A Leakage Resilient MAC

We put forward the first practical message authentication code MAC which is provably secure against continuous leakage under the Only Computation Leaks Information OCLI assumption. Within the context of continuous leakage, we introduce a novel modular proof technique: while most previous schemes are proven secure directly in the face of leakage, we reduce the leakage security of our scheme to its non-leakage security. This modularity, while known in other contexts, has two advantages: it makes it clearer which parts of the proof rely on which assumptions i.e. whether a given assumption is needed for the leakage or the non-leakage security and it also means that, if the security of the non-leakage version is improved, the security in the face of leakage is improved 'for free'. We conclude the paper by discussing implementations; one on a popular core for embedded systems the ARM Cortex-M4 and one on a high end processor Intel i7, and investigate some performance and security aspects.

[1]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[2]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[3]  Ingrid Verbauwhede,et al.  Theory and Practice of a Leakage Resilient Masking Scheme , 2012, ASIACRYPT.

[4]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[5]  François-Xavier Standaert,et al.  Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices , 2010, AFRICACRYPT.

[6]  Jovan Dj. Golic,et al.  Multiplicative Masking and Power Analysis of AES , 2002, CHES.

[7]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[8]  Yacov Yacobi,et al.  A Note on the Bilinear Diffie-Hellman Assumption , 2002, IACR Cryptol. ePrint Arch..

[9]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[10]  Paulo S. L. M. Barreto,et al.  A family of implementation-friendly BN elliptic curves , 2011, J. Syst. Softw..

[11]  Srinivas Vivek,et al.  A Practical Leakage-Resilient Signature Scheme in the Generic Group Model , 2012, Selected Areas in Cryptography.

[12]  Igor E. Shparlinski,et al.  The Insecurity of the Digital Signature Algorithm with Partially Known Nonces , 2002, Journal of Cryptology.

[13]  Pierre-Alain Fouque,et al.  Leakage-Resilient Symmetric Encryption via Re-keying , 2013, CHES.

[14]  Stefan A. Brands,et al.  An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[15]  Carmit Hazay,et al.  Leakage-Resilient Cryptography from Minimal Assumptions , 2015, Journal of Cryptology.

[16]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[17]  Hongda Li,et al.  Efficient Leakage-Resilient Signature Schemes in the Generic Bilinear Group Model , 2014, ISPEC.

[18]  François-Xavier Standaert,et al.  Leakage-Resilient Symmetric Cryptography Under Empirically Verifiable Assumptions , 2013, IACR Cryptol. ePrint Arch..

[19]  Eike Kiltz,et al.  Leakage Resilient ElGamal Encryption , 2010, ASIACRYPT.

[20]  V. Nechaev Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[21]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[22]  Yevgeniy Dodis,et al.  Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks , 2010, CRYPTO.

[23]  Johannes Blömer,et al.  Improved Side Channel Attacks on Pairing Based Cryptography , 2013, COSADE.

[24]  Denis Flandre,et al.  A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices , 2011, EUROCRYPT.

[25]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[26]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[27]  Sebastian Faust,et al.  Practical Leakage-Resilient Symmetric Cryptography , 2012, CHES.

[28]  Srinivas Vivek,et al.  Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives , 2015, CCS.

[29]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[30]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[31]  Igor E. Shparlinski,et al.  The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces , 2003, Des. Codes Cryptogr..

[32]  Michael Tunstall,et al.  Simulatable Leakage: Analysis, Pitfalls, and New Constructions , 2014, ASIACRYPT.

[33]  Don Coppersmith,et al.  Finding a Small Root of a Univariate Modular Equation , 1996, EUROCRYPT.

[34]  Joachim Schipper,et al.  Leakage-resilient authentication. , 2011 .

[35]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[36]  Zhe Liu,et al.  Implementation and Evaluation of a Leakage-Resilient ElGamal Key Encapsulation Mechanism , 2014, IACR Cryptol. ePrint Arch..

[37]  Michael Scott,et al.  Exponentiation in Pairing-Friendly Groups Using Homomorphisms , 2008, Pairing.

[38]  Mehdi Tibouchi,et al.  Indifferentiable Hashing to Barreto-Naehrig Curves , 2012, LATINCRYPT.

[39]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[40]  Ueli Maurer,et al.  Abstract Models of Computation in Cryptography , 2005, IMACC.