In many cryptographic protocols, a common-key encryption is used to provide a secure data-transmission channel. More precisely, the general idea of protocols is to have an encryption provide data authenticity as well as data confidentiality. In fact, there are known to be quite a few ways to provide both forms of security, however none of them are optimized enough to be efficient. We present a new encryption mode that uses a random number generator (RNG). Assuming the security of the RNG, we can prove not only perfect secrecy, but also message authentication. The proven probability of a successful forgery is (n-1)/(2b-1), where b is the number of bits in a block and n is the number of ciphertext blocks. The proposed scheme achieves very high practicality due to the potential advantages in efficiency. When we use a computationally secure RNG, such as instance a pseudorandom number generator PRNG, we have advantages in efficiency; in addition to the PRNG parallel computation, the scheme requires only a single-path process on the data stream so that even a limited hardware resource can operate an encryption of a very long data stream. We demonstrate the practicality of our scheme, by showing a realistic parameter set and the evaluations of its performance.

We present a new keystream generator (KSG) MUGI, which is a variant of PANAMA proposed at FSE '98. MUGI has a 128-bit secret key and a 128-bit initial vector as parameters and generates a 64-bit string per round. The design is particularly suited for efficient hardware implementations, but the software performance of MUGI is excellent as well. A speed optimized implementation in hardware achieves about 3 Gbps with 26 Kgates, which is several times faster than AES. On the other hand, the security of MUGI has been evaluated by analyzing the applicability of re-synchronization attacks, related-key attacks, and attacks that exploit the linear correlation of an output sequence. Our analysis confirms that MUGI is a secure KSG.

SOBER-128 is a stream cipher designed by Rose and Hawkes in 2003. It can be also used for generating Message Authentication Codes (MACs) and an authenticated encryption. The developers claimed that it is difficult to forge MACs generated by both functions of SOBER-128, though, the security assumption in the proposal paper is not realistic in some instances. In this paper, we examine the security of these message authentication mechanisms of SOBER-128 under security channel model. As a result, we show that both a MAC generation and an authenticated encryption are vulnerable against differential cryptanalysis. The success probabilities of the MAC forgery attack are estimated at 2-6 and 2-27 respectively. In addition, we show that some secret bits are revealed if a key is used many times.