Geodesic
The Counter mode with encrypted nonces and its extension to authenticated encryption
Matematičeskie voprosy kriptografii, Tome 11 (2020) no. 2, pp. 7-24 
S. V. Agievich. The Counter mode with encrypted nonces and its extension to authenticated encryption. Matematičeskie voprosy kriptografii, Tome 11 (2020) no. 2, pp. 7-24. http://geodesic.mathdoc.fr/item/MVK_2020_11_2_a1/
@article{MVK_2020_11_2_a1,
     author = {S. V. Agievich},
     title = {The {Counter} mode with encrypted nonces and~its~extension~to~authenticated encryption},
     journal = {Matemati\v{c}eskie voprosy kriptografii},
     pages = {7--24},
     year = {2020},
     volume = {11},
     number = {2},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/MVK_2020_11_2_a1/}
}
TY  - JOUR
AU  - S. V. Agievich
TI  - The Counter mode with encrypted nonces and its extension to authenticated encryption
JO  - Matematičeskie voprosy kriptografii
PY  - 2020
SP  - 7
EP  - 24
VL  - 11
IS  - 2
UR  - http://geodesic.mathdoc.fr/item/MVK_2020_11_2_a1/
LA  - en
ID  - MVK_2020_11_2_a1
ER  - 
%0 Journal Article
%A S. V. Agievich
%T The Counter mode with encrypted nonces and its extension to authenticated encryption
%J Matematičeskie voprosy kriptografii
%D 2020
%P 7-24
%V 11
%N 2
%U http://geodesic.mathdoc.fr/item/MVK_2020_11_2_a1/
%G en
%F MVK_2020_11_2_a1

Voir la notice de l'article provenant de la source Math-Net.Ru

In the modified CTR (Counter) mode known as CTR2, nonces are encrypted before constructing sequences of counters from them. This way we have only probabilistic guarantees for non-overlapping of the sequences. We show that these guarantees, and therefore the security guarantees of CTR2, are strong enough in two standard scenarios: random nonces and non-repeating nonces. We also show how to extend CTR2 to an authenticated encryption mode which we call CHE (Counter-Hash-Encrypt). To extend, we use one invocation of polynomial hashing and one additional block encryption.

[1] Agievich S., “EHE: nonce misuse-resistant message authentication”, Prikl. Discr. Mat., 39 (2018), 33–41 https://eprint.iacr.org/2017/231 | MR

[2] Babash A.V., Shankin G.P., Cryptography, Solon-Press, M., 2007 (In Russian)

[3] Bellare M., Namprempre C., “Authenticated encryption: Relations among notions and analysis of the generic composition paradigm”, J. Cryptology, 21:4 (2008), 469–491 | DOI | MR | Zbl

[4] Bernstein D., A short proof of the unpredictability of cipher block chaining, , 2005 http://cr.yp.to/papers.html#easycbc

[5] Chen S., Steinberger J., “Tight security bounds for key-alternating ciphers”, EUROCRYPT 2014, Lect. Notes Comput. Sci., 8441, 2014, 327–350 | DOI | MR | Zbl

[6] Dworkin M., NIST SP 800-38A. Recommendation for Block Cipher Modes of Operation: Methods and Techniques, National Institute of Standards and Technology (NIST) of the U.S., 2001

[7] GOST 28147-89. Cryptographic Protection for Data Processing Systems. Goverment Standard of the USSR, IPK Izd-vo standartov, M., 1989 (In Russian)

[8] GOST R 34.13-2015. Information technology. Cryptographic data security. Block ciphers operation modes. Government Standard of the Russian Federation, Standardinform, M., 2015 (In Russian)

[9] ISO/IEC 10116. Information technology — Security techniques — Modes of operation of an $n$-bit cipher, Third edition, 2006

[10] McGrew D.A., Viega J., “The security and performance of the Galois/Counter Mode (GCM) of operation”, INDOCRYPT 2004, Lect. Notes Comput. Sci., 3348, 2005, 343–355 | DOI | MR

[11] Nandi M., “Improved security analysis for OMAC as a pseudorandom function”, J. Math. Cryptol., 3 (2009), 133–148 | DOI | MR | Zbl

[12] Patarin J., Etude des Gènèrateurs de Permutations Basès sur le Sch`{e}ma du D.E.S., Thèse de Doctorat en Sci. Appl., de l'Univ. de Paris 6, 1991 (In French) | MR

[13] Rogaway P., “Evaluation of some blockcipher modes of operation”, Cryptography Research and Evaluation Committees (CRYPTREC), 2011 http://www.cryptrec.go.jp/estimation/techrep_id2012_2.pdf

[14] Rogaway P., “Nonce-based symmetric encryption”, FSE 2004, Lect. Notes Comput. Sci., 3017, 2004, 348–358 | DOI

[15] STB 34.101.31-2011. Information Technology and Security. Data Encryption and Integrity Algorithms. Standard of Belarus, 2011 (In Russian) http://apmi.bsu.by/assets/files/std/belt-spec27.pdf