International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: ManTiCore: Encryption with Joint Cipher-State Authentication

Cheryl Beaver
Timothy Draelos
Richard Schroeppel
Mark Torgerson
Search ePrint
Search Google
Abstract: We describe a new method for authenticated encryption, which uses information from the internal state of the cipher to provide the authentication. This methodology has a number of benefits. The encryption has properties similar to CBC mode, yet the encipherment and authentication mechanisms can be parallelized and/or pipelined. The authentication overhead is minimal, so the computational cost of the authenticated encryption is very nearly that of the encryption process. Also, the authentication process remains resistant against some IV reuse. We present a class of encryption algorithms that are based on cryptographic hash functions. Because of the hash function construction, the MTC4 class of methods supports variable encryption block sizes up to twice the hash output block length and trivially supports variable key lengths. We also provide a more general construction for using the internal state of any round-based block cipher as an authenticator. We give a concrete example of the general construction that uses AES as the encryption primitive. We provide performance measurements for all of our constructions.
  title={ManTiCore: Encryption with Joint Cipher-State Authentication},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / Authenticated Encryption, Luby-Rackoff, Feistel, Middletext, Hash, Cipher},
  note={ 12265 received 1 Aug 2003},
  author={Cheryl Beaver and Timothy Draelos and Richard Schroeppel and Mark Torgerson},