Authenticated Encryption in the Face of Protocol and Side Channel Leakage

Authenticated encryption schemes in practice have to be robust against adversaries that have access to various types of leakage, for instance decryption leakage on invalid ciphertexts (protocol leakage), or leakage on the underlying primitives (side channel leakage). This work includes several novel contributions: we augment the notion of nonce-base authenticated encryption with the notion of continuous leakage and we prove composition results in the face of protocol and side channel leakage. Moreover, we show how to achieve authenticated encryption that is simultaneously both misuse resistant and leakage resilient, based on a sufficiently leakage resilient PRF, and finally we propose a concrete, pairing-based instantiation of the latter.

[1]  Denis Flandre,et al.  A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices , 2011, EUROCRYPT.

[2]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[3]  Andrey Bogdanov,et al.  How to Securely Release Unverified Plaintext in Authenticated Encryption , 2014, ASIACRYPT.

[4]  Kenneth G. Paterson,et al.  On Symmetric Encryption with Distinguishable Decryption Failures , 2013, FSE.

[5]  Moti Yung,et al.  Practical leakage-resilient pseudorandom generators , 2010, CCS '10.

[6]  Douglas Stebila,et al.  A Formal Security Analysis of the Signal Messaging Protocol , 2017, Journal of Cryptology.

[7]  Carmit Hazay,et al.  Leakage-Resilient Cryptography from Minimal Assumptions , 2013, EUROCRYPT.

[8]  Michael Tunstall,et al.  Simulatable Leakage: Analysis, Pitfalls, and New Constructions , 2014, ASIACRYPT.

[9]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[10]  Yevgeniy Dodis,et al.  Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks , 2010, CRYPTO.

[11]  Mihir Bellare,et al.  Big-Key Symmetric Encryption: Resisting Key Exfiltration , 2016, CRYPTO.

[12]  Phillip Rogaway,et al.  Robust Authenticated-Encryption AEZ and the Problem That It Solves , 2015, EUROCRYPT.

[13]  Srinivas Vivek,et al.  A Practical Leakage-Resilient Signature Scheme in the Generic Group Model , 2012, Selected Areas in Cryptography.

[14]  Thomas Peters,et al.  Leakage-Resilient and Misuse-Resistant Authenticated Encryption , 2016, IACR Cryptol. ePrint Arch..

[15]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[16]  Kaoru Kurosawa,et al.  Leakage Resilient IBE and IPE under the DLIN Assumption , 2013, ACNS.

[17]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[18]  Pierre-Alain Fouque,et al.  Side-Channel Analysis of Multiplications in GF(2128) - Application to AES-GCM , 2014, ASIACRYPT.

[19]  Thomas Shrimpton,et al.  A Modular Framework for Building Variable-Input-Length Tweakable Ciphers , 2013, ASIACRYPT.

[20]  Shengli Liu,et al.  Leakage-Flexible CCA-secure Public-Key Encryption: Simple Construction and Free of Pairing , 2014, Public Key Cryptography.

[21]  Phillip Rogaway,et al.  Authenticated-encryption with associated-data , 2002, CCS '02.

[22]  Joachim Schipper,et al.  Leakage-resilient authentication. , 2011 .

[23]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[24]  Ueli Maurer,et al.  Abstract Models of Computation in Cryptography , 2005, IMACC.

[25]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[26]  Daniel J. Bernstein,et al.  Elligator: elliptic-curve points indistinguishable from uniform random strings , 2013, IACR Cryptol. ePrint Arch..

[27]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[28]  Eike Kiltz,et al.  Leakage Resilient ElGamal Encryption , 2010, ASIACRYPT.

[29]  V. Nechaev Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[30]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode of Operation (Full Version) , 2004, IACR Cryptol. ePrint Arch..

[31]  Kenneth G. Paterson,et al.  Data Is a Stream: Security of Stream-Based Channels , 2015, CRYPTO.

[32]  Phillip Rogaway,et al.  Nonce-Based Symmetric Encryption , 2004, FSE.

[33]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[34]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[35]  François-Xavier Standaert,et al.  Leakage-Resilient Symmetric Cryptography Under Empirically Verifiable Assumptions , 2013, IACR Cryptol. ePrint Arch..

[36]  Kenneth G. Paterson,et al.  Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation , 2012, IACR Cryptol. ePrint Arch..

[37]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[38]  Kenneth G. Paterson,et al.  Padding Oracle Attacks on CBC-Mode Encryption with Secret and Random IVs , 2005, FSE.

[39]  Srinivas Vivek,et al.  Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives , 2015, CCS.

[40]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[41]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[42]  Elisabeth Oswald,et al.  A Leakage Resilient MAC , 2015, IMACC.

[43]  Ahmad-Reza Sadeghi,et al.  Optimized Self-Synchronizing Mode of Operation , 2001, FSE.

[44]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[45]  Sebastian Faust,et al.  Practical Leakage-Resilient Symmetric Cryptography , 2012, CHES.

[46]  Thomas Shrimpton,et al.  Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem , 2006, IACR Cryptol. ePrint Arch..

[47]  Kenneth G. Paterson,et al.  Limits on Authenticated Encryption Use in TLS , 2024, IACR Cryptol. ePrint Arch..

[48]  Jens Groth,et al.  Cryptography and Coding , 2015, Lecture Notes in Computer Science.

[49]  Chanathip Namprempre,et al.  Reconsidering Generic Composition , 2014, IACR Cryptol. ePrint Arch..

[50]  Yael Tauman Kalai,et al.  On cryptography with auxiliary input , 2009, STOC '09.

[51]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[52]  Mehdi Tibouchi,et al.  Binary Elligator Squared , 2014, IACR Cryptol. ePrint Arch..

[53]  Martijn Stam,et al.  Rogue Decryption Failures: Reconciling AE Robustness Notions , 2015, IMACC.

[54]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.