Paper 2024/598

Decryption Indistinguishability under Chosen Control Flow

Ganyuan Cao, École Polytechnique Fédérale de Lausanne
Abstract

Security proofs for cryptographic primitives typically assume operations are executed in the correct sequence; however, insecure implementations or software-level attacks can disrupt control flows, potentially invalidating these guarantees. To address this issue, we introduce a new security notion, IND-CFA, which formalizes decryption security in the presence of adversarially controlled execution flows. Using this notion, we investigate the control flows under which a cryptographic scheme remains secure, providing insights into secure implementation practices. We revisit the Encrypt-then-MAC paradigm, underscoring the crucial role of operation sequencing in ensuring the security of authenticated encryption schemes built using this method. Additionally, we provide a detailed analysis of the Encode-then-Encipher (EtE) paradigm, a widely adopted approach for constructing robust AE schemes, revealing its vulnerability to adversarial control flows that can enable attackers to infer low-entropy values in the presence of multiple failure conditions.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Decryption LeakageAdversarial Control FlowSecurity Proof
Contact author(s)
ganyuan cao @ epfl ch
History
2024-11-06: last of 15 revisions
2024-04-17: received
See all versions
Short URL
https://ia.cr/2024/598
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/598,
      author = {Ganyuan Cao},
      title = {Decryption Indistinguishability under Chosen Control Flow},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/598},
      year = {2024},
      url = {https://eprint.iacr.org/2024/598}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.