Paper 2009/358
MAC Precomputation with Applications to Secure Memory
Juan A. Garay, Vladimir Kolesnikov, and Rae McLellan
Abstract
We present ShMAC (Shallow MAC), a fixed input length message authentication code that performs most of the computation prior to the availability of the message. Specifically, ShMAC's message-dependent computation is much faster and smaller in hardware than the evaluation of a pseudorandom permutation (PRP), and can be implemented by a small shallow circuit, while its precomputation consists of one PRP evaluation. A main building block for ShMAC is the notion of strong differential uniformity (SDU), which we introduce, and which may be of independent interest. We present an efficient SDU construction built from previously considered differentially uniform functions. Our motivating application is a system architecture where a hardware-secured processor uses memory controlled by an adversary. We present in technical detail a novel, more efficient approach to encrypting and authenticating memory and discuss the associated trade-offs, while paying special attention to minimizing hardware costs and the reduction of DRAM latency.
Note: Added concrete analysis and updated references.
Metadata
- Available format(s)
-
PDF
- Category
- Foundations
- Publication info
- Published elsewhere. Major revision. ISC 2009
- DOI
- 10.1007/978-3-642-04474-8_34
- Keywords
- Message authentication code (MAC)MAC precomputationSystem on a Chiptamper-resistant hardware
- Contact author(s)
- kolesnikov @ research bell-labs com
- History
- 2015-09-08: revised
- 2009-07-21: received
- See all versions
- Short URL
- https://ia.cr/2009/358
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2009/358,
author = {Juan A. Garay and Vladimir Kolesnikov and Rae McLellan},
title = {{MAC} Precomputation with Applications to Secure Memory},
howpublished = {Cryptology {ePrint} Archive, Paper 2009/358},
year = {2009},
doi = {10.1007/978-3-642-04474-8_34},
url = {https://eprint.iacr.org/2009/358}
}
