|
The Counter mode with encrypted nonces and its extension to authenticated encryption
S. V. Agievich Research Institute for Applied Problems of Mathematics and Informatics,
Belarusian State University, Minsk, Belarus
Abstract:
In the modified CTR (Counter) mode known as CTR2, nonces are encrypted before constructing sequences of counters from them. This way we have only probabilistic guarantees for non-overlapping of the sequences. We show that these guarantees, and therefore the security guarantees of CTR2, are strong enough in two standard scenarios: random nonces and non-repeating nonces. We also show how to extend CTR2 to an authenticated encryption mode which we call CHE (Counter-Hash-Encrypt). To extend, we use one invocation of polynomial hashing and one additional block encryption.
Key words:
CTR mode, authenticated encryption, block cipher, polynomial hashing, gamma overlapping.
Received 05.XI.2019
Citation:
S. V. Agievich, “The Counter mode with encrypted nonces and its extension to authenticated encryption”, Mat. Vopr. Kriptogr., 11:2 (2020), 7–24
Linking options:
https://www.mathnet.ru/eng/mvk318https://doi.org/10.4213/mvk318 https://www.mathnet.ru/eng/mvk/v11/i2/p7
|
|