Advertisement

Reducing the Cost of Authenticity with Leakages: a \(\mathsf {CIML2}\)-Secure \(\mathsf {AE}\) Scheme with One Call to a Strongly Protected Tweakable Block Cipher

  • Francesco BertiEmail author
  • Olivier Pereira
  • François-Xavier Standaert
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11627)

Abstract

This paper presents \(\mathsf {CONCRETE}\) (\(Commit-Encrypt-Send-the-Key\)) a new Authenticated Encryption mode that offers \(\mathsf {CIML2}\) security, that is, ciphertext integrity in the presence of nonce misuse and side-channel leakages in both encryption and decryption.

\(\mathsf {CONCRETE}\) improves on a recent line of works aiming at leveled implementations, which mix a strongly protected and energy demanding implementation of a single component, and other weakly protected and much cheaper components. Here, these components all implement a tweakable block cipher \(\mathsf {TBC}\).

\(\mathsf {CONCRETE}\) requires the use of the strongly protected \(\mathsf {TBC}\) only once while supporting the leakage of the full state of the weakly protected components – it achieves \(\mathsf {CIML2}\) security in the so-called unbounded leakage model.

All previous works need to use the strongly protected implementation at least twice. As a result, for short messages whose encryption and decryption energy costs are dominated by the strongly protected component, we halve the cost of a leakage-resilient implementation. \(\mathsf {CONCRETE}\) additionally provides security when unverified plaintexts are released, and confidentiality in the presence of simulatable leakages in encryption and decryption.

Keywords

Leakage-resilience Authenticated encryption Leveled implementation Ciphertext integrity with misuse and leakage (CIML2) 

Notes

Acknowledgments

François-Xavier Standaert is a senior research associate of the Belgian Fund for Scientific Research (F.R.S.-FNRS). This work has been funded in parts by the European Union (EU) and the Walloon Region through the FEDER project USERMedia (convention number 501907-379156) and the ERC project SWORD (convention number 724725).

References

  1. 1.
    Albrecht, M.R., Paterson, K.G.: Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part I. LNCS, vol. 9665, pp. 622–643. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49890-3_24CrossRefGoogle Scholar
  2. 2.
    Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: How to securely release unverified plaintext in authenticated encryption. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 105–125. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_6CrossRefzbMATHGoogle Scholar
  3. 3.
    Ashur, T., Dunkelman, O., Luykx, A.: Boosting authenticated encryption robustness with minimal modifications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 3–33. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63697-9_1CrossRefGoogle Scholar
  4. 4.
    Barwell, G., Martin, D.P., Oswald, E., Stam, M.: Authenticated encryption in the face of protocol and side channel leakage. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 693–723. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70694-8_24CrossRefzbMATHGoogle Scholar
  5. 5.
    Barwell, G., Page, D., Stam, M.: Rogue decryption failures: reconciling AE robustness notions. In: Groth, J. (ed.) IMACC 2015. LNCS, vol. 9496, pp. 94–111. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-27239-9_6CrossRefGoogle Scholar
  6. 6.
    Bellare, M.: Symmetric ecryption revised. Technical report (2018). https://spotniq.files.wordpress.com/2018/07/spotniq18-se-revisited.pdf
  7. 7.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0055718CrossRefGoogle Scholar
  8. 8.
    Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44448-3_41CrossRefGoogle Scholar
  9. 9.
    Bellizia, D., Berti, F., Bronchain, O., Cassiers, G., Duval, S., Guo, C., Leander, G., Leurent, G., Levi, I., Momin, C., Pereira, O., Peters, T., Standaert, F.-X., Wiemer, F.: Spook: sponge-based leakage-resilient authenticated encryption with a masked tweakable block cipher (2019). https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/Spook-spec.pdf
  10. 10.
    Berti, F., Guo, C., Pereira, O., Peters, T., Standaert, F.-X.: TEDT, a leakage-resilient AEAD mode for high (physical) security applications. Cryptology ePrint Archive, Report 2019/137 (2019)Google Scholar
  11. 11.
    Berti, F., Koeune, F., Pereira, O., Peters, T., Standaert, F.-X.: Ciphertext integrity with misuse and leakage: definition and efficient constructions with symmetric primitives. In: AsiaCCS 2018, pp. 37–50 (2018)Google Scholar
  12. 12.
    Berti, F., Pereira, O., Peters, T.: Reconsidering generic composition: the tag-then-encrypt case. In: Chakraborty, D., Iwata, T. (eds.) INDOCRYPT 2018. LNCS, vol. 11356, pp. 70–90. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-05378-9_4CrossRefGoogle Scholar
  13. 13.
    Berti, F., Pereira, O., Peters, T., Standaert, F.-X.: On leakage-resilient authenticated encryption with decryption leakages. IACR Transactions on Symmetric Cryptology 2017(3), pp. 271–293 (2017)Google Scholar
  14. 14.
    Berti, F., Pereira, O., Standaert, F.-X.: Reducing the cost of authenticity with leakages: a CIML2-secure AE scheme with one call to a strongly protected tweakable block cipher. Cryptology ePrint Archive, Report 2019/451 (2019).https://eprint.iacr.org/2019/451
  15. 15.
    Bertoni, G., Daemen, J., Peters, M., Van Assche, G., Van Keer, R.: CAESAR submission: Ketje v2. Technical report (2016)Google Scholar
  16. 16.
    Dobraunig, C., Eichlseder, M., Mangard, S., Mendel, F., Unterluggauer, T.: ISAP - towards side-channel secure authenticated encryption. Transactions on Symmetric Cryptology 2017(1), pp. 80–105 (2017)Google Scholar
  17. 17.
    Dobraunig, C., Mennink, B.: Leakage resilience of the duplex construction. IACR Cryptology ePrint Archive 2019, p. 225 (2019)Google Scholar
  18. 18.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS 2008, pp. 293–302 (2008)Google Scholar
  19. 19.
    Goudarzi, D., Rivain, M.: How fast can higher-order masking be in software? In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 567–597. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56620-7_20CrossRefzbMATHGoogle Scholar
  20. 20.
    Guo, C., Pereira, O., Peters, T., Standaert, F.-X.: Leakage-resilient authenticated encryption with misuse in the leveled leakage setting: Definitions, separation results, and constructions. Cryptology ePrint Archive, Report 2018/484 (2018)Google Scholar
  21. 21.
    Guo, C., Pereira, O., Peters, T., Standaert, F.-X.: Towards lightweight side-channel security and the leakage-resilience of the duplex sponge (2019)Google Scholar
  22. 22.
    Hirose, S.: Some plausible constructions of double-block-length hash functions. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 210–225. Springer, Heidelberg (2006).  https://doi.org/10.1007/11799313_14CrossRefGoogle Scholar
  23. 23.
    IETF: The transport layer security (TLS) protocol version 1.3 draft-ietf-tls-tls13-28. Technical report (2018). https://tools.ietf.org/html/draft-ietf-tls-tls13-28
  24. 24.
    Journault, A., Standaert, F.-X.: Very high order masking: efficient implementation and security evaluation. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 623–643. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66787-4_30CrossRefGoogle Scholar
  25. 25.
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. CRC Press, Boca Raton (2014)zbMATHGoogle Scholar
  26. 26.
    Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44706-7_20CrossRefzbMATHGoogle Scholar
  27. 27.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_25CrossRefGoogle Scholar
  28. 28.
    Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45708-9_3CrossRefGoogle Scholar
  29. 29.
    Longo, J., De Mulder, E., Page, D., Tunstall, M.: SoC it to EM: electromagnetic side-channel attacks on a complex system-on-chip. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 620–640. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48324-4_31CrossRefGoogle Scholar
  30. 30.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks. Springer, Boston, MA (2007).  https://doi.org/10.1007/978-0-387-38162-6CrossRefzbMATHGoogle Scholar
  31. 31.
    Mangard, S., Oswald, E., Standaert, F.-X.: One for all - all for one: unifying standard differential power analysis attacks. IET Inf. Secur. 5(2), 100–110 (2011)CrossRefGoogle Scholar
  32. 32.
    Pereira, O., Standaert, F.-X., Vivek, S.: Leakage-resilient authentication and encryption from symmetric cryptographic primitives. In: ACM CCS 2015, pp. 96–108 (2015)Google Scholar
  33. 33.
    Standaert, F.-X., Pereira, O., Yu, Y.: Leakage-resilient symmetric cryptography under empirically verifiable assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 335–352. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_19CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Francesco Berti
    • 1
    Email author
  • Olivier Pereira
    • 1
  • François-Xavier Standaert
    • 1
  1. 1.ICTEAM/ELEN/Crypto GroupUniversité catholique de LouvainLouvain-la-NeuveBelgium

Personalised recommendations