The mF mode of authenticated encryption with associated data

Abstract In recent years, the demand for lightweight cryptographic protocols has grown immensely. To fulfill this necessity, the National Institute of Standards and Technology (NIST) has initiated a standardization process for lightweight cryptographic encryption. NIST’s call for proposal demands that the scheme should have one primary member that has a key length of 128 bits, and it should be secure up to 2 50 − 1 {2}^{50}-1 byte queries and 2 112 {2}^{112} computations. In this article, we propose a tweakable block cipher (TBC)-based authenticated encryption with associated data (AEAD) scheme, which we call mF {\mathsf{mF}} . We provide authenticated encryption security analysis for mF {\mathsf{mF}} under some weaker security assumptions (stated in the article) on the underlying TBC. We instantiate a TBC using block cipher and show that the TBC achieves these weaker securities, provided the key update function has high periodicity. mixFeed {\mathsf{mixFeed}} is a round 2 candidate in the aforementioned lightweight cryptographic standardization competition. When we replace the key update function with the key scheduling function of Advanced Encryption Standard (AES), the mF {\mathsf{mF}} mode reduces to mixFeed {\mathsf{mixFeed}} . Recently, the low periodicity of AES key schedule is shown. Exploiting this feature, a practical attack on mixFeed {\mathsf{mixFeed}} is reported. We have shown that multiplication by primitive element satisfies the high periodicity property, and we have a secure instantiation of mF {\mathsf{mF}} , a secure variant of mixFeed {\mathsf{mixFeed}} .