[Resource Topic] 2014/1003: COFFE: Ciphertext Output Feedback Faithful Encryption

Welcome to the resource topic for 2014/1003

COFFE: Ciphertext Output Feedback Faithful Encryption

Authors: Christian Forler, David McGrew, Stefan Lucks, Jakob Wenzel


In this paper we introduce the first authenticated encryption scheme based on a hash function, called COFFE. This research has been motivated by the challenge to fit secure cryptography into constrained devices – some of these devices have to use a hash function, anyway, and the challenge is to avoid the usage of an additional block cipher to provide authenticated encryption. COFFE satisfies the common security requirements regarding authenticated encryption, i.e., IND-CPA- and INT-CTXT-security. Beyond that, it provides the following additional security features: resistance against side-channel attacks and INT-CTXT security in the nonce-misuse scenario. It also support failure-friendly authentication under reasonable assumptions.

ePrint: https://eprint.iacr.org/2014/1003

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .