#### Filter Results:

- Full text PDF available (24)

#### Publication Year

1998

2017

- This year (1)
- Last 5 years (11)
- Last 10 years (14)

#### Publication Type

#### Co-author

#### Journals and Conferences

#### Key Phrases

Learn More

- Phillip Rogaway, Mihir Bellare, John Black, Ted Krovetz
- ACM Conference on Computer and Communications…
- 2001

We describe a parallelizable block-cipher mode of operation that simultaneously provides privacy and authenticity. OCB encrypts-and-authenticates a nonempty string <i>M</i> ε {0,1}• using \lceil |M|/n\rceil + 2 block-cipher invocations, where <i>n</i> is the block length of the underlying block cipher. Additional overhead is small. OCB refines a… (More)

- John Black, Shai Halevi, Hugo Krawczyk, Ted Krovetz, Phillip Rogaway
- CRYPTO
- 1999

We describe a message authentication algorithm, UMAC, which can authenticate messages (in software, on contemporary machines) roughly an order of magnitude faster than current practice (e.g., HMAC-SHA1), and about twice as fast as times previously reported for the universal hash-function family MMH. To achieve such speeds, UMAC uses a new universal… (More)

- Ted Krovetz, Phillip Rogaway
- FSE
- 2011

We study the software performance of authenticated-encryption modes CCM, GCM, and OCB. Across a variety of platforms, we find OCB to be substantially faster than either alternative. For example, on an Intel i5 (“Clarkdale”) processor, good implementations of CCM, GCM, and OCB encrypt at around 4.2 cpb, 3.7 cpb, and 1.5 cpb, while CTR mode requires about 1.3… (More)

- Ted Krovetz
- 2006

To generate the authentication tag on a given message, a "universal" hash function is applied to the message and key to produce a short, fixed-length hash value, and this hash value is then xor’ed with a key-derived pseudorandom pad. UMAC enjoys a rigorous security analysis, and its only internal "cryptographic" component is a block cipher used to generate… (More)

- Viet Tung Hoang, Ted Krovetz, Phillip Rogaway
- IACR Cryptology ePrint Archive
- 2014

With a scheme for robust authenticated-encryption a user can select an arbitrary value λ≥ 0 and then encrypt a plaintext of any length into a ciphertext that’s λ characters longer. The scheme must provide all the privacy and authenticity possible for the requested λ. We formalize and investigate this idea, and construct a well-optimized solution, AEZ, from… (More)

- Mihir Bellare, Ted Krovetz, Phillip Rogaway
- EUROCRYPT
- 1998

We argue that the invertibility of a block cipher can reduce the security of schemes that use it, and a better starting point for scheme design is the non-invertible analog of a block cipher, that is, a pseudorandom function (PRF). Since a block cipher may be viewed as a pseudorandom permutation, we are led to investigate the reverse of the problem studied… (More)

- Ted Krovetz, Phillip Rogaway
- ICISC
- 2000

We describe a universal hash-function family, PolyR, which hashes messages of effectively arbitrary lengths in 3.9–6.9 cycles/byte (cpb) on a Pentium II (achieving a collision probability in the range 2−16–2−50). Unlike most proposals, PolyR actually hashes short messages faster (per byte) than long ones. At the same time, its key is only a few bytes, the… (More)

- Ted Krovetz
- IACR Cryptology ePrint Archive
- 2006

This paper introduces VMAC, a message authentication algorithm (MAC) optimized for high performance in software on 64-bit architectures. On the Athlon 64 processor, VMAC authenticates 2KB cache-resident messages at a cost of about 0.5 CPU cycles per message byte (cpb) — significantly faster than other recent MAC schemes such as UMAC (1.0 cpb) and Poly1305… (More)

- Ted Krovetz, Phillip Rogaway
- Inf. Process. Lett.
- 2006

The strongest well-known measure for the quality of a universal hash-function family H is its being ε-strongly universal, which measures, for randomly chosen h ∈ H, one’s inability to guess h(m′) even if h(m) is known for some m 6= m′. We give example applications in which this measure is too weak, and we introduce a stronger measure for the quality of a… (More)

AEZ encrypts by appending to the plaintext a fixed authentication block and then enciphering the resulting string with an arbitrary-input-length blockcipher, this tweaked by the nonce and AD. The approach results in strong security and usability properties, including nonce-reuse misuse resistance, automatic exploitation of decryption-verified redundancy,… (More)