McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes
On-Line Authenticated Encryption (OAE) combines privacy with data integrity and is on-line computable. Most block cipher-based schemes for Authenticated Encryption can be run on-line and are provably secure against nonce-respecting adversaries. But they fail badly for more general adversaries. This is not a theoretical observation only - in practice, the reuse of nonces is a frequent issue1. In recent years, cryptographers developed misuse resistant schemes for Authenticated Encryption. These guarantee excellent security even against general adversaries which are allowed to reuse nonces. Their disadvantage is that encryption can be performed in an off-line way, only. This paper introduces a nw family of OAE schemes - called McOE - dealing both with nonce-respecting and with general adversaries.