Description
In this talk, I will describe the family of authenticated encryption (with associated data) algorithms SCREAM and iSCREAM. They are based on Liskov et al.'s Tweakable Authenticated Encryption (TAE) mode with the new tweakable block ciphers Scream and iScream. The main desirable features of SCREAM and iSCREAM are:<br/> * A simple and regular design allowing excellent performances on a wide range of architectures, in particular if masking is implemented as a side-channel countermeasure;<br/> * Inheriting from TAE, security beyond the birthday bound, i.e. a 128-bit security guarantee with up to 2128 bits of data processed with the same 128-bit key;<br/> * Low overheads for the authentication mode (e.g. no extra cipher calls to generate masks);<br/> * Fully parallelisable authenticated encryption with minimal ciphertext length.<br/> In addition, iSCREAM allows compact implementations for combined encryption and decryption, by taking advantage of involutive components in its underlying cipher iScream.
Prochains exposés
-
MIKE: An efficient and compact NIKE Based on a Commutative Monoidal Action
Orateur : Jonathan Komada Eriksen - COSIC, KU Leuven
Robert recently described a powerful correspondence between certain (Hermitian) modules and (polarized) abelian varieties, which simultaneously generalizes both the class-group action underlying protocols such as CSIDH, and the Deuring correspondence, underlying protocols such as SQIsign. Using this correspondence, he also proposed how to construct a post-quantum NIKE, called MIKE, which, at a[…]-
Cryptography
-
-
TBA
Orateur : Anmoal Porwal - Technical University of Munich
-
Cryptography
-
Asymmetric primitive
-