Int-Rup Analysis Of Block-Cipher Based Authenticated Encryption Schemes

Authenticated encryption (AE) is a mechanism to provide privacy as well as integrity of a plaintext. In the decryption phase of an AE scheme, the plaintext corresponding to a ciphertext is released if the tag is verified. As AE can be implemented in low end devices like smart cards, one may be forced to release plaintext before verification. Andreeva et al. address the issue of releasing unverified plaintext and formalize it by the notion called INT-RUP. In this paper, we consider "rate-1" block-cipher based affine authenticated encryption mode and show a generic INT-RUP attack on this mode. Using this attack idea, we also present an INT-RUP attack on CPFB (rate 3/4). Then we present a variant of CPFB, called mCPFB (rate 3/4) which achieves INT-RUP security.