Secure Message Authentication in the Presence of Leakage and Faults

IF 1.7 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

IACR Transactions on Symmetric Cryptology Pub Date : 2023-03-10 DOI:10.46586/tosc.v2023.i1.288-315

Francesco Berti, Chun Guo, Thomas Peters, Yaobin Shen, François-Xavier Standaert

{"title":"Secure Message Authentication in the Presence of Leakage and Faults","authors":"Francesco Berti, Chun Guo, Thomas Peters, Yaobin Shen, François-Xavier Standaert","doi":"10.46586/tosc.v2023.i1.288-315","DOIUrl":null,"url":null,"abstract":"Security against side-channels and faults is a must for the deployment of embedded cryptography. A wide body of research has investigated solutions to secure implementations against these attacks at different abstraction levels. Yet, to a large extent, current solutions focus on one or the other threat. In this paper, we initiate a mode-level study of cryptographic primitives that can ensure security in a (new and practically-motivated) adversarial model combining leakage and faults. Our goal is to identify constructions that do not require a uniform protection of all their operations against both attack vectors. For this purpose, we first introduce a versatile and intuitive model to capture leakage and faults. We then show that a MAC from Asiacrypt 2021 natively enables a leveled implementation for fault resilience where only its underlying tweakable block cipher must be protected, if only the tag verification can be faulted. We finally describe two approaches to amplify security for fault resilience when also the tag generation can be faulted. One is based on iteration and requires the adversary to inject increasingly large faults to succeed. The other is based on randomness and allows provable security against differential faults.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"44 1","pages":"288-315"},"PeriodicalIF":1.7000,"publicationDate":"2023-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Transactions on Symmetric Cryptology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tosc.v2023.i1.288-315","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Security against side-channels and faults is a must for the deployment of embedded cryptography. A wide body of research has investigated solutions to secure implementations against these attacks at different abstraction levels. Yet, to a large extent, current solutions focus on one or the other threat. In this paper, we initiate a mode-level study of cryptographic primitives that can ensure security in a (new and practically-motivated) adversarial model combining leakage and faults. Our goal is to identify constructions that do not require a uniform protection of all their operations against both attack vectors. For this purpose, we first introduce a versatile and intuitive model to capture leakage and faults. We then show that a MAC from Asiacrypt 2021 natively enables a leveled implementation for fault resilience where only its underlying tweakable block cipher must be protected, if only the tag verification can be faulted. We finally describe two approaches to amplify security for fault resilience when also the tag generation can be faulted. One is based on iteration and requires the adversary to inject increasingly large faults to succeed. The other is based on randomness and allows provable security against differential faults.

查看原文本刊更多论文

存在泄漏和故障的安全消息认证

针对侧信道和故障的安全性是部署嵌入式加密的必要条件。大量的研究已经调查了在不同抽象级别上保护实现免受这些攻击的解决方案。然而，在很大程度上，目前的解决方案集中在一个或另一个威胁。在本文中，我们发起了一项加密原语的模式级研究，该研究可以在结合泄漏和故障的(新的和实用的)对抗模型中确保安全性。我们的目标是识别不需要针对两种攻击向量对其所有操作进行统一保护的结构。为此，我们首先引入一个通用的直观模型来捕获泄漏和故障。然后，我们展示了来自Asiacrypt 2021的MAC原生地实现了故障恢复能力的分层实现，其中只有其底层可调整的分组密码必须受到保护，如果只有标签验证可以出错。最后，我们描述了在标签生成可能出错的情况下，增强故障恢复安全性的两种方法。一种是基于迭代，要求攻击者注入越来越大的错误才能成功。另一种基于随机性，允许针对不同故障的可证明安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IACR Transactions on Symmetric Cryptology Mathematics-Applied Mathematics

CiteScore

5.50

自引率

22.90%

发文量