Abstract:
The paper introduces a new AEAD mode called $\mathsf{sMGM}$ (strong Multilinear Galois Mode). The proposed construction can be treated as an extension of the Russian standardized $\mathsf{MGM}$ mode and its modification $\mathsf{MGM2}$ mode presented at the CTCrypt'21 conference. The distinctive feature of the new mode is that it provides an interface allowing to choose specific security properties required for a certain application case. Namely, the mode has additional parameters allowing to switch on/off misuse-resistance or re-keying mechanisms.
The $\mathsf{sMGM}$ mode consists of two main «building blocks» that are a CTR-style gamma generation function with incorporated re-keying and a multilinear function that lies in the core of the original $\mathsf{MGM}$ mode. Different ways of using these functions leads to achieving different sets of security properties. This approach to the construction of parameterizable AEAD mode allows to reduce the code size which can be crucial for constrained devices.
We provide security bounds for the proposed mode. We focus on proving misuse-resistance of the $\mathsf{sMGM}$ mode, since the standard security properties were already analyzed during development of the original $\mathsf{MGM}$ and $\mathsf{MGM2}$ modes.
Fulltext:
PDF file (756 kB)