This paper proposes a new scheme for authenticated encryption (AE) which is typically realized as a blockcipher mode of operation.
The proposed scheme has attractive features for fast and compact operation.
When it is realized with a blockcipher, it requires one blockcipher call to process one input block (i.e. rate-1), and uses the encryption function of the blockcipher for both encryption and decryption.
Moreover, the scheme enables one-pass, parallel operation under two-block partition.
The proposed scheme thus attains similar characteristics as the seminal OCB mode, without using the inverse blockcipher.
The key idea of our proposal is a novel usage of two-round Feistel permutation, where the round functions are derived from the theory of tweakable blockcipher.
We also provide basic software results, and describe some ideas on using a non-invertible primitive, such as a keyed hash function.
↧