Abstract:
The Russian standardized AEAD-mode MGM allows using a single master-key for both encryption and authentication of data, which may be convenient in some practical applications. However, the GOST 34.13-2018 technical standard (Update 1) does not provide any means to employ key rotation, which limits the permitted amount of data blocks processed with the same key. We propose a simple modification to MGM which enables the use of a key derivation function for deriving keys for each message section, and provide security proof for its authentity property. The proposed changes do not require any modifications to the original scheme, which enables the benefits from well-known security bounds of the underlying mode.
Fulltext:
PDF file (915 kB)