Fast Encryption and Authentication in One Shot

Oct 25, 2000

Abstract

A long-standing goal in the design of block encryption modes has been the ability to provide message-integrity protection with simple manipulation detection code functions, such as bitwise exclusive-or, cyclic redundancy code, or even constant functions. Most attempts to achieve this goal focused on different variations of the Cipher Block Chaining mode of encryption, which is the most common block-encryption mode in use. To date, most attempts -- including one of my own -- failed. In this seminar, I will present several modes that achieve both confidentiality and integrity (authenticity) in a single pass over the data and a single cryptographic primitive, in both sequential and parallel operation. Fast two-pass modes are also supported whenever the separation of confidentiality and integrity keys is desired. The performance and security of the modes presented scales directly with the performance and security of the underlying block-encryption function since separate cryptographic primitives, such as hash functions, become unnecessary. I anticipate that new encryption modes, such as the ones presented, will be used to save power, chip real-estate in hardware implementations, and to improve encryption throughput for new internet applications.