SIV mode
E437867
SIV mode is a cryptographic block cipher mode of operation that provides both authenticated encryption and misuse resistance by combining synthetic initialization vectors with encryption.
All labels observed (1)
| Label | Occurrences |
|---|---|
| SIV mode canonical | 1 |
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
authenticated encryption mode
ⓘ
block cipher mode of operation ⓘ misuse-resistant encryption scheme ⓘ |
| abbreviation | SIV ⓘ |
| advantage | security maintained under nonce misuse ⓘ |
| authenticates |
associated data
ⓘ
ciphertext ⓘ nonce input ⓘ |
| belongsToField | cryptography ⓘ |
| belongsToSubfield | symmetric-key cryptography ⓘ |
| category | deterministic authenticated encryption ⓘ |
| comparedTo |
CCM mode
ⓘ
GCM mode ⓘ |
| constructionType | two-pass mode ⓘ |
| definedBy |
Phillip Rogaway
NERFINISHED
ⓘ
Thomas Shrimpton NERFINISHED ⓘ |
| designedFor |
general-purpose authenticated encryption
ⓘ
key wrap applications ⓘ |
| disadvantage |
higher computational cost than single-pass modes
ⓘ
requires two passes over data ⓘ |
| encrypts | plaintext ⓘ |
| firstPassOperation | MAC computation to derive synthetic IV ⓘ |
| fullName | Synthetic Initialization Vector mode ⓘ |
| hasVariant |
AES-GCM-SIV
ⓘ
AES-SIV NERFINISHED ⓘ |
| isDeterministic | true ⓘ |
| primaryGoal |
authenticated encryption with associated data
ⓘ
robustness against nonce reuse ⓘ |
| providesProperty |
authenticity
ⓘ
confidentiality ⓘ integrity ⓘ nonce-misuse resistance ⓘ |
| publicationTitle | Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem NERFINISHED ⓘ |
| resists |
accidental nonce repetition
ⓘ
nonce reuse attacks ⓘ |
| secondPassOperation | counter-mode encryption using synthetic IV ⓘ |
| securityModel | provable security under standard assumptions ⓘ |
| standardizedIn | RFC 5297 NERFINISHED ⓘ |
| supportsAssociatedData | true ⓘ |
| supportsRandomNonce | false ⓘ |
| typicalUnderlyingCipher | AES NERFINISHED ⓘ |
| usedIn | protocols requiring robust AEAD under misuse conditions ⓘ |
| usesConcept | synthetic initialization vector ⓘ |
| usesPrimitive |
MAC
ⓘ
block cipher ⓘ pseudo-random function ⓘ |
| vulnerableIf | MAC or PRF primitive is broken ⓘ |
| yearStandardized | 2008 ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.