Abstract:
In the modern world, almost every computing device uses some cryptographic
technique or the other. Over the years several schemes have been
proposed implemented and standardized. For any kind of data transfer the
primary goals are encryption and authentication. Historically, these two
goals are achieved separately, via two different techniques. Any symmetric
cipher scheme can be used for encryption, whereas, for authentication,
usage of a keyed MAC is prevalent. There is another approach known as
Authenticated Encryption (AE), which fulfills both the goals at the same
time.
From an implementation perspective, it is important that, if the packet
is malformed, it is rejected as soon as possible. Common techniques like
AES-CBC, allow for such a fail-fast paradigm using padding oracle. But,
the same technique cannot be applied for other common AE techniques like
AES-GCM. In this work, we provide a technique using which any AE scheme
can be used directly (without any change), whilst providing the good fail-fast
features at the same time.