Cryptology ePrint Archive: Report 2017/717

Fault Attacks on XEX Mode with Application to certain Authenticated Encryption Modes

Hassan Qahur Al Mahri and Leonie Simpson and Harry Bartlett and Ed Dawson and Kenneth Koon-Ho Wong

Abstract: The XOR-Encrypt-XOR (XEX) block cipher mode was introduced by Rogaway in 2004. XEX mode uses nonce-based secret masks $(L)$ that are distinct for each message. The existence of secret masks in XEX mode prevents the application of conventional fault attack techniques, such as differential fault analysis. This work investigates other types of fault attacks against XEX mode that either eliminate the effect of the secret masks or retrieve their values. Either of these outcomes enables existing fault attack techniques to then be applied to recover the secret key. To estimate the success rate and feasibility, we ran simulations for ciphertext-only fault attacks against 128-bit AES in XEX mode. The paper discusses also the relevance of the proposed fault attacks to certain authenticated encryption modes based on XEX, such as OCB2, OTR, COPA, SHELL and ElmD. Finally, we suggest effective countermeasures to provide resistance to these fault attacks.

Category / Keywords: secret-key cryptography / side channel analysis, fault attack, authenticated encryption, block cipher mode, XEX

Original Publication (in the same form): Springer International Publishing AG 2017

Date: received 24 Jul 2017

Contact author: hassan mahri at hdr qut edu au

Available format(s): PDF | BibTeX Citation

Version: 20170727:181450 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]