EAX mode

The EAX mode is the term for a mode of operation for cryptographic block ciphers.

Development

It is an authenticated encryption mode with associated data (Authenticated Encryption with Associated Data ( AEAD ) ), which was developed to allow both authentication and confidentiality of messages (so-called authenticated encryption). This is achieved with two passes per block: a passage for secrecy and a passage for authentication. The EAX mode was filed on October 3, 2003 on standardization in the NIST to replace there the CCM mode as the default AEAD mode because this different properties are missing and it is more complex than EAX.

Encryption and Authentication

EAX is a flexible scheme for nonce -use AEAD which is carried out in two batches, either needs to block cipher used is currently the block size, and at the same time permits a message of any length. The size of the generated authentication Annex can be chosen arbitrarily to the block size. The block cipher is used in the underlying CTR mode for encryption and then as OMAC for authentication. Both steps are carried out for each block, and combined with the method described in the standard. The type of merge can be seen as a specialization of the more general " EAX2 method", which is described for the proof of security in the underlying paper "The EAX Mode of Operation".

The reference implementation in the submission will use AES as a block cipher, so that the EAX mode is often regarded as a mode of AES, but basically it is independent.

Performance

In that EAX makes two passes for each block, it is slower than other AEAD methods which require only one cycle. Nevertheless, EAX has several useful properties:

  • Proven security based on the security of the underlying block cipher
  • No enlargement of the message until the authentication Annex, which must also be transferred
  • Because the encryption only uses the CTR mode of block cipher, the implementation may, in certain cases turn out easier, which is especially useful for hardware implementations
  • The mode is "online", so it can be used for data streams of unknown length, without consuming more than constant storage
  • In addition to the encrypted message, additional data can be authenticated, which may be used, for example, session parameters or meta

The CCM mode, the EAX is intended to replace, in particular does not have the last two points above.

Patent situation

The inventors of the EAX mode, Mihir Bellare, Phillip Rogaway, and David Wagner have made ​​and announced that they are no patents known to cover the mode their proposal available to the public. Therefore, it is assumed that the EAX mode is patent -free and freely usable.

Block cipher mode of operation Cryptographic nonce
252025
de