{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T04:07:08Z","timestamp":1760242028686,"version":"build-2065373602"},"reference-count":43,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2018,12,19]],"date-time":"2018-12-19T00:00:00Z","timestamp":1545177600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>In some wireless environments, minimizing the size of messages is paramount due to the resulting significant energy savings. We present CMCC (CBC-MAC-CTR-CBC), an authenticated encryption scheme with associated data (AEAD) that is also nonce misuse resistant. The main focus for this work is minimizing ciphertext expansion, especially for short messages including plaintext lengths less than the underlying block cipher length (e.g., 16 bytes). For many existing AEAD schemes, a successful forgery leads directly to a loss of confidentiality. For CMCC, changes to the ciphertext randomize the resulting plaintext, thus forgeries do not necessarily result in a loss of confidentiality which allows us to reduce the length of the authentication tag. For protocols that send short messages, our scheme is similar to Synthetic Initialization Vector (SIV) mode for computational overhead but has much smaller expansion. We prove both a misuse resistant authenticated encryption (MRAE) security bound and an authenticated encryption (AE) security bound for CMCC. We also present a variation of CMCC, CWM (CMCC With MAC), which provides a further strengthening of the security bounds.<\/jats:p>","DOI":"10.3390\/cryptography2040042","type":"journal-article","created":{"date-parts":[[2018,12,19]],"date-time":"2018-12-19T12:12:44Z","timestamp":1545221564000},"page":"42","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["CMCC: Misuse Resistant Authenticated Encryption with Minimal Ciphertext Expansion"],"prefix":"10.3390","volume":"2","author":[{"given":"Jonathan","family":"Trostle","sequence":"first","affiliation":[{"name":"Independent Researcher, Vancouver, WA 98684, USA"}]}],"member":"1968","published-online":{"date-parts":[[2018,12,19]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Bellare, M., and Namprempre, C. (2000). Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. Advances in Cryptology\u2014ASIACRYPT 2000, Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, Japan, 3\u20137 December 2000, Springer.","DOI":"10.1007\/3-540-44448-3_41"},{"key":"ref_2","first-page":"373","article-title":"Deterministic Authenticated-Encryption","volume":"Volume 4004","author":"Rogaway","year":"2006","journal-title":"Advances in Cryptology\u2014EUROCRYPT \u201906"},{"key":"ref_3","unstructured":"Barwell, G. (2018, December 09). Posting to Cryptographic Competitions Mailing List, 7 April 2014. Available online: https:\/\/groups.google.com\/forum\/#!forum\/crypto-competitions."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Krovetz, T., and Rogaway, P. (2011). The Software Performance of Authenticated-Encryption Modes. Fast Software Encryption, Proceedings of the 18th International Workshop (FSE 2011), Lyngby, Denmark, 13\u201316 February 2011, Springer. Revised Selected Papers.","DOI":"10.1007\/978-3-642-21702-9_18"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"McGrew, D., and Viega, J. (2004). The security and performance of the Galois\/Counter Mode (GCM) of operation. Advances in Cryptology\u2014INDOCRYPT 2004, Springer. LNCS Volume 3348.","DOI":"10.1007\/978-3-540-30556-9_27"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Casner, S., and Jacobson, V. (2018, December 09). Compressing IP\/UDP\/RTP Headers for Low-Speed Serial Links. RFC 2508, February 1999. Available online: https:\/\/tools.ietf.org\/html\/rfc2508.","DOI":"10.17487\/rfc2508"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Bormann, C., Burmeister, C., Degermark, M., Fukuhsima, H., Hannu, H., Jonsson, L.-E., Hakenberg, R., Koren, T., Le, K., and Liu, Z. (2018, December 09). RObust Header Compression: Framework and Four Profiles: RTP, UDP, ESP, and uncompressed (ROHC). RFC 3095, July 2001. Available online: https:\/\/tools.ietf.org\/html\/rfc3095.","DOI":"10.17487\/rfc3095"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Vuran, M., and Akyildiz, I. (2008, January 13\u201318). Cross-layer Packet Size Optimization for Wireless Terrestrial, Underwater, and Underground Sensor Networks. Proceedings of the 27th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, Phoenix, AZ, USA.","DOI":"10.1109\/INFOCOM.2008.54"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Atkinson, R. (2018, December 09). IP Encapsulating Security Payload (ESP). RFC 1827, 1995. Available online: https:\/\/tools.ietf.org\/html\/rfc1827.","DOI":"10.17487\/rfc1827"},{"key":"ref_10","unstructured":"Bellovin, S.M. (1996, January 22\u201325). Problem Areas for the IP Security Protocols. Proceedings of the 6th USENIX Security Symposium, San Jose, CA, USA."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Bellare, M., and Rogaway, P. (2000). Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography. Advances in Cryptology\u2014ASIACRYPT 2000, Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, Japan, 3\u20137 December 2000, Springer.","DOI":"10.1007\/3-540-44448-3_24"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"An, J., and Bellare, M. (2001). Does encryption with redundancy provide authenticity?. Advances in Cryptology\u2014 EUROCRYPT 2001, Springer. LNCS Volume 2045.","DOI":"10.1007\/3-540-44987-6_31"},{"key":"ref_13","unstructured":"Struik, R. (2011, January 7). Cryptography for Highly Constrained Networks. Proceedings of the NIST CETA Workshop 2011, Gaithersburg, MD, USA."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Desai, A. (2000). New Paradigms for Constructing Symmetric Encryption Schemes Secure Against Chosen-Ciphertext Attack. Advances in Cryptology\u2014CRYPTO 2000, Proceedings of the 20th Annual International Cryptology Conference, Santa Barbara, CA, USA, 20\u201324 August 2000, Springer.","DOI":"10.1007\/3-540-44598-6_25"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Oswald, E., and Fischlin, M. (2015). Robust Authenticated-Encryption AEZ and the Problem That It Solves. Advances in Cryptology\u2014EUROCRYPT 2015, Proceedings of the 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, 26\u201330 April 2015, Springer.","DOI":"10.1007\/978-3-662-46800-5"},{"key":"ref_16","unstructured":"Krovetz, T. (2018, December 09). HS1-SIV. Available online: http:\/\/competitions.cr.yp.to\/caesar-submissions.html."},{"key":"ref_17","unstructured":"Bahack, L. (2018, December 09). Julius. Available online: http:\/\/competitions.cr.yp.to\/caesar-submissions.html."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Granger, R., Jovanovic, P., Mennink, B., and Neves, S. (2016). Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption. Advances in Cryptology\u2014EUROCRYPT 2016, Springer.","DOI":"10.1007\/978-3-662-49890-3_11"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Dunkelman, O. (2009). HBS: A Single-Key Mode of Operation for Deterministic Authenticated Encryption. Fast Software Encryption, FSE 2009, Springer.","DOI":"10.1007\/978-3-642-03317-9"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Jacobson, M.J., Rijmen, V., and Safavi-Naini, R. (2009). BTM: A Single-Key, Inverse-Cipher-Free Mode for Deterministic Authenticated Encryption. Selected Areas in Cryptography, Proceedings of the 16th Annual International Workshop (SAC 2009), Calgary, AB, Canada, 13\u201314 August 2009, Springer. Revised Selected Papers.","DOI":"10.1007\/978-3-642-05445-7"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Gueron, S., and Lindell, Y. (2015, January 12\u201316). GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle Per Byte. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA.","DOI":"10.1145\/2810103.2813613"},{"key":"ref_22","unstructured":"Bock, H., Zauner, A., Devlin, S., Somorovsky, J., and Jovanovic, P. (2018, December 09). Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. IACR Cryptology ePrint Archive. Available online: https:\/\/eprint.iacr.org\/2016\/475.pdf."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Shrimpton, T., and Terashima, R.S. (2013). A Modular Framework for Building Variable-Input-Length Tweakable Ciphers. Advances in Cryptology\u2014ASIACRYPT 2013, Proceedings of the 19th International Conference on the Theory and Application of Cryptology and Information Security, Bengaluru, India, 1\u20135 December 2013, Springer. Part I.","DOI":"10.1007\/978-3-642-42033-7_21"},{"key":"ref_24","unstructured":"Sarkar, P., and Iwata, T. (2014). How to securely release unverified plaintext in authenticated encryption. Advances in Cryptology\u2014ASIACRYPT 2014, Proceedings of the 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, 7\u201311 December 2014, Springer."},{"key":"ref_25","unstructured":"Bernstein, D.J. (2018, December 09). Features of Various Secret-Key Primitives. Available online: http:\/\/competitions.cr.yp.to\/features.html."},{"key":"ref_26","unstructured":"Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mendel, F., Mennink, B., Mouha, N., Wang, Q., and Yasuda, K. (2018, December 09). PRIMATES (2014). Available online: http:\/\/competitions.cr.yp.to\/caesar-submissions.html."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Cid, S., and Rechberger, C. (2014). APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography. Fast Software Encryption, FSE 2014, Springer. Lecture Notes in Computer Science.","DOI":"10.1007\/978-3-662-46706-0"},{"key":"ref_28","first-page":"94","article-title":"Rogue decryption failures: Reconciling AE robustness notions","volume":"Volume 9496","author":"Groth","year":"2015","journal-title":"IMACC 2015, Proceedings of the 15th IMA International Conference on Cryptography and Coding, Oxford, UK, 15\u201317 December 2015"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Peyrin, T. (2016). RIV for Robust Authenticated Encryption. Fast Software Encryption, FSE 2016, Springer.","DOI":"10.1007\/978-3-662-52993-5"},{"key":"ref_30","unstructured":"Groth, J. (2015). Robust authenticated encryption and the limits of symmetric cryptography. IMACC 2015, Proceedings of the 15th IMA International Conference on Cryptography and Coding, Oxford, UK, 15\u201317 December 2015, Springer. LNCS Volume 9496."},{"key":"ref_31","unstructured":"Chazelle, B. (2011). Abstract cryptography. Innovations in Computer Science, Tsinghua University Press."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Maurer, U. (2012). Constructive cryptography\u2014A new paradigm for security definitions and proofs. TOSCA 2011: Theory of Security and Applications, Springer. LNCS Volume 6993.","DOI":"10.1007\/978-3-642-27375-9_3"},{"key":"ref_33","first-page":"367","article-title":"On symmetric encryption with distinguishable decryption failures","volume":"Volume 8424","author":"Moriai","year":"2014","journal-title":"FSE 2013"},{"key":"ref_34","first-page":"145","article-title":"Authenticated On-Line Encryption","volume":"Volume 3006","author":"Matsui","year":"2003","journal-title":"Selected Areas in Cryptography"},{"key":"ref_35","unstructured":"Tsang, P.P., Solomakhin, R.V., and Smith, S.W. (2009). Authenticated Streamwise on-Line Encryption, Dartmouth University. Dartmouth Computer Science Technical Report TR2009-640."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Okamoto, T., Yu, Y., Au, M., and Li, Y. (2017). INT-RUP Security of Checksum-Based Authenticated Encryption. ProvSec 2017: Provable Security, Springer. Lecture Notes in Computer Science.","DOI":"10.1007\/978-3-319-68637-0"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Ristenpart, T., and Yilek, S. (2013). The Mix-and-Cut Shuffle: Small-Domain Encryption Secure against N Queries. Advances in Cryptology\u2014CRYPTO 2013, Proceedings of the 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, 18\u201322 August 2013, Springer. Part I.","DOI":"10.1007\/978-3-642-40041-4_22"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"792","DOI":"10.1145\/6490.6503","article-title":"How to construct random functions","volume":"33","author":"Goldreich","year":"1986","journal-title":"J. ACM"},{"key":"ref_39","unstructured":"Shoup, V. (2018, December 09). Sequences of Games: A Tool for Taming Complexity in Security Proofs. Available online: http:\/\/www.shoup.net\/papers\/games.pdf."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Dworkin, M.J. (2005). SP 800-38B. Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, National Institute of Standards & Technology.","DOI":"10.6028\/NIST.SP.800-38b-2005"},{"key":"ref_41","unstructured":"Harkins, D. (2018, December 09). Synthetic Initialization Vector (SIV) Authenticated Encryption Using the Advanced Encryption Standard (AES). RFC 5297. Available online: https:\/\/tools.ietf.org\/html\/rfc5297."},{"key":"ref_42","unstructured":"Iwata, T., and Kurosawa, K. (2003). OMAC: One-Key CBC MAC. FSE 2003: Fast Software Encryption, Proceedings of the 10th International Workshop, Lund, Sweden, 24\u201326 February 2003, Springer."},{"key":"ref_43","unstructured":"Wander, A.S., Gura, N., Eberle, H., Gupta, V., and Shantz, S.C. (2005, January 8\u201312). Energy analysis of public-key cryptography for wireless sensor networks. Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications, Kauai Island, HI, USA."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/4\/42\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:35:02Z","timestamp":1760196902000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/4\/42"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,12,19]]},"references-count":43,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2018,12]]}},"alternative-id":["cryptography2040042"],"URL":"https:\/\/doi.org\/10.3390\/cryptography2040042","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2018,12,19]]}}}