Paper 2017/717

Fault Attacks on XEX Mode with Application to certain Authenticated Encryption Modes

Hassan Qahur Al Mahri, Leonie Simpson, Harry Bartlett, Ed Dawson, and Kenneth Koon-Ho Wong

Abstract

The XOR-Encrypt-XOR (XEX) block cipher mode was introduced by Rogaway in 2004. XEX mode uses nonce-based secret masks $(L)$ that are distinct for each message. The existence of secret masks in XEX mode prevents the application of conventional fault attack techniques, such as differential fault analysis. This work investigates other types of fault attacks against XEX mode that either eliminate the effect of the secret masks or retrieve their values. Either of these outcomes enables existing fault attack techniques to then be applied to recover the secret key. To estimate the success rate and feasibility, we ran simulations for ciphertext-only fault attacks against 128-bit AES in XEX mode. The paper discusses also the relevance of the proposed fault attacks to certain authenticated encryption modes based on XEX, such as OCB2, OTR, COPA, SHELL and ElmD. Finally, we suggest effective countermeasures to provide resistance to these fault attacks.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Springer International Publishing AG 2017
DOI
10.1007/978-3-319-60055-0_15
Keywords
side channel analysisfault attackauthenticated encryptionblock cipher modeXEX
Contact author(s)
hassan mahri @ hdr qut edu au
History
2017-07-27: received
Short URL
https://ia.cr/2017/717
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/717,
      author = {Hassan Qahur Al Mahri and Leonie Simpson and Harry Bartlett and Ed Dawson and Kenneth Koon-Ho Wong},
      title = {Fault Attacks on XEX Mode with Application to certain Authenticated Encryption Modes},
      howpublished = {Cryptology ePrint Archive, Paper 2017/717},
      year = {2017},
      doi = {10.1007/978-3-319-60055-0_15},
      note = {\url{https://eprint.iacr.org/2017/717}},
      url = {https://eprint.iacr.org/2017/717}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.