Leakage Resilient Value Comparison With Application to Message Authentication

Christoph Erwin Dobraunig, Bart Mennink

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

Side-channel attacks are a threat to secrets stored on a device, especially if an adversary has physical access to the device. As an effect of this, countermeasures against such attacks for cryptographic algorithms are a well-researched topic. In this work, we deviate from the study of cryptographic algorithms and instead focus on the side-channel protection of a much more basic operation, the comparison of a known attacker-controlled value with a secret one. Comparisons sensitive to side-channel leakage occur in tag comparisons during the verification of message authentication codes (MACs) or authenticated encryption, but are typically omitted in security analyses. Besides, also comparisons performed as part of fault countermeasures might be sensitive to side-channel attacks. In this work, we present a formal analysis on comparing values in a leakage resilient manner by utilizing cryptographic building blocks that are typically part of an implementation anyway. Our results indicate that there is no need to invest additional resources into implementing a protected comparison operation itself if a sufficiently protected implementation of a public cryptographic permutation, or a (tweakable) block cipher, is already available. We complement our contribution by applying our findings to the SuKS message authentication code used by lightweight authenticated encryption scheme ISAP, and to the classical Hash-then-PRF construction.
Originalspracheenglisch
TitelAdvances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
Redakteure/-innenAnne Canteaut, François-Xavier Standaert
ErscheinungsortCham
Herausgeber (Verlag)Springer
Seiten377-407
Seitenumfang31
Band2
ISBN (elektronisch)978-3-030-77886-6
ISBN (Print)978-3-030-77885-9
DOIs
PublikationsstatusVeröffentlicht - 2021
Veranstaltung40th Annual International Conference on the Theory and Applications of Cryptographic Techniques: EUROCRYPT 2021 - Zagreb, Kroatien
Dauer: 17 Okt 202121 Okt 2021

Publikationsreihe

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band12697 LNCS
ISSN (Print)0302-9743
ISSN (elektronisch)1611-3349

Konferenz

Konferenz40th Annual International Conference on the Theory and Applications of Cryptographic Techniques
Land/GebietKroatien
OrtZagreb
Zeitraum17/10/2121/10/21

ASJC Scopus subject areas

  • Theoretische Informatik
  • Informatik (insg.)

Fingerprint

Untersuchen Sie die Forschungsthemen von „Leakage Resilient Value Comparison With Application to Message Authentication“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren