Abstract
The ongoing NIST lightweight cryptography standardization process highlights the importance of resistance to side-channel attacks, which has renewed the interest for Authenticated Encryption schemes (AEs) with light(er)-weight sidechannel secure implementations. To address this challenge, our first contribution is to investigate the leakage-resistance of a generic duplex-based stream cipher. When the capacity of the duplex is of c bits, we prove the classical bound, i.e., ≈ 2c/2, under an assumption of non-invertible leakage. Based on this, we propose a new 1-pass AE mode TETSponge, which carefully combines a tweakable block cipher that must have strong protections against side-channel attacks and is scarcely used, and a duplex-style permutation that only needs weak side-channel protections and is used to frugally process the message and associated data. It offers: (i) provable integrity (resp. confidentiality) guarantees in the presence of leakage during both encryption and decryption (resp. encryption only), (ii) some level of nonce misuse robustness. We conclude that TETSponge is an appealing option for the implementation of low-energy AE in settings where side-channel attacks are a concern. We also provides the first rigorous methodology for the leakage-resistance of sponge/duplex-based AEs based on a minimal non-invertibility assumption on leakages, which leads to various insights on designs and implementations.
Highlights
In 2013, the NIST initiated a lightweight cryptography project to understand the need for dedicated Authenticated Encryption with Associated Data (AEAD), which has led to the launching of a standardization process in 2019 [oST18]
Based on this state-of-the-art, we can rephrase our problem as: Can we design a single-pass leakage-resistant Authenticated Encryption schemes (AEs) mode, and how can we argue about the form of leakage-resistance that it provides?
We study how to extend the leakage-resistant duplex stream cipher into a 1-pass AEAD mode and what can be achieved
Summary
In 2013, the NIST initiated a lightweight cryptography project to understand the need for dedicated Authenticated Encryption with Associated Data (AEAD), which has led to the launching of a standardization process in 2019 [oST18]. In this context, resistance to side-channel attacks is identified as one of the desirable features that is missing from existing solutions. A lack of embedded security can be the root of serious distributed attacks starting from seemingly non-critical connected objects, such as home lamps [RSWO17], for instance. Received: 2019-09-01, Revised: 2019-11-23, Accepted: 2020-01-23, Published: 2020-05-07
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
