Japan
サイト内の現在位置
OTR Mode of Operation for Authenticated Encryption
November 28, 2019
Introduction
Authenticated encryption (AE) is a symmetric-key cryptographic function achieving both confidentiality and integrity. OTR, which stands for Offset Two-Round, is an AE based on a blockcipher presented at Eurocrypt 2014.
OTR is parallelizable, rate-1, and on-line for both encryption and decryption, and requires only the blockcipher encryption function. OTR thus essentially achieves the minimum additional cost from the ordinal encryption-only modes, such as counter mode. The key idea of OTR is the use of two-round Feistel permutation with blockcipher-based round function.
OTR with AES blockcipher, called AES-OTR, is a candidate of 
CAESAR, a cryptographic competition on AE organized by leading professionals in the field and funded by National Institute of Standards and Technology, NIST.
Designer
Kazuhiko Minematsu (NEC)
Specifications
In principle OTR can be defined with n-bit blockcipher, or more generally any n-bit keyed (non-invertible) function, for any n.
AES-OTR specifies the case n=128 with the underlying blockcipher as AES-128 or AES-256.
Specification document of AES-OTR is available from the submission list of CAESAR.
Features
- Encryption rate is 1 : one blockcipher call to process one-block input
- On-line and parallelizable for both encryption and decryption
- Uses blockcipher encryption function, no need for the inverse
- Standard nonce-based provable security
Implementation Figures
(To be presented)
お問い合わせ
