Revisiting the Security of COMET Authenticated Encryption Scheme

Shay Gueron, Ashwin Jha, Mridul Nandi

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


COMETv1, by Gueron, Jha and Nandi, is a mode of operation for nonce-based authenticated encryption with associated data functionality. It was one of the second round candidates in the ongoing NIST Lightweight Cryptography Standardization Process. In this paper, we study a generalized version of COMETv1, that we call gCOMET, from provable security perspective. First, we present a comprehensive and complete security proof for gCOMET in the ideal cipher model. Second, we view COMET, the underlying mode of operation in COMETv1, as an instantiation of gCOMET, and derive its concrete security bounds. Finally, we propose another instantiation of gCOMET, dubbed COMETv2, and show that this version achieves better security guarantees as well as memory-efficient implementations as compared to COMETv1.

Original languageAmerican English
Title of host publicationProgress in Cryptology – INDOCRYPT 2021 - 22nd International Conference on Cryptology in India, 2021, Proceedings
EditorsAvishek Adhikari, Ralf Küsters, Bart Preneel
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages23
ISBN (Print)9783030925178
StatePublished - 2021
Event22nd International Conference on Cryptology in India, INDOCRYPT 2021 - Jaipur, India
Duration: 12 Dec 202115 Dec 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13143 LNCS


Conference22nd International Conference on Cryptology in India, INDOCRYPT 2021


  • AEAD
  • ICM
  • Lightweight
  • Provable security
  • Rekeying

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Revisiting the Security of COMET Authenticated Encryption Scheme'. Together they form a unique fingerprint.

Cite this