Leakage Resilient Value Comparison With Application to Message Authentication

Christoph Erwin Dobraunig; Bart Mennink

doi:10.1007/978-3-030-77886-6_13

Leakage Resilient Value Comparison With Application to Message Authentication

Christoph Erwin Dobraunig, Bart Mennink

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Side-channel attacks are a threat to secrets stored on a device, especially if an adversary has physical access to the device. As an effect of this, countermeasures against such attacks for cryptographic algorithms are a well-researched topic. In this work, we deviate from the study of cryptographic algorithms and instead focus on the side-channel protection of a much more basic operation, the comparison of a known attacker-controlled value with a secret one. Comparisons sensitive to side-channel leakage occur in tag comparisons during the verification of message authentication codes (MACs) or authenticated encryption, but are typically omitted in security analyses. Besides, also comparisons performed as part of fault countermeasures might be sensitive to side-channel attacks. In this work, we present a formal analysis on comparing values in a leakage resilient manner by utilizing cryptographic building blocks that are typically part of an implementation anyway. Our results indicate that there is no need to invest additional resources into implementing a protected comparison operation itself if a sufficiently protected implementation of a public cryptographic permutation, or a (tweakable) block cipher, is already available. We complement our contribution by applying our findings to the SuKS message authentication code used by lightweight authenticated encryption scheme ISAP, and to the classical Hash-then-PRF construction.

Original language	English
Title of host publication	Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
Editors	Anne Canteaut, François-Xavier Standaert
Place of Publication	Cham
Publisher	Springer
Pages	377-407
Number of pages	31
Volume	2
ISBN (Electronic)	978-3-030-77886-6
ISBN (Print)	978-3-030-77885-9
DOIs	https://doi.org/10.1007/978-3-030-77886-6_13
Publication status	Published - 2021
Event	Eurocrypt 2021: 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques - Zagreb, Croatia Duration: 17 Oct 2021 → 21 Oct 2021

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12697 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Eurocrypt 2021
Country/Territory	Croatia
City	Zagreb
Period	17/10/21 → 21/10/21

Keywords

Leakage resilience
Tag verification
Value comparison

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-77886-6_13

Cite this

Dobraunig, C. E., & Mennink, B. (2021). Leakage Resilient Value Comparison With Application to Message Authentication. In A. Canteaut, & F-X. Standaert (Eds.), Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings (Vol. 2, pp. 377-407). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12697 LNCS). Springer. https://doi.org/10.1007/978-3-030-77886-6_13

Leakage Resilient Value Comparison With Application to Message Authentication. / Dobraunig, Christoph Erwin; Mennink, Bart.
Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. ed. / Anne Canteaut; François-Xavier Standaert. Vol. 2 Cham: Springer, 2021. p. 377-407 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12697 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Dobraunig, CE & Mennink, B 2021, Leakage Resilient Value Comparison With Application to Message Authentication. in A Canteaut & F-X Standaert (eds), Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. vol. 2, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12697 LNCS, Springer, Cham, pp. 377-407, Eurocrypt 2021, Zagreb, Croatia, 17/10/21. https://doi.org/10.1007/978-3-030-77886-6_13

Dobraunig CE, Mennink B. Leakage Resilient Value Comparison With Application to Message Authentication. In Canteaut A, Standaert F-X, editors, Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Vol. 2. Cham: Springer. 2021. p. 377-407. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-77886-6_13

Dobraunig, Christoph Erwin ; Mennink, Bart. / Leakage Resilient Value Comparison With Application to Message Authentication. Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. editor / Anne Canteaut ; François-Xavier Standaert. Vol. 2 Cham : Springer, 2021. pp. 377-407 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{e66d8af2b3174783b8e5ade560b4631e,

title = "Leakage Resilient Value Comparison With Application to Message Authentication",

abstract = "Side-channel attacks are a threat to secrets stored on a device, especially if an adversary has physical access to the device. As an effect of this, countermeasures against such attacks for cryptographic algorithms are a well-researched topic. In this work, we deviate from the study of cryptographic algorithms and instead focus on the side-channel protection of a much more basic operation, the comparison of a known attacker-controlled value with a secret one. Comparisons sensitive to side-channel leakage occur in tag comparisons during the verification of message authentication codes (MACs) or authenticated encryption, but are typically omitted in security analyses. Besides, also comparisons performed as part of fault countermeasures might be sensitive to side-channel attacks. In this work, we present a formal analysis on comparing values in a leakage resilient manner by utilizing cryptographic building blocks that are typically part of an implementation anyway. Our results indicate that there is no need to invest additional resources into implementing a protected comparison operation itself if a sufficiently protected implementation of a public cryptographic permutation, or a (tweakable) block cipher, is already available. We complement our contribution by applying our findings to the SuKS message authentication code used by lightweight authenticated encryption scheme ISAP, and to the classical Hash-then-PRF construction.",

keywords = "Leakage resilience, Tag verification, Value comparison",

author = "Dobraunig, {Christoph Erwin} and Bart Mennink",

year = "2021",

doi = "10.1007/978-3-030-77886-6_13",

language = "English",

isbn = "978-3-030-77885-9",

volume = "2",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "377--407",

editor = "Anne Canteaut and Fran{\c c}ois-Xavier Standaert",

booktitle = "Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings",

note = "Eurocrypt 2021 : 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques ; Conference date: 17-10-2021 Through 21-10-2021",

}

TY - GEN

T1 - Leakage Resilient Value Comparison With Application to Message Authentication

AU - Dobraunig, Christoph Erwin

AU - Mennink, Bart

PY - 2021

Y1 - 2021

N2 - Side-channel attacks are a threat to secrets stored on a device, especially if an adversary has physical access to the device. As an effect of this, countermeasures against such attacks for cryptographic algorithms are a well-researched topic. In this work, we deviate from the study of cryptographic algorithms and instead focus on the side-channel protection of a much more basic operation, the comparison of a known attacker-controlled value with a secret one. Comparisons sensitive to side-channel leakage occur in tag comparisons during the verification of message authentication codes (MACs) or authenticated encryption, but are typically omitted in security analyses. Besides, also comparisons performed as part of fault countermeasures might be sensitive to side-channel attacks. In this work, we present a formal analysis on comparing values in a leakage resilient manner by utilizing cryptographic building blocks that are typically part of an implementation anyway. Our results indicate that there is no need to invest additional resources into implementing a protected comparison operation itself if a sufficiently protected implementation of a public cryptographic permutation, or a (tweakable) block cipher, is already available. We complement our contribution by applying our findings to the SuKS message authentication code used by lightweight authenticated encryption scheme ISAP, and to the classical Hash-then-PRF construction.

AB - Side-channel attacks are a threat to secrets stored on a device, especially if an adversary has physical access to the device. As an effect of this, countermeasures against such attacks for cryptographic algorithms are a well-researched topic. In this work, we deviate from the study of cryptographic algorithms and instead focus on the side-channel protection of a much more basic operation, the comparison of a known attacker-controlled value with a secret one. Comparisons sensitive to side-channel leakage occur in tag comparisons during the verification of message authentication codes (MACs) or authenticated encryption, but are typically omitted in security analyses. Besides, also comparisons performed as part of fault countermeasures might be sensitive to side-channel attacks. In this work, we present a formal analysis on comparing values in a leakage resilient manner by utilizing cryptographic building blocks that are typically part of an implementation anyway. Our results indicate that there is no need to invest additional resources into implementing a protected comparison operation itself if a sufficiently protected implementation of a public cryptographic permutation, or a (tweakable) block cipher, is already available. We complement our contribution by applying our findings to the SuKS message authentication code used by lightweight authenticated encryption scheme ISAP, and to the classical Hash-then-PRF construction.

KW - Leakage resilience

KW - Tag verification

KW - Value comparison

UR - http://www.scopus.com/inward/record.url?scp=85111467345&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-77886-6_13

DO - 10.1007/978-3-030-77886-6_13

M3 - Conference paper

SN - 978-3-030-77885-9

VL - 2

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 377

EP - 407

BT - Advances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings

A2 - Canteaut, Anne

A2 - Standaert, François-Xavier

PB - Springer

CY - Cham

T2 - Eurocrypt 2021

Y2 - 17 October 2021 through 21 October 2021

ER -

Leakage Resilient Value Comparison With Application to Message Authentication

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

FWF - Authenticated Encryption - Advancing in Authenticated Encryption

EU - SOPHIA - Securing Software against Physical Attacks

Cite this

Leakage Resilient Value Comparison With Application to Message Authentication

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Projects

FWF - Authenticated Encryption - Advancing in Authenticated Encryption

EU - SOPHIA - Securing Software against Physical Attacks

Cite this