Paper 2016/952

ISAP -- Towards Side-Channel Secure Authenticated Encryption

Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, and Thomas Unterluggauer

Abstract

Side-channel attacks and in particular differential power analysis (DPA) attacks pose a serious threat to cryptographic implementations. One approach to counteract such attacks are cryptographic schemes based on fresh re-keying. In settings of pre-shared secret keys, such schemes render DPA attacks infeasible by deriving session keys and by ensuring that the attacker cannot collect side-channel leakage on the session key during cryptographic operations with different inputs. While these schemes can be applied to secure standard communication settings, current re-keying approaches are unable to provide protection in settings where the same input needs to be processed multiple times. In this work, we therefore adapt the re-keying approach and present a symmetric authenticated encryption scheme that is secure against DPA attacks and that does not have such a usage restriction. This means that our scheme fully complies with the requirements given in the CAESAR call and hence, can be used like other nonce-based authenticated encryption schemes without loss of side-channel protection. Its resistance against side-channel analysis is highly relevant for several applications in practice, like bulk storage settings in general and the protection of FPGA bitfiles and firmware images in particular.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in FSE 2017
Keywords
authenticated encryptionfresh re-keyingpassive side-channel attackssponge constructionpermutation-based construction
Contact author(s)
christoph dobraunig @ iaik tugraz at
History
2017-02-21: revised
2016-10-04: received
See all versions
Short URL
https://ia.cr/2016/952
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/952,
      author = {Christoph Dobraunig and Maria Eichlseder and Stefan Mangard and Florian Mendel and Thomas Unterluggauer},
      title = {ISAP -- Towards Side-Channel Secure Authenticated Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2016/952},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/952}},
      url = {https://eprint.iacr.org/2016/952}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.