zbMATH — the first resource for mathematics

OMD: a compression function mode of operation for authenticated encryption. (English) Zbl 1382.94083
Joux, Antoine (ed.) et al., Selected areas in cryptography – SAC 2014. 21st international conference, Montreal, QC, Canada, August 14–15, 2014. Revised selected papers. Cham: Springer (ISBN 978-3-319-13050-7/pbk; 978-3-319-13051-4/ebook). Lecture Notes in Computer Science 8781, 112-128 (2014).
Summary: We propose the Offset Merkle-Damgård (OMD) scheme, a mode of operation to use a compression function for building a nonce-based authenticated encryption with associated data. In OMD, the parts responsible for privacy and authenticity are tightly coupled to minimize the total number of compression function calls: for processing a message of \(\ell \) blocks and associated data of \(a\) blocks, OMD needs \(\ell +a+2\) calls to the compression function (plus a single call during the whole lifetime of the key). OMD is provably secure based on the standard pseudorandom function (PRF) property of the compression function. Instantiations of OMD using the compression functions of SHA-256 and SHA-512, called OMD-SHA256 and OMD-SHA512, respectively, provide much higher quantitative level of security compared to the AES-based schemes. OMD-SHA256 can benefit from the new Intel SHA Extensions on next-generation processors.
For the entire collection see [Zbl 1332.94006].

94A60 Cryptography
94A62 Authentication, digital signatures and secret sharing
Full Text: DOI