Organizer: Giorgia Azzurra Marson / Nina Bindel
Traditionally, the two main cryptographic goals of confidentiality and integrity are realized separately by encryption and authentication schemes, respectively. The current trend in cryptography is to use a single algorithm for both; namely, an authenticated encryption (AE) scheme. The demand for secure and efficient AE schemes is reflected in the ongoing CAESAR cryptographic competition for the recommendation of a portfolio of AE algorithms.
In this talk we will give an overview of the existing AE design methods such as generic composition and dedicated approaches. We will cover the target AE security definitions and further we will discuss a number of security vulnerabilities and their possible solutions. Finally, we will focus on the CAESAR competition by presenting some of the candidates, their features and comparisons.
Elena Andreeva is a postdoctoral researcher at the COSIC research group at KU Leuven, Belgium. She completed her PhD on Domain Extenders for Hash Functions under the supervision of Prof. Bart Preneel. Her research interests are in the area of symmetric key cryptography and its provable (reductionist) security aspects. The focus of her work is modular security design and analysis, which is conducted in a well-defined security model by means of reductionist security proofs. Such proofs are established tools for security validation of cryptographic primitives.
Her work can be categorized into definitional, analysis and design contributions. Several of her papers deal with establishing security notions and conducting reductionist security proofs for numerous hash functions (including many of the SHA-3 finalists), block ciphers and authenticated encryption schemes. She has also made several contributions to the design of various symmetric primitives. Recently, she has been involved in the PRIMATEs and COPA designs, which were submitted to the ongoing CAESAR competition for authenticated encryption algorithms. Her contributions to the design of hash functions as domain extenders (modes of operation) include the ROX and BCM proposals, and contributions to the first round SHA-3 candidate LANE.