Abstract
Leakage resilient cryptography wants to provide security against side channel attacks. In this paper, we present several issues of the \(\mathsf {RCB}\) block cipher mode, proposed by Agrawal et al. in [2]. \(\mathsf {RCB}\) is the first Leakage Resilient Authenticated Encryption (AE) scheme ever presented. In particular, we present a forgery attack that breaks the \(\textsf {INT-CTXT} \) security which is a fundamental requirement in the design of AE schemes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The authors of \(\mathsf {OCB}\) did never claim nonce misuse resistance, but [2] made such claims for \(\mathsf {RCB}\).
- 2.
Else, Alice and Bob would perform interactive resynchronization [2, Fig. 2].
- 3.
Bob must increase the counter, even if the message turns out to be invalid. Otherwise, Bob would use the same internal key more than once, thus destroying the main purpose of using \(\mathsf {RCB}\), namely its claimed leakage-resilience.
References
Abed, F., Fluhrer, S.R., Forler, C., List, E., Lucks, S., McGrew, D.A., Wenzel, J.: Pipelineable on-line encryption. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 205–223. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46706-0_11
Agrawal, M., Bansal, T.K., Chang, D., Chauhan, A.K., Hong, S., Kang, J., Sanadhya, S.K.: RCB: leakage-resilient authenticated encryption via re-keying. J. Supercomput. 1–26. Springer, Heidelberg (2016). https://doi.org/10.1007/s11227-016-1824-6
Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: How to securely release unverified plaintext in authenticated encryption. In: Advances in Cryptology -ASIACRYPT 2014–20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., 7–11 December 2014, Proceedings, Part I, pp. 105–125 (2014)
Barwell, G., Martin, D.P., Oswald, E., Stam, M.: Authenticated encryption in the face of protocol and side channel leakage. IACR Cryptology ePrint Archive 2017, 68 (2017)
Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_41
Berti, F., Koeune, F., Pereira, O., Peters, T., Standaert, F.-X.: Leakage-resilient and misuse-resistant authenticated encryption. IACR Cryptol. ePrint Arch. 2016, 996 (2016)
Borst, J.: Block ciphers: design, analysis and side-channel analysis. Ph.D. thesis, KULeuven, Belgium (2001)
Dobraunig, C., Eichlseder, M., Mangard, S., Mendel, F., Unterluggauer, T.: ISAP - towards side-channel secure authenticated encryption. IACR Trans. Symmetric Cryptol. 2017(1), 80–105 (2017)
Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: 49th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2008, 25–28 October 2008, Philadelphia, PA, USA, pp. 293–302 (2008)
Faust, S., Pietrzak, K., Schipper, J.: Practical leakage-resilient symmetric cryptography. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 213–232. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_13
Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_18
Mangard, S.: Hardware countermeasures against DPA – a statistical analysis of their effectiveness. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 222–235. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24660-2_18
Medwed, M., Petit, C., Regazzoni, F., Renauld, M., Standaert, F.-X.: Fresh re-keying II: securing multiple parties against side-channel and fault attacks. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 115–132. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-27257-8_8
Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_16
Namprempre, C., Rogaway, P., Shrimpton, T.: Reconsidering generic composition. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 257–274. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_15
Pereira, O., Standaert, F.-X., Vivek, S.: Leakage-resilient authentication and encryption from symmetric cryptographic primitives. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October 2015, pp. 96–108 (2015)
Peyrin, T., Seurin, Y.: Counter-in-tweak: authenticated encryption modes for tweakable block ciphers. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 33–63. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_2
Pietrzak, K.: A leakage-resilient mode of operation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 462–482. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_27
Rivain, M., Emmanuel, P.: Provably secure higher-order masking of AES. IACR Cryptol. ePrint Arch. 2010, 441 (2010)
Rogaway, P., Bellare, M., Black, J.: OCB: a block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. 6(3), 365–403 (2003)
Rogaway, P., Thomas, S.: Deterministic authenticated-encryption: a provable-security treatment of the key-wrap problem. IACR Cryptol. ePrint Arch. 2006, 221 (2006)
Schipper, J.H.: Leakage resilient authentication, master thesis, Utrecht university, The Netherlands (2010)
Standaert, F.-X.: Directory authorities specifications from the tor project. http://perso.uclouvain.be/fstandae/PUBLIS/96_slides.pdf. Invited talk at SKEW 2011
Standaert, F.-X., Pereira, O., Yu, Y., Quisquater, J.-J., Yung, M., Oswald, E.: Leakage resilient cryptography in practice. In: Towards Hardware-Intrinsic Security - Foundations and Practice, pp. 99–134 (2010)
Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against side-channel attacks: a comprehensive study with cautionary note. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 740–757. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_44
Yu, Y., Standaert, F.-X.: practical leakage-resilient pseudorandom objects with minimum public randomness. In: Dawson, Ed (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 223–238. Springer, Heidelberg (2013)
Yu, Y., Standaert, F.-X., Pereira, O., Yung, M.: Practical leakage-resilient pseudorandom generators. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, 4–8 October 2010, pp. 141–151 (2010)
Acknowledgments
Farzaneh Abed was supported by the Simple Scry project with Cisco.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Abed, F., Berti, F., Lucks, S. (2017). Is RCB a Leakage Resilient Authenticated Encryption Scheme?. In: Lipmaa, H., Mitrokotsa, A., Matulevičius, R. (eds) Secure IT Systems. NordSec 2017. Lecture Notes in Computer Science(), vol 10674. Springer, Cham. https://doi.org/10.1007/978-3-319-70290-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-70290-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70289-6
Online ISBN: 978-3-319-70290-2
eBook Packages: Computer ScienceComputer Science (R0)