Misuse-resistant MGM2 mode

Liliya Akhmetzyanova, Evgeny Alekseev, Alexandra Babueva, Andrey Bozhko, Stanislav Smyshlyaev


We introduce a new AEAD mode – an MGM2 mode. For this mode we provide security bounds regarding extended security notions in the nonce-misuse setting. Misuseresistance is crucial for applications for which there is no way to provide uniqueness of nonces. Moreover, this security property also provides additional protection against implementation errors, both accidental and adversarial. The MGM2 mode was developed basing on the MGM  (Multilinear Galois Mode) mode that was standardized in the Russian Federation. The main cryptographic core of the construction, namely multilinear function, is not changed. For the new mode we change the way how secret masking blocks and secret coefficients of the multilinear function are produced, decreasing the probability of collision between block cipher inputs. We provide the security bounds for MGM2 in the MRAE-integrity and CPA-res models. The obtained bounds show that the developed mode provides better security properties regarding even extended security notions than the original MGM mode provides regarding base security notions (in the nonce-respecting setting).

Full Text:

PDF (Russian)


M. Bellare and C. Namprempre, «Authenticated encryption: Relations among notions and analysis of the generic composition paradigm», Advances in Cryptology — ASIACRYPT 2000. ASIACRYPT 2000. Lecture Notes in Computer Science, vol. 1976, 2000.

«Information technology. Cryptographic data security. Authenticated encryption block cipher operation modes», Federal Agency on Technical Regulating and Metrology, 2019.

P. Rogaway, «Nonce-Based Symmetric Encryption», Fast Software Encryption. FSE 2004. Lecture Notes in Computer Science, vol. 3017, 2004.

L. Akhmetzyanova, E. Alekseev, G. Karpunin, and V. Nozdrunov, «Security of Multilinear Galois Mode (MGM)», IACR Cryptology ePrint Archive, vol. 2019/123, 2019.

E. Andreeva and et al, «How to Securely Release Unverified Plaintext in Authenticated Encryption», Advances in Cryptology – ASIACRYPT 2014. Lecture Notes in Computer Science, vol. 8873, 2014.

J. Black, P. Rogaway, and T. Shrimpton, «Encryption-Scheme Security in the Presence of Key-Dependent Messages», In Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography (SAC ’02), 2002.

P. Rogaway and T. Shrimpton, «A provable-security treatment of the key-wrap problem», Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 4004, 2006.

L. Akhmetzyanova, E. Alekseev, A. Babueva, and S. Smyshlyaev, Prikladnaya diskretnaya matematika, vol. 49, 2020.

T. Ashur, O. Dunkelman, and A. Luykx, «Boosting authenticated encryption robustness with minimal modifications», Advances in Cryptology – CRYPTO 2017. Lecture Notes in Computer Science, vol. 10403, 2017.

V. Hoang, T. Krovetz, and P. Rogaway, «Robust Authenticated-Encryption AEZ and the Problem That It Solves», dvances in Cryptology – EUROCRYPT 2015. EUROCRYPT 2015. Lecture Notes in Computer Science, vol. 9056, 2015.

T. Shrimpton and R. Terashima, «A modular framework for building variable-input-length tweakable ciphers », International Conference on the Theory and Application of Cryptology and Information Security. Lecture Notes in Computer Science, vol. 8269, 2013.

S. Gueron and Y. Lindell, «GCM-SIV: full nonce misuse-resistant authenticated encryption at under one cycle per byte», Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015.

A. Kurochkin and D. Fomin, «MGM Beyond the Birthday Bound», 8th Workshop on Current Trends in Cryptology (CTCrypt 2019), 2019.

«Information technology. Cryptographic data security. Cryptographic algorithms accompanying the use of block ciphers», Federal Agency on Technical Regulating and Metrology, 2018.

L. Akhmetzyanova, E. Alekseev, S. Smyshlyaev, and I. Oshkin, «On Internal Re-keying», Advances in Cryptology – Security Standardisation Research 2020. Lecture Notes in Computer Science, vol. 12529, 2020.

M. Bellare and P. Rogaway, «The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs», Advances in Cryptology — EUROCRYPT 2006. Lecture Notes in Computer Science, vol. 4004, 2006.

T. Shrimpton, «A Characterization of Authenticated-Encryption as a Form of Chosen-Ciphertext Security», IACR Cryptology ePrint Archive, vol. 2004/272, 2004.

D. Bernstein, «Stronger Security Bounds for Permutations», 2005. [Online]. Available: http:/ /cr. yp. to/papers.html.

D. Chang and M. Nandi, «A Short Proof of the PRP/PRF Switching Lemma», IACR Cryptology ePrint Archive, vol. 2008/078, 2008.

«CAESAR competion», [Online]. Available: https://competitions.cr.yp.to/caesar.html.


  • There are currently no refbacks.

Abava  Кибербезопасность MoNeTec 2024

ISSN: 2307-8162