Geodesic
EHE: nonce misuse-resistant message authentication
Prikladnaâ diskretnaâ matematika, no. 1 (2018), pp. 33-41.

Voir la notice de l'article provenant de la source Math-Net.Ru

We propose a nonce misuse-resistant message authentication scheme called EHE (Encrypt-Hash-Encrypt). In EHE, a message-dependent polynomial is evaluated at the point which is an encrypted nonce. The resulting polynomial hash value is encrypted again and becomes an authentication tag. We prove the prf-security of the EHE scheme and extend it to two authenticated encryption modes which follow the “encrypt-then-authenticate” paradigm.
Keywords: message authentication, authenticated encryption, polynomial hashing, prf-security. 
@article{PDM_2018_1_a2,
     author = {S. V. Agievich},
     title = {EHE: nonce misuse-resistant message authentication},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {33--41},
     publisher = {mathdoc},
     number = {1},
     year = {2018},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/PDM_2018_1_a2/}
}
TY  - JOUR
AU  - S. V. Agievich
TI  - EHE: nonce misuse-resistant message authentication
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2018
SP  - 33
EP  - 41
IS  - 1
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDM_2018_1_a2/
LA  - en
ID  - PDM_2018_1_a2
ER  - 
%0 Journal Article
%A S. V. Agievich
%T EHE: nonce misuse-resistant message authentication
%J Prikladnaâ diskretnaâ matematika
%D 2018
%P 33-41
%N 1
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDM_2018_1_a2/
%G en
%F PDM_2018_1_a2
S. V. Agievich. EHE: nonce misuse-resistant message authentication. Prikladnaâ diskretnaâ matematika, no. 1 (2018), pp. 33-41. http://geodesic.mathdoc.fr/item/PDM_2018_1_a2/

[1] Wegman M.,and Carter J., “New hash functions and their use in authentication and set equality”, J. Comp. and System Sci., 22 (1981), 265–279 | DOI | MR

[2] Shoup V., “On fast and provably secure message authentication based on universal hashing”, CRYPTO'2006, LNCS, 1109, 1996, 313–328

[3] Bernstein D., “Stronger security bounds for Wegman–Carter–Shoup authenticators”, EUROCRYPT'2005, LNCS, 3494, 2005, 164–180 | MR

[4] McGrew D. A., Viega J., “The security and performance of the Galois/Counter Mode (GCM) of operation”, INDOCRYPT'2004, LNCS, 3348, 2004, 343–355 | MR

[5] Dworkin M., Recommendation for Block Cipher Modes of Operation: Galois-Counter Mode (GCM) for Confidentiality and Authentication, ., NIST Special Publication 800-38D, 2007 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf

[6] Rogaway R., Evaluation of Some Blockcipher Modes of Operation, , Cryptography Research and Evaluation Committees (CRYPTREC), 2011 http://www.cryptrec.go.jp/estimation/techrep_id2012_2.pdf

[7] Gueron S., Lindell Y., “GCM-SIV: full nonce misuse-resistant authenticated encryption at under one cycle per byte”, Proc. CCS'15, Denver, CO, USA, 2015, 109–119

[8] STB 34.101.31-2011. Informatsionnye Tekhnologii i Bezopasnost'. Zashchita Informatsii. Kriptograficheskie algoritmy shifrovaniya i kontrolya tselostnosti [Information Technology and Security. Data Encryption and Integrity Algorithms], Standard of Belarus, , 2011 (in Russian) http://apmi.bsu.by/assets/files/std/belt-spec27.pdf

[9] Lidl R., Niederraiter H., Finite Fields, Cambridge University Press, 1997 | MR

[10] Patarin J., Etude des Gènèrateurs de Permutations Basès sur le Sch`ema du D.E.S., Ph. D. Thesis, University of Paris, 1991 (in French) | MR

[11] Nandi M., “Improved security analysis for OMAC as a pseudorandom function”, J. Math. Cryptol., 3 (2009), 133–148 | DOI | MR