Skip to Main content Skip to Navigation
Conference papers

OMD: A Compression Function Mode of Operation for Authenticated Encryption

Abstract : We propose the Offset Merkle-Damgård (OMD) scheme, a mode of operation to use a compression function for building a nonce-based authenticated encryption with associated data. In OMD, the parts responsible for privacy and authenticity are tightly coupled to minimize the total number of compression function calls: for processing a message of ℓ blocks and associated data of a blocks, OMD needs ℓ+a+2 calls to the compression function (plus a single call during the whole lifetime of the key). OMD is provably secure based on the standard pseudorandom function (PRF) property of the compression function. Instantiations of OMD using the compression functions of SHA-256 and SHA-512, called OMD-SHA256 and OMD-SHA512, respectively, provide much higher quantitative level of security compared to the AES-based schemes. OMD-SHA256 can benefit from the new Intel SHA Extensions on next-generation processors.
Keywords : block ciphers
Document type :
Conference papers
Complete list of metadata
Contributor : David Naccache <>
Submitted on : Wednesday, December 24, 2014 - 2:26:12 PM
Last modification on : Tuesday, May 4, 2021 - 2:06:02 PM

Links full text




Simon Cogliani, Diana-Stefania Maimut, David Naccache, Rodrigo Portella, Reza Reyhanitabar, et al.. OMD: A Compression Function Mode of Operation for Authenticated Encryption. Selected Areas in Cryptography 2014, IACR, Aug 2014, Montreal, Quebec, Canada. ⟨10.1007/978-3-319-13051-4_7⟩. ⟨hal-01098397⟩



Record views