Authenticated Encryption, State of the Art and Directions
Elena Andreeva, Ph.D
The classical approach to realizing the two main cryptographic goals of confidentiality and integrity is by employing, independently, an encryption and authentication scheme, respectively. It has long been realized that, in most security scenarios, confidentiality and integrity go hand in hand. Yet, putting those two together has not been an easy task. Combining encryption and authentication with off-the-shelf existing schemes comes at a price and is not always a trivial task as attacks on TLS (Transport Layer Security) and SSH (Secure Shell) have exemplified it.
The current trend in cryptography is to use a single authenticated encryption (AE) algorithm. The demand for secure and efficient AE schemes is reflected in the ongoing CAESAR cryptographic competition for the recommendation of a portfolio of AE algorithms.
In this talk we will give an overview of the existing AE design methods such as generic composition and dedicated approaches. We will cover the target AE security definitions and further we will discuss a number of security vulnerabilities and their possible solutions. We will discuss the outcome of the CAESAR competition and present our APE and COLM
(finalist) CAESAR designs. We will conclude this talk with our novel ideas for efficient AE based on a novel symmetric cryptographic primitive: the ForkAE.
Elena Andreeva is a research expert in COSIC. Her main research expertise is on symmetric cryptographic primitives: hash functions, block ciphers, authenticated encryption schemes; provable security and privacy protocols.
She completed her PhD thesis on under the supervision of Prof. Bart Preneel <http://www.esat.kuleuven.be/~preneel/>and was
funded by PhD and postdoctoral grants from the Flemish Research Foundation (FWO aspirant). She has more than 30 international journal
and conference (CRYPTO, EUROCRYPT, ASIACRYPT, FSE, Journal of
Cryptology) publications, participated in the PRACTICE and HEAT H2020
projects, and is a co-designer of: the hash function LANE, the ROX and
BCM hashing modes of operation, the authenticated encryption schemes
APE, COBRA, COLM (a CAESAR finalist).