Cryptology ePrint Archive: Report 2020/1019
Security of Streaming Encryption in Google's Tink Library
Viet Tung Hoang and Yaobin Shen
Abstract: We analyze the multi-user security of the streaming encryption in Google's Tink library
via an extended version of the framework of nonce-based online authenticated encryption of Hoang et al. (CRYPTO'15) to support random-access decryption. We show that Tink's design choice of using random nonces and a nonce-based key-derivation function indeed improves the concrete security bound. We then give two better alternatives that are more robust against randomness failure. In addition, we show how to efficiently instantiate the key-derivation function via AES, instead of relying on HMAC-SHA256 like the current design in Tink. To accomplish this we give a multi-user analysis of the XOR-of-permutation construction of Bellare, Krovetz, and Rogaway (EUROCRYPT'98).
Category / Keywords: secret-key cryptography / Online AE; streaming encryption; Google's Tink library
Original Publication (with minor differences): ACM CCS 2020
Date: received 23 Aug 2020
Contact author: tvhoang at cs fsu edu
Available format(s): PDF | BibTeX Citation
Version: 20200827:022607 (All versions of this report)
Short URL: ia.cr/2020/1019
[ Cryptology ePrint archive ]