Timing filter for counter mode encryption

Abstract

An encryption scheme, such as counter (CTR) mode encryption, uses a block cipher to achieve the confidentiality of plaintext. Assuming the block cipher to be a pseudorandom function (PRF), CTR mode encryption is provably secure, namely it achieves indistinguishability under chosen plaintext attacks (IND-CPA). The CTR mode, however, is not specifically designed to hide timing patterns present in the plaintext generation process. Thus, a direct implementation of the CTR mode may leak these timing patterns in the ciphertext, which can be used to cryptanalyse the encryption system. In this paper we propose a timing filter for the CTR mode, which is specifically designed to hide such timing patterns in the ciphertext. We prove that the timing filter is secure in the sense of IND-CPA. Our timing filter poses a negligible overhead on the channel throughput.