On confidentiality property of MGM AEAD-mode

Liliya Akhmetzyanova


In this paper the security of AEAD mode called the Multilinear Galois Mode (MGM) was analyzed regarding confidentiality property. This mode was originally proposed in CTCrypt 2017. Then it was adopted as a standard AEAD mode in the Russian Standardization system. The MGM plaintext encryption procedure is quite similar to encryption in the counter mode. The main element of the MGM authentication procedure is a multilinear function with secret coefficients produced in the same way as the secret masking blocks used for plaintext encryption. This construction allows keeping such advantages as parallelization, online and availability of precomputations. The report presented at the conference outlined the design principles of the MGM mode from the point of view of providing security. The analysis of the MGM mode was carried out in the paradigm of provable security, in other words, lower security bound was obtained for the IND-CPA notion as a function of the mode parameters and amount of data available to an adversary. This bound shows that the privacy of this mode is provably guaranteed (under security of the used block cipher) up to the birthday paradox bound.

Full Text:

PDF (Russian)


E. Rescorla, «The Transport Layer Security (TLS) Protocol Version 1.3», RFC 8446, 2018.

V. Nozdrunov, «Parallel and double block cipher mode of operation (PD-mode) for authenticated encryption», In Proceedings of 6th Workshop on Current Trends in Cryptology (CTCrypt 2017), 2017.

M. Bellare and C. Namprempre, «Authenticated encryption: Relations among notions and analysis of the generic composition paradigm», Advances in Cryptology — ASIACRYPT 2000. ASIACRYPT 2000. Lecture

Notes in Computer Science, vol. 1976, 2000.

«Information technology. Cryptographic data security. Authenticated encryption block cipher operation modes», Federal Agency on Technical Regulating and Metrology, 2019.

P. Rogaway, «Nonce-Based Symmetric Encryption», Fast Software Encryption. FSE 2004. Lecture Notes in Computer Science, vol. 3017, 2004.

M. Bellare and P. Rogaway, «The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs», Advances in Cryptology — EUROCRYPT 2006. Lecture Notes in Computer Science,

vol. 4004, 2006.

D. Chang and M. Nandi, «A Short Proof of the PRP/PRF Switching Lemma», IACR Cryptology ePrint Archive, vol. 2008/078, 2008.

A. Kurochkin and D. Fomin, «MGM Beyond the Birthday Bound», 8th Workshop on Current Trends in Cryptology (CTCrypt 2019), 2019.


  • There are currently no refbacks.

Abava  Кибербезопасность FRUCT 2023

ISSN: 2307-8162