Cryptology ePrint Archive: Report 2013/292

A Leakage Resilient MAC

Daniel P. Martin and Elisabeth Oswald and Martijn Stam and Marcin Wojcik

Abstract: We put forward the first practical message authentication code (MAC) which is provably secure against continuous leakage under the Only Computation Leaks Information (OCLI) assumption. We introduce a novel, modular proof technique: while most previous schemes are proven secure directly in the face of leakage, we reduce the (leakage) security of our scheme to its non-leakage security. This modularity, while known in other contexts, has two advantages: it makes it clearer which parts of the proof rely on which assumptions (i.e. whether a given assumption is needed for the leakage or the non-leakage security) and it also means that, if the security of the non-leakage version is improved, the security in the face of leakage is improved ‘for free’. We feel that this is an advantageous proof technique, providing a better understanding of the scheme’s security properties. In practice, we envisage that our scheme would be implemented using pairings on some pairing-friendly elliptic curve, where the ‘leakiness’ of the group operation can be experimentally estimated. We conclude the paper by discussing implementations; one on a popular core for embedded systems (the ARM Cortex-M4) and one on a high end processor (Intel i7), and investigate some performance and security aspects.

Category / Keywords: secret-key cryptography / message authentication code, leakage resilient, side channel analysis

Date: received 16 May 2013, last revised 10 Jul 2015

Contact author: Elisabeth Oswald at bristol ac uk

Available format(s): PDF | BibTeX Citation

Note: Added results after implementing the scheme

Version: 20150710:122652 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]