Paper 2012/497

The low-call diet: Authenticated Encryption for call counting HSM users

Mike Bond, George French, Nigel P. Smart, and Gaven J. Watson

Abstract

We present a new mode of operation for obtaining authenticated encryption suited for use in banking and government environments where cryptographic services are only available via a Hardware Security Module (HSM) which protects the keys but offers a limited API. The practical problem is that despite the existence of better modes of operation, modern HSMs still provide nothing but a basic (unauthenticated) CBC mode of encryption, and since they mediate all access to the key, solutions must work around this. Our mode of operation makes only a single call to the HSM, yet provides a secure authenticated encryption scheme; authentication is obtained by manipulation of the plaintext being passed to the HSM via a call to an unkeyed hash function. The scheme offers a considerable performance improvement compared to more traditional authenticated encryption techniques which must be implemented using multiple calls to the HSM. Our new mode of operation is provided with a proof of security, on the assumption that the underlying block cipher used in the CBC mode is a strong pseudorandom permutation, and that the hash function is modelled as a random oracle.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. CT-RSA 2013
DOI
10.1007/978-3-642-36095-4_23
Contact author(s)
nigel @ cs bris ac uk
Mike Bond @ cryptomathic com
george french @ barclays com
gavenjwatson @ gmail com
History
2013-08-12: revised
2012-09-03: received
See all versions
Short URL
https://ia.cr/2012/497
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/497,
      author = {Mike Bond and George French and Nigel P.  Smart and Gaven J.  Watson},
      title = {The low-call diet: Authenticated Encryption for call counting  HSM users},
      howpublished = {Cryptology ePrint Archive, Paper 2012/497},
      year = {2012},
      doi = {10.1007/978-3-642-36095-4_23},
      note = {\url{https://eprint.iacr.org/2012/497}},
      url = {https://eprint.iacr.org/2012/497}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.