Resumen
We introduce a new AEAD mode ? an MGM2 mode. For this mode we provide security bounds regarding extended security notions in the nonce-misuse setting. Misuseresistance is crucial for applications for which there is no way to provide uniqueness of nonces. Moreover, this security property also provides additional protection against implementation errors, both accidental and adversarial. The MGM2 mode was developed basing on the MGM (Multilinear Galois Mode) mode that was standardized in the Russian Federation. The main cryptographic core of the construction, namely multilinear function, is not changed. For the new mode we change the way how secret masking blocks and secret coefficients of the multilinear function are produced, decreasing the probability of collision between block cipher inputs. We provide the security bounds for MGM2 in the MRAE-integrity and CPA-res models. The obtained bounds show that the developed mode provides better security properties regarding even extended security notions than the original MGM mode provides regarding base security notions (in the nonce-respecting setting).