Leakage-Resilient Authenticated Encryption from Leakage-Resilient Pseudorandom Functions

2021 ◽  
pp. 315-337
Author(s):  
Juliane Krämer ◽  
Patrick Struck
Keyword(s):  
Authenticated Encryption ◽  
Pseudorandom Functions ◽  
Leakage Resilient

scholarly journals Cryptanalysis of PMACx, PMAC2x, and SIVx

2017 ◽  
pp. 162-176
Author(s):  
Kazuhiko Minematsu ◽  
Tetsu Iwata
Keyword(s):  
Provable Security ◽  
Block Cipher ◽  
Query Complexity ◽  
Block Length ◽  
Encryption Scheme ◽  
Authenticated Encryption ◽  
Pseudorandom Functions ◽  
Tweakable Block Cipher ◽  
Deterministic Authenticated Encryption ◽  
Provably Secure

At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2n/2), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

RCB: leakage-resilient authenticated encryption via re-keying

2016 ◽  
Vol 74 (9) ◽  
pp. 4173-4198 ◽  
Author(s):  
Megha Agrawal ◽  
Tarun Kumar Bansal ◽  
Donghoon Chang ◽  
Amit Kumar Chauhan ◽  
Seokhie Hong ◽  
...  
Keyword(s):  
Authenticated Encryption ◽  
Leakage Resilient

scholarly journals Isap v2.0

2020 ◽  
pp. 390-416 ◽  
Author(s):  
Christoph Dobraunig ◽  
Maria Eichlseder ◽  
Stefan Mangard ◽  
Florian Mendel ◽  
Bart Mennink ◽  
...  
Keyword(s):  
Encryption Algorithm ◽  
Side Channel ◽  
Design Rationale ◽  
Authenticated Encryption ◽  
Lightweight Cryptography ◽  
Fault Attacks ◽  
Low Area ◽  
Constrained Environments ◽  
Leakage Resilient

We specify Isap v2.0, a lightweight permutation-based authenticated encryption algorithm that is designed to ease protection against side-channel and fault attacks. This design is an improved version of the previously published Isap v1.0, and offers increased protection against implementation attacks as well as more efficient implementations. Isap v2.0 is a candidate in NIST’s LightWeight Cryptography (LWC) project, which aims to identify and standardize authenticated ciphers that are well-suited for applications in constrained environments. We provide a self-contained specification of the new Isap v2.0 mode and discuss its design rationale. We formally prove the security of the Isap v2.0 mode in the leakage-resilient setting. Finally, in an extensive implementation overview, we show that Isap v2.0 can be implemented securely with very low area requirements. https://isap.iaik.tugraz.at

scholarly journals Improved Leakage-Resistant Authenticated Encryption based on Hardware AES Coprocessors

2021 ◽  
pp. 641-676
Author(s):  
Olivier Bronchain ◽  
Charles Momin ◽  
Thomas Peters ◽  
François-Xavier Standaert
Keyword(s):  
Encryption Scheme ◽  
Authenticated Encryption ◽  
Mode Of Operation ◽  
Secure Software ◽  
Software Updates ◽  
Leakage Resilient

We revisit Unterstein et al.’s leakage-resilient authenticated encryption scheme from CHES 2020. Its main goal is to enable secure software updates by leveraging unprotected (e.g., AES, SHA256) coprocessors available on low-end microcontrollers. We show that the design of this scheme ignores an important attack vector that can significantly reduce its security claims, and that the evaluation of its leakage-resilient PRF is quite sensitive to minor variations of its measurements, which can easily lead to security overstatements. We then describe and analyze a new mode of operation for which we propose more conservative security parameters and show that it competes with the CHES 2020 one in terms of performances. As an additional bonus, our solution relies only on AES-128 coprocessors, an

scholarly journals Close to Optimally Secure Variants of GCM

2018 ◽  
Vol 2018 ◽  
pp. 1-12
Author(s):  
Ping Zhang ◽  
Hong-Gang Hu ◽  
Qian Yuan
Keyword(s):  
Block Cipher ◽  
Positive Response ◽  
Block Size ◽  
Hybrid Technique ◽  
Authenticated Encryption ◽  
Pseudorandom Functions ◽  
Pseudorandom Permutation ◽  
Mode Of Operation ◽  
Universal Hash Function ◽  
Provably Secure

The Galois/Counter Mode of operation (GCM) is a widely used nonce-based authenticated encryption with associated data mode which provides the birthday-bound security in the nonce-respecting scenario; that is, it is secure up to about 2n/2 adversarial queries if all nonces used in the encryption oracle are never repeated, where n is the block size. It is an open problem to analyze whether GCM security can be improved by using some simple operations. This paper presents a positive response for this problem. Firstly, we introduce two close to optimally secure pseudorandom functions and derive their security bound by the hybrid technique. Then, we utilize these pseudorandom functions that we design and a universal hash function to construct two improved versions of GCM, called OGCM-1 and OGCM-2. OGCM-1 and OGCM-2 are, respectively, provably secure up to approximately 2n/67(n-1)2 and 2n/67 adversarial queries in the nonce-respecting scenario if the underlying block cipher is a secure pseudorandom permutation. Finally, we discuss the properties of OGCM-1 and OGCM-2 and describe the future works.

Sign in / Sign up

Export Citation Format

Share Document