Efficient Side-Channel Secure Message Authentication with Better Bounds release_4w3r7qxee5bhvdglob6zqcij2q

by Chun Guo, François-Xavier Standaert, Weijia Wang, Yu Yu

Published in IACR Transactions on Symmetric Cryptology by Universitatsbibliothek der Ruhr-Universitat Bochum.

2020   p23-53

Abstract

We investigate constructing message authentication schemes from symmetric cryptographic primitives, with the goal of achieving security when most intermediate values during tag computation and verification are leaked (i.e., mode-level leakage-resilience). Existing efficient proposals typically follow the plain Hash-then-MAC paradigm T = TGenK(H(M)). When the domain of the MAC function TGenK is {0, 1}128, e.g., when instantiated with the AES, forgery is possible within time 264 and data complexity 1. To dismiss such cheap attacks, we propose two modes: LRW1-based Hash-then-MAC (LRWHM) that is built upon the LRW1 tweakable blockcipher of Liskov, Rivest, and Wagner, and Rekeying Hash-then-MAC (RHM) that employs internal rekeying. Built upon secure AES implementations, LRWHM is provably secure up to (beyond-birthday) 278.3 time complexity, while RHM is provably secure up to 2121 time. Thus in practice, their main security threat is expected to be side-channel key recovery attacks against the AES implementations. Finally, we benchmark the performance of instances of our modes based on the AES and SHA3 and confirm their efficiency.
In application/xml+jats format

Archived Files and Locations

application/pdf  924.4 kB
file_dokelezrgra75bgfefxogfyuxu
tosc.iacr.org (publisher)
web.archive.org (webarchive)
Read Archived PDF
Preserved and Accessible
Type  article-journal
Stage   published
Date   2020-01-31
Container Metadata
Open Access Publication
In DOAJ
Not in Keepers Registry
ISSN-L:  2519-173X
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: 1d81a666-4ac6-47b0-966a-cea0fa5eaf0b
API URL: JSON