Popis: |
The complexity and isomerization of communication networks have put forth new requirements for cryptographic schemes to ensure the operation of network security protocols. Robust cryptographic schemes have been gradually favored. The robust initialization vector (RIV) instead of the synthetic initialization vector (SIV) was first introduced to support strong security and robust authenticated encryption. This paper first introduces RIV to GCM-SIV1, proposes a robust variant, GCM-RIV1, and proves that it ensures birthday-bound subtle AE (SAE) security and nonce-misuse resistance. Then, to support beyond-birthday-bound (BBB) security with graceful degradation, we introduce another, stronger security variant, GCM-RIV2, and prove that it allows gracefully degrading BBB SAE security in the faulty nonce setting. Finally, the performance of GCM-RIV1 and GCM-RIV2 is discussed and compared. |