCB-RUP ,which combining the OCB mode with a tweakable blockcipher of variable tweakable length. We give a security proof of our schemes, and a optimized implementation using AES-NI and PLMULQDQ instructions. We give a comparison of performance between our schemes and the AES-OCB implementation in OpenSSL. Our measurement shows that OCB-RUP is only 34% slower than AES-OCB, and nmOCB-RUP, the more slower one achieve encryption under one cycle per byte. We conclude that our schemes is a practical option to enhance the OCB mode, providing RUP security and nonce misuse resistance at low cost. Both of the schemes achieve encryption at under one cycle per byte.
AB - Authenticated encryption(AE) is the most widely used encryption, for it guarantee both integrity and confidentiality. Among oceans of AE algorithms, OCB is recognized as the best choice for its performance on platform supporting AES-NI instructions. But the problem is that the OCB is not robust, which is to say the security of OCB broke when it face complicated situation such as nonce-misuse or release of unverified plaintext. Although many new AE algorithm has been submitted to the CAESAR competition and the ongoing lightweight AEAD competition to solve these problem, their computational overhead is high. And in consideration of the fact that it is costly to change algorithm on machines which has already deployed OCB, we focus on fixing the RUP security along with nonce misuse property, with acceptable time-performance tradeoff.To solve this problem, we introduce two authenticated encryption schemes, named as OCB-RUP and nmOCB-RUP ,which combining the OCB mode with a tweakable blockcipher of variable tweakable length. We give a security proof of our schemes, and a optimized implementation using AES-NI and PLMULQDQ instructions. We give a comparison of performance between our schemes and the AES-OCB implementation in OpenSSL. Our measurement shows that OCB-RUP is only 34% slower than AES-OCB, and nmOCB-RUP, the more slower one achieve encryption under one cycle per byte. We conclude that our schemes is a practical option to enhance the OCB mode, providing RUP security and nonce misuse resistance at low cost. Both of the schemes achieve encryption at under one cycle per byte.
KW - OCB
KW - RUP
KW - authenticated encryption
UR - https://www.scopus.com/pages/publications/85136969298
U2 - 10.1109/ICCCS55155.2022.9846012
DO - 10.1109/ICCCS55155.2022.9846012
M3 - 会议稿件
AN - SCOPUS:85136969298
T3 - 2022 7th International Conference on Computer and Communication Systems, ICCCS 2022
SP - 410
EP - 418
BT - 2022 7th International Conference on Computer and Communication Systems, ICCCS 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 7th International Conference on Computer and Communication Systems, ICCCS 2022
Y2 - 22 April 2022 through 25 April 2022
ER -
