McOE: A Foolproof On-Line Authenticated Encryption Scheme

McOE: A Foolproof On-Line Authenticated Encryption Scheme

Abstract: On-Line Authenticated Encryption (OAE) combines confidentiality with data integrity and is on-line computable. Most block cipher-based schemes for Authenticated Encryption can be run online and are provably secure against nonce-respecting adversaries. But they fail badly for more general adversaries. This is not a theoretical observation only – in practice, the reuse of nonces is a frequent issue. In recent years, cryptographers developed misuse-resistant schemes for Authenticated Encryption. These guarantee excellent security even against general adversaries which are allowed to reuse nonces. Their disadvantage is that encryption can be performed in an off-line way, only. This paper considers OAE schemes dealing both with nonce-respecting and with general adversaries. It introduces McOE, an efficient design for OAE schemes. The construction is based on a ’simple’ block cipher and is on-line computable. It provably guarantees reasonable security against general adversaries as well as standard security against nonce-respecting adversaries.

On-Line Authenticated Encryption (OAE). Application software often requires a network channel that guarantees the privacy and authenticity of data being communicated between two parties. Cryptographic schemes able to meet both of these goals are commonly referred to as Authenticated Encryption (AE) schemes. The ISO/IEC 19772:2009 standard for AE [16] defines generic composition (Encrypt-then-MAC [3]) and five dedicated AE schemes: OCB2 [33], SIV [36] (denoted as “Key Wrap” in [16]), CCM [10], EAX [5], and GCM [29]. To integrate an AE-secure channel most seamlessly into a typical software architecture, application developers expect it to encrypt in an
on-line manner meaning that the i-th ciphertext block can be written before the (i+1)-th plaintext block has to be read. A restriction to off-line encryption, where usually the entire plaintext must be known in advance (or read more than once) is an encumbrance to software architects.

Category : secret-key cryptography / authenticated encryption, online encryption, provable security, misuse resistant.

[non commercial cryptographers] – Download this Papers


  1. […] more: McOE: A Foolproof On-Line Authenticated Encryption Scheme … Categories: Encryption, Uncategorized Tags: authenticated, block-cipher-based, […]

  2. Well there’s a saying

    There is nothing fool proof against intelligent fools..


    Every encryption has a leak.. its just to find that out..

    you can visit me back

  3. verdens beste gulrotkake
    This is pointless, why am I even reading it and not enjoying verdens beste gulrotkake? I should learn to spend my time better.

  4. I really like your writing style, excellent information, thankyou for posting : D.

  5. Super ideas…

    You have some super ideas! Perhaps I ought to think about trying this myself. Thanks…

  6. Regards for this rattling post, I am glad I observed this site on yahoo.

  7. Equally inquiries need to be handled by the end involving 12

Sorry, the comment form is closed at this time.

Comments RSS