Paper 2019/451

Reducing the Cost of Authenticity with Leakages: a CIML2-Secure AE Scheme with One Call to a Strongly Protected Tweakable Block Cipher

Francesco Berti, Olivier Pereira, and François-Xavier Standaert

Abstract

This paper presents CONCRETE (Commit-Encrypt-Send-the-Key) a new Authenticated Encryption mode that offers CIML2 security, that is, ciphertext integrity in the presence of nonce misuse and side-channel leakages in both encryption and decryption. CONCRETE improves on a recent line of works aiming at leveled implementations, which mix a strongly protected and energy demanding implementation of a single component, and other weakly protected and much cheaper components. Here, these components all implement a tweakable block cipher TBC. CONCRETE requires the use of the strongly protected TBC only once while supporting the leakage of the full state of the weakly protected components -- it achieves CIML2 security in the so-called unbounded leakage model. All previous works need to use the strongly protected implementation at least twice. As a result, for short messages whose encryption and decryption energy costs are dominated by the strongly protected component, we halve the cost of a leakage-resilient implementation. CONCRETE additionally provides security when unverified plaintexts are released, and confidentiality in the presence of simulatable leakages in encryption and decryption.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Major revision. Africacrypt 2019
Keywords
Leakage-resilienceauthenticated encryptionleveled implementation
Contact author(s)
francesco berti @ uclouvain be
History
2019-05-08: received
Short URL
https://ia.cr/2019/451
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/451,
      author = {Francesco Berti and Olivier Pereira and François-Xavier Standaert},
      title = {Reducing the Cost of Authenticity with Leakages: a CIML2-Secure AE Scheme with One Call to a Strongly Protected Tweakable Block Cipher},
      howpublished = {Cryptology ePrint Archive, Paper 2019/451},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/451}},
      url = {https://eprint.iacr.org/2019/451}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.