Authenticated encryption method and apparatus
First Claim
Patent Images
1. An authenticated encryption method comprising operations of:
- receiving first data;
encrypting the first data, using a secret key, to form encrypted data;
forming second data by effecting a deterministic combination of the encrypted data with data characteristic of the first data; and
forming a message authentication code, MAC, in dependence on the second data.
0 Assignments
0 Petitions
Accused Products
Abstract
An authenticated encryption method and apparatus are described in which plaintext data is encrypted, using a secret key, to form ciphertext data. A message authentication code, MAC, is also formed in dependence on a combination of the ciphertext data and data characteristic of the plaintext data. The ciphertext data and the MAC are then output, for example, for storage to a storage medium. In a preferred embodiment a block cipher operating in GCM mode is adapted to cause the stored message authentication code to be dependent on the plaintext data.
67 Citations
22 Claims
-
1. An authenticated encryption method comprising operations of:
-
receiving first data; encrypting the first data, using a secret key, to form encrypted data; forming second data by effecting a deterministic combination of the encrypted data with data characteristic of the first data; and forming a message authentication code, MAC, in dependence on the second data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. Authenticated encryption apparatus comprising:
-
an input interface arranged to receive first data; an encryption arrangement arranged to use a secret key to encrypt the first data to form encrypted data; a MAC-generation arrangement arranged to receive as inputs the first data in its form prior to encryption and said encrypted data, the MAC-generation arrangement being further arranged to form second data in dependence on the first data and the encrypted data and then to form a message authentication code, MAC, in dependence on the second data; and an output interface arranged to output the encrypted data and the MAC. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification