Browse Prior Art Database

Synthetic Initialization Vector (SIV) Authenticated Encryption Using the Advanced Encryption Standard (AES) (RFC5297)

IP.com Disclosure Number: IPCOM000175795D
Original Publication Date: 2008-Oct-01
Included in the Prior Art Database: 2008-Oct-25
Document File: 27 page(s) / 51K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Harkins: AUTHOR

Abstract

This memo describes SIV (Synthetic Initialization Vector), a block cipher mode of operation. SIV takes a key, a plaintext, and multiple variable-length octet strings that will be authenticated but not encrypted. It produces a ciphertext having the same length as the plaintext and a synthetic initialization vector. Depending on how it is used, SIV achieves either the goal of deterministic authenticated encryption or the goal of nonce-based, misuse-resistant authenticated encryption.

This text was extracted from an ASCII text file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 5% of the total text.

Network Working Group                                         D. Harkins Request for Comments: 5297                               

Aruba

Networks Category: Informational                                     October 2008

     Synthetic Initialization Vector (SIV) Authenticated Encryption               Using the Advanced Encryption Standard (AES)

Status of This Memo

   This memo provides information for the Internet community.  It does    not specify an Internet standard of any kind.  Distribution of this    memo is unlimited.

Abstract

   This memo describes SIV (Synthetic Initialization Vector), a block    cipher mode of operation.  SIV takes a key, a plaintext, and multiple    variable-length octet strings that will be authenticated but not    encrypted.  It produces a ciphertext having the same length as the    plaintext and a synthetic initialization vector.  Depending on how it    is used, SIV achieves either the goal of deterministic authenticated    encryption or the goal of nonce-based, misuse-resistant authenticated    encryption.

Hawkins                      Informational                      [Page 1]
 RFC 5297                        SIV-AES                     October 2008

 Table of Contents

   1. Introduction ....................................................3

      1.1. Background .................................................3

      1.2. Definitions ................................................4

      1.3. Motivation .................................................4

           1.3.1. Key Wrapping ........................................4

           1.3.2. Resistance to Nonce Misuse/Reuse ....................4

           1.3.3. Key Derivation ......................................5

           1.3.4. Robustness versus Performance .......................6

           1.3.5. Conservation of Cryptographic Primitives ............6

   2. Specification of SIV ............................................6

      2.1. Notation ...................................................6

      2.2. Overview ...................................................7

      2.3. Doubling ...................................................7

      2.4. S2V ........................................................8

      2.5. CTR .......................................................10

      2.6. SIV Encrypt ...............................................10

      2.7. SIV Decrypt ...............................................12

   3. Nonce-Based Authenticated Encryption with SIV ....