Authenticity in the Presence of Leakage using a Forkcipher
Authors
Francesco Berti, François-Xavier Standaert, Itamar Levi
Francesco Berti
Bar-Ilan University, Ramat Gan, Israel
francesco dot berti at biu dot ac dot il
francesco dot berti at biu dot ac dot il
François-Xavier Standaert
UCLouvain, ICTEAM/ELEN/Crypto Group, Louvain-la-Neuve, Belgium
fstandae at uclouvain dot be
fstandae at uclouvain dot be
Itamar Levi
Bar-Ilan University, Ramat Gan, Israel
itamar dot levi at biu dot ac dot il
itamar dot levi at biu dot ac dot il
Abstract
Robust message authentication codes (MACs) and authenticated encryption (AE) schemes that provide authenticity in the presence of side-channel leakage are essential primitives. These constructions often rely on primitives designed for strong leakage protection, among others including the use of strong-unpredictable (tweakable) block-ciphers. This paper extends the strong-unpredictability security definition to the versatile and new forkcipher primitive. We show how to construct secure and efficient MAC and AEs that guarantee authenticity in the presence of leakage. We present a leakage-resistant MAC, ForkMAC, and two leakage-resistant AE schemes, ForkDTE1 and ForkDTE2, which use forkciphers instead of traditional secure (tweakable) block-ciphers as compared to the prior art. We prove and analyze their security in the presence of leakage based on a strong unpredictable forkcipher. A comparison with the state-of-the-art in terms of both security and efficiency is included in the paper. Key advantages and highlights promoted by the proposed constructions are that for the minimal assumptions they require, unpredictability with leakage-based security, the tag-generation of ForkMAC is the most efficient among leakage-resilient MAC proposals, like the block cipher based HBC. ForkDTE1 and 2 have a more efficient encryption than any other scheme, achieving integrity with leakage (and also providing misuse-resistance).
References
[ABPV21]
Elena Andreeva, Amit Singh Bhati, Bart Preneel, and Damian Vizár. 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher. IACR Trans. Symmetric Cryptol., 2021(3):1–35, 2021. DOI: 10.46586/TOSC.V2021.I3.1-35
[ACL+24]
Elena Andreeva, Benoît Cogliati, Virginie Lallemand, Marine Minier, Antoon Purnal, and Arnab Roy. Masked Iterate-Fork-Iterate: A New Design Paradigm for Tweakable Expanding Pseudorandom Function. In Christina Pöpper and Lejla Batina, editors, Applied Cryptography and Network Security - 22nd International Conference, ACNS 2024, Abu Dhabi, United Arab Emirates, March 5-8, 2024, Proceedings, Part II, volume 14584 of Lecture Notes in Computer Science, pages 433–459. 2024. Springer. DOI: 10.1007/978-3-031-54773-7_17
[ALP+19]
Elena Andreeva, Virginie Lallemand, Antoon Purnal, Reza Reyhanitabar, Arnab Roy, and Damian Vizár. Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages. In Steven D. Galbraith and Shiho Moriai, editors, Advances in Cryptology - ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, December 8-12, 2019, Proceedings, Part II, volume 11922 of Lecture Notes in Computer Science, pages 153–182. 2019. Springer. DOI: 10.1007/978-3-030-34621-8_6
[ARVV18a]
Elena Andreeva, Reza Reyhanitabar, Kerem Varici, and Damian Vizár. Forking a Blockcipher for Authenticated Encryption of Very Short Messages. IACR Cryptol. ePrint Arch., 2018.
[ARVV18b]
Elena Andreeva, Reza Reyhanitabar, Kerem Varici, and Damian Vizár. Forking a Blockcipher for Authenticated Encryption of Very Short Messages. IACR Cryptol. ePrint Arch., 2018.
[AW23]
Elena Andreeva and Andreas Weninger. A Forkcipher-Based Pseudo-Random Number Generator. In Mehdi Tibouchi and Xiaofeng Wang, editors, Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Kyoto, Japan, June 19-22, 2023, Proceedings, Part II, volume 13906 of Lecture Notes in Computer Science, pages 3–31. 2023. Springer. DOI: 10.1007/978-3-031-33491-7_1
[BBB+20]
Davide Bellizia, Francesco Berti, Olivier Bronchain, Gaëtan Cassiers, Sébastien Duval, Chun Guo, Gregor Leander, Gaëtan Leurent, Itamar Levi, Charles Momin, Olivier Pereira, Thomas Peters, François-Xavier Standaert, Balazs Udvarhelyi, and Friedrich Wiemer. Spook: Sponge-Based Leakage-Resistant Authenticated Encryption with a Masked Tweakable Block Cipher. IACR Trans. Symmetric Cryptol., 2020(S1):295–349, 2020. DOI: 10.13154/TOSC.V2020.IS1.295-349
[BBB+22]
Francesco Berti, Shivam Bhasin, Jakub Breier, Xiaolu Hou, Romain Poussier, François-Xavier Standaert, and Balazs Udvarhelyi. A Finer-Grain Analysis of the Leakage (Non) Resilience of OCB. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2022(1):461–481, 2022. DOI: 10.46586/TCHES.V2022.I1.461-481
[BBDL23]
Arghya Bhattacharjee, Ritam Bhaumik, Avijit Dutta, and Eik List. PAE: Towards More Efficient and BBB-Secure AE from a Single Public Permutation. In Ding Wang, Moti Yung, Zheli Liu, and Xiaofeng Chen, editors, Information and Communications Security - 25th International Conference, ICICS 2023, Tianjin, China, November 18-20, 2023, Proceedings, volume 14252 of Lecture Notes in Computer Science, pages 69–87. 2023. Springer. DOI: 10.1007/978-981-99-7356-9_5
[BBJ+19]
Subhadeep Banik, Jannis Bossert, Amit Jana, Eik List, Stefan Lucks, Willi Meier, Mostafizar Rahman, Dhiman Saha, and Yu Sasaki. Cryptanalysis of ForkAES. In Robert H. Deng, Valérie Gauthier-Umaña, Martín Ochoa, and Moti Yung, editors, Applied Cryptography and Network Security - 17th International Conference, ACNS 2019, Bogota, Colombia, June 5-7, 2019, Proceedings, volume 11464 of Lecture Notes in Computer Science, pages 43–63. 2019. Springer. DOI: 10.1007/978-3-030-21568-2_3
[BGP+19]
Francesco Berti, Chun Guo, Olivier Pereira, Thomas Peters, and François-Xavier Standaert. Strong Authenticity with Leakage Under Weak and Falsifiable Physical Assumptions. In Zhe Liu and Moti Yung, editors, Information Security and Cryptology - 15th International Conference, Inscrypt 2019, Nanjing, China, December 6-8, 2019, Revised Selected Papers, volume 12020 of Lecture Notes in Computer Science, pages 517–532. 2019. Springer. DOI: 10.1007/978-3-030-42921-8_31
[BGP+20]
Francesco Berti, Chun Guo, Olivier Pereira, Thomas Peters, and François-Xavier Standaert. TEDT, a Leakage-Resist AEAD Mode for High Physical Security Applications. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2020(1):256–320, 2020. DOI: 10.13154/TCHES.V2020.I1.256-320
[BGP+23]
Francesco Berti, Chun Guo, Thomas Peters, Yaobin Shen, and François-Xavier Standaert. Secure Message Authentication in the Presence of Leakage and Faults. IACR Trans. Symmetric Cryptol., 2023(1):288–315, 2023. DOI: 10.46586/TOSC.V2023.I1.288-315
[BGPS21]
Francesco Berti, Chun Guo, Thomas Peters, and François-Xavier Standaert. Efficient Leakage-Resilient MACs Without Idealized Assumptions. In Mehdi Tibouchi and Huaxiong Wang, editors, Advances in Cryptology - ASIACRYPT 2021 - 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6-10, 2021, Proceedings, Part II, volume 13091 of Lecture Notes in Computer Science, pages 95–123. 2021. Springer. DOI: 10.1007/978-3-030-92075-3_4
[BKP+18]
Francesco Berti, François Koeune, Olivier Pereira, Thomas Peters, and François-Xavier Standaert. Ciphertext Integrity with Misuse and Leakage: Definition and Efficient Constructions with Symmetric Primitives. In Jong Kim, Gail-Joon Ahn, Seungjoo Kim, Yongdae Kim, Javier López, and Taesoo Kim, editors, Proceedings of the 2018 on Asia Conference on Computer and Communications Security, AsiaCCS 2018, Incheon, Republic of Korea, June 04-08, 2018, pages 37–50. 2018. ACM. DOI: 10.1145/3196494.3196525
[BNT19]
Mihir Bellare, Ruth Ng, and Björn Tackmann. Nonces Are Noticed: AEAD Revisited. In Alexandra Boldyreva and Daniele Micciancio, editors, Advances in Cryptology - CRYPTO 2019 - 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2019, Proceedings, Part I, volume 11692 of Lecture Notes in Computer Science, pages 235–265. 2019. Springer. DOI: 10.1007/978-3-030-26948-7_9
[BPA+23]
Amit Singh Bhati, Erik Pohle, Aysajan Abidin, Elena Andreeva, and Bart Preneel. Let's Go Eevee! A Friendly and Suitable Family of AEAD Modes for IoT-to-Cloud Secure Computation. In Weizhi Meng, Christian Damsgaard Jensen, Cas Cremers, and Engin Kirda, editors, Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, November 26-30, 2023, pages 2546–2560. 2023. ACM. DOI: 10.1145/3576915.3623091
[BPPS17]
Francesco Berti, Olivier Pereira, Thomas Peters, and François-Xavier Standaert. On Leakage-Resilient Authenticated Encryption with Decryption Leakages. IACR Trans. Symmetric Cryptol., 2017(3):271–293, 2017. DOI: 10.13154/TOSC.V2017.I3.271-293
[BPS19]
Francesco Berti, Olivier Pereira, and François-Xavier Standaert. Reducing the Cost of Authenticity with Leakages: a \mathsf CIML2 -Secure \mathsf AE Scheme with One Call to a Strongly Protected Tweakable Block Cipher. In Johannes Buchmann, Abderrahmane Nitaj, and Tajje-eddine Rachidi, editors, Progress in Cryptology - AFRICACRYPT 2019 - 11th International Conference on Cryptology in Africa, Rabat, Morocco, July 9-11, 2019, Proceedings, volume 11627 of Lecture Notes in Computer Science, pages 229–249. 2019. Springer. DOI: 10.1007/978-3-030-23696-0_12
[CGLS21]
Gaëtan Cassiers, Benjamin Grégoire, Itamar Levi, and François-Xavier Standaert. Hardware Private Circuits: From Trivial Composition to Full Verification. IEEE Trans. Computers, 70(10):1677–1690, 2021. DOI: 10.1109/TC.2020.3022979
[DDLM24]
Nilanjan Datta, Avijit Dutta, Eik List, and Sougata Mandal. FEDT: Forkcipher-based Leakage-resilient Beyond-birthday-secure AE. IACR Commun. Cryptol., 1(2):21, 2024. DOI: 10.62056/AKGYL86BM
[DEM+17]
Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, and Thomas Unterluggauer. ISAP - Towards Side-Channel Secure Authenticated Encryption. IACR Trans. Symmetric Cryptol., 2017(1):80–105, 2017. DOI: 10.13154/TOSC.V2017.I1.80-105
[DGL22]
Avijit Dutta, Jian Guo, and Eik List. Forking Sums of Permutations for Optimally Secure and Highly Efficient PRFs. IACR Cryptol. ePrint Arch., 2022.
[DM21]
Christoph Dobraunig and Bart Mennink. Leakage Resilient Value Comparison with Application to Message Authentication. In Anne Canteaut and François-Xavier Standaert, editors, Advances in Cryptology - EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17-21, 2021, Proceedings, Part II, volume 12697 of Lecture Notes in Computer Science, pages 377–407. 2021. Springer. DOI: 10.1007/978-3-030-77886-6_13
[DS09]
Yevgeniy Dodis and John P. Steinberger. Message Authentication Codes from Unpredictable Block Ciphers. In Shai Halevi, editor, Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings, volume 5677 of Lecture Notes in Computer Science, pages 267–285. 2009. Springer. DOI: 10.1007/978-3-642-03356-8_16
[DS11]
Yevgeniy Dodis and John P. Steinberger. Domain Extension for MACs Beyond the Birthday Barrier. In Kenneth G. Paterson, editor, Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings, volume 6632 of Lecture Notes in Computer Science, pages 323–342. 2011. Springer. DOI: 10.1007/978-3-642-20465-4_19
[GR17]
Dahmun Goudarzi and Matthieu Rivain. How Fast Can Higher-Order Masking Be in Software?. In Jean-Sébastien Coron and Jesper Buus Nielsen, editors, Advances in Cryptology - EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30 - May 4, 2017, Proceedings, Part I, volume 10210 of Lecture Notes in Computer Science, pages 567–597. 2017. DOI: 10.1007/978-3-319-56620-7_20
[JS17]
Anthony Journault and François-Xavier Standaert. Very High Order Masking: Efficient Implementation and Security Evaluation. In Wieland Fischer and Naofumi Homma, editors, Cryptographic Hardware and Embedded Systems - CHES 2017 - 19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings, volume 10529 of Lecture Notes in Computer Science, pages 623–643. 2017. Springer. DOI: 10.1007/978-3-319-66787-4_30
[KJJ99]
Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential Power Analysis. In Michael J. Wiener, editor, Advances in Cryptology - CRYPTO '99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999, Proceedings, volume 1666 of Lecture Notes in Computer Science, pages 388–397. 1999. Springer. DOI: 10.1007/3-540-48405-1_25
[KL14]
Jonathan Katz and Yehuda Lindell. Introduction to Modern Cryptography, Second Edition. CRC Press 2014.
[Koc96]
Paul C. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Neal Koblitz, editor, Advances in Cryptology - CRYPTO '96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18-22, 1996, Proceedings, volume 1109 of Lecture Notes in Computer Science, pages 104–113. 1996. Springer. DOI: 10.1007/3-540-68697-5_9
[Lis21]
Eik List. TEDT2 - Highly Secure Leakage-Resilient TBC-Based Authenticated Encryption. In Patrick Longa and Carla Ràfols, editors, Progress in Cryptology - LATINCRYPT 2021 - 7th International Conference on Cryptology and Information Security in Latin America, Bogotá, Colombia, October 6-8, 2021, Proceedings, volume 12912 of Lecture Notes in Computer Science, pages 275–295. 2021. Springer. DOI: 10.1007/978-3-030-88238-9_14
[LRW11]
Moses D. Liskov, Ronald L. Rivest, and David A. Wagner. Tweakable Block Ciphers. J. Cryptol., 24(3):588–613, 2011. DOI: 10.1007/S00145-010-9073-Y
[PSV15]
Olivier Pereira, François-Xavier Standaert, and Srinivas Vivek. Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives. In Indrajit Ray, Ninghui Li, and Christopher Kruegel, editors, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-16, 2015, pages 96–108. 2015. ACM. DOI: 10.1145/2810103.2813626
[QS01]
Jean-Jacques Quisquater and David Samyde. ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards. In Isabelle Attali and Thomas P. Jensen, editors, Smart Card Programming and Security, International Conference on Research in Smart Cards, E-smart 2001, Cannes, France, September 19-21, 2001, Proceedings, volume 2140 of Lecture Notes in Computer Science, pages 200–210. 2001. Springer. DOI: 10.1007/3-540-45418-7_17
[Rog02]
Phillip Rogaway. Authenticated-encryption with associated-data. In Vijayalakshmi Atluri, editor, Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, Washington, DC, USA, November 18-22, 2002, pages 98–107. 2002. ACM. DOI: 10.1145/586110.586125
[RS04]
Phillip Rogaway and Thomas Shrimpton. Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance. In Bimal K. Roy and Willi Meier, editors, Fast Software Encryption, 11th International Workshop, FSE 2004, Delhi, India, February 5-7, 2004, Revised Papers, volume 3017 of Lecture Notes in Computer Science, pages 371–388. 2004. Springer. DOI: 10.1007/978-3-540-25937-4_24
[RS06]
Phillip Rogaway and Thomas Shrimpton. A Provable-Security Treatment of the Key-Wrap Problem. In Serge Vaudenay, editor, Advances in Cryptology - EUROCRYPT 2006, 25th Annual International Conference on the Theory and Applications of Cryptographic Techniques, St. Petersburg, Russia, May 28 - June 1, 2006, Proceedings, volume 4004 of Lecture Notes in Computer Science, pages 373–390. 2006. Springer. DOI: 10.1007/11761679_23
[SL23]
Dor Salomon and Itamar Levi. MaskSIMD-lib: on the performance gap of a generic C optimized assembly and wide vector extensions for masked software with an Ascon-p test case. J. Cryptogr. Eng., 13(3):325–342, 2023. DOI: 10.1007/S13389-023-00322-4
PDF
History
Submitted: 2024-10-01
Accepted: 2024-12-03
Published: 2025-01-13
Accepted: 2024-12-03
Published: 2025-01-13
How to cite
Francesco Berti, François-Xavier Standaert, and Itamar Levi, Authenticity in the Presence of Leakage using a Forkcipher. IACR Communications in Cryptology, vol. 1, no. 4, Jan 13, 2025, doi: 10.62056/abksr-10k.
License
Copyright is held by the author(s)
This work is licensed under a Creative Commons Attribution (CC BY) license.