2023
DOI: 10.1049/ise2.12110
|View full text |Cite
|
Sign up to set email alerts
|

Nonce‐misuse resilience of Romulus‐N and GIFT‐COFB

Abstract: Nonce‐misuse resilience (NMRL) security of Romulus‐N and GIFT‐COFB is analysed, the two finalists of NIST Lightweight Cryptography project for standardising lightweight authenticated encryption. NMRL, introduced by Ashur et al. at CRYPTO 2017, is a relaxed security notion from a stronger, nonce‐misuse resistance notion. The authors have proved that Romulus‐N and GIFT‐ COFB have nonce‐misuse resilience. For Romulus‐N, the perfect privacy (NMRL‐PRIV) and n/2‐bit authenticity (NMRL‐AUTH) with graceful degradation… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1

Citation Types

0
1
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
2

Relationship

0
2

Authors

Journals

citations
Cited by 2 publications
(1 citation statement)
references
References 32 publications
0
1
0
Order By: Relevance
“…SIV is roughly as efficient as the general two-pass AE modes (such as CCM), but more resilient to nonce misuse [4]. A large number of MRAE designs followed, such as HBS [5], BTM [6], MR-OMD [7], GCM-SIV [8], AES-GCM-SIV [9], GCM-SIV1 [10], GCM-SIV2 [10], CCM-SIV [11], SAEF [12], and GIFT-COFB [13]. Later, Dutta et al refined nonce misuse and introduced a faulty nonce notion to specify the degree of repeated nonce tolerance [14].…”
Section: Introductionmentioning
confidence: 99%
“…SIV is roughly as efficient as the general two-pass AE modes (such as CCM), but more resilient to nonce misuse [4]. A large number of MRAE designs followed, such as HBS [5], BTM [6], MR-OMD [7], GCM-SIV [8], AES-GCM-SIV [9], GCM-SIV1 [10], GCM-SIV2 [10], CCM-SIV [11], SAEF [12], and GIFT-COFB [13]. Later, Dutta et al refined nonce misuse and introduced a faulty nonce notion to specify the degree of repeated nonce tolerance [14].…”
Section: Introductionmentioning
confidence: 99%