### Secret Can Be Public: Low-Memory AEAD Mode for High-Order Masking

##### Abstract

We propose a new AEAD mode of operation for an efficient countermeasure against side-channel attacks. Our mode achieves the smallest memory with high-order masking, by minimizing the states that are duplicated in masking. An $s$-bit key-dependent state is necessary for achieving $s$-bit security, and the conventional schemes always protect the entire $s$ bits with masking. We reduce the protected state size by introducing an unprotected state in the key-dependent state: we protect only a half and give another half to a side-channel adversary. Ensuring independence between the unprotected and protected states is the key technical challenge since mixing these states reveals the protected state to the adversary. We propose a new mode $\mathsf{HOMA}$ that achieves $s$-bit security using a tweakable block cipher with the $s/2$-bit block size. We also propose a new primitive for instantiating $\mathsf{HOMA}$ with $s=128$ by extending the SKINNY tweakable block cipher to a 64-bit plaintext block, a 128-bit key, and a $(256+3)$-bit tweak. We make hardware performance evaluation by implementing $\mathsf{HOMA}$ with high-order masking for $d \le 5$. For any $d > 0$, $\mathsf{HOMA}$ outperforms the current state-of-the-art $\mathsf{PFB\_Plus}$ by reducing the circuit area larger than that of the entire S-box.

Available format(s)
Category
Secret-key cryptography
Publication info
Published by the IACR in CRYPTO 2022
Keywords
Authenticated Encryption High-Order Masking Side-Channel Attack Mode of Operation Lightweight Cryptography
Contact author(s)
Naito Yusuke @ ce mitsubishielectric co jp
yu sasaki sk @ hco ntt co jp
sugawara @ uec ac jp
History
2022-06-23: approved
See all versions
Short URL
https://ia.cr/2022/812

CC BY

BibTeX

@misc{cryptoeprint:2022/812,
author = {Yusuke Naito and Yu Sasaki and Takeshi Sugawara},
title = {Secret Can Be Public: Low-Memory AEAD Mode for High-Order Masking},
howpublished = {Cryptology ePrint Archive, Paper 2022/812},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/812}},
url = {https://eprint.iacr.org/2022/812}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.