Authenticated encryption for very short inputs (Q6057194)

The authors study authenticated encryption (AE) modes dedicated to very short messages, which are crucial for Internet-of-Things applications. Because the existing general-purpose AE modes need at least three block cipher calls for non-empty messages, they explore the design space for AE modes that use at most two calls. They propose a family of AE modes, dubbed Manx, that work when the total input length is less than \(2n\) bits, using an \(n\)-bit block cipher. Notably, the second construction of Manx can encrypt almost \(n\)-bit plaintext and saves one or two block cipher calls from the standard modes, such as GCM or OCB, keeping comparable provable security. They also present benchmarks on popular 8/32-bit microprocessors using AES. Their result shows the clear advantage of Manx over the previous modes for such short messages. For the entire collection see [Zbl 1521.94005].