Title OCFB: Output Ciphertext Feedback Mode\\ Authenticated Encryption Without a Block Cipher
Abstract: We introduce the first authenticated encryption scheme based on a hash function, called OFCB. This research has been motivated by the challenge to fit secure cryptography into constrained devices -- some of these devices have to use a hash function, anyway, and the challenge is to avoid the usage of an additional block cipher to provide authenticated encryption. The OFCB scheme satisfies the common security requirements regarding authenticated encryption, i.e., IND-CPA and INT-CTXT security. Beyond that, it provides the following additional security features: resistance against side-channel attacks and misuse-resistance. It also support failure-friendly authentication under reasonable assumptions.