Paper 2024/598
Decryption Indistinguishability under Chosen Control Flow
Abstract
Security proofs for cryptographic primitives typically assume operations are executed in the correct sequence; however, insecure implementations or software-level attacks can disrupt control flows, potentially invalidating these guarantees. To address this issue, we introduce a new security notion, IND-CFA, which formalizes decryption security in the presence of adversarially controlled execution flows. Using this notion, we investigate the control flows under which a cryptographic scheme remains secure, providing insights into secure implementation practices. We revisit the Encrypt-then-MAC paradigm, underscoring the crucial role of operation sequencing in ensuring the security of authenticated encryption schemes built using this method. Additionally, we provide a detailed analysis of the Encode-then-Encipher (EtE) paradigm, a widely adopted approach for constructing robust AE schemes, revealing its vulnerability to adversarial control flows that can enable attackers to infer low-entropy values in the presence of multiple failure conditions.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Preprint.
- Keywords
- Decryption LeakageAdversarial Control FlowSecurity Proof
- Contact author(s)
- ganyuan cao @ epfl ch
- History
- 2024-11-06: last of 15 revisions
- 2024-04-17: received
- See all versions
- Short URL
- https://ia.cr/2024/598
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/598, author = {Ganyuan Cao}, title = {Decryption Indistinguishability under Chosen Control Flow}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/598}, year = {2024}, url = {https://eprint.iacr.org/2024/598} }