Exploring integrity of AEADs with faults: definitions and constructions
Implementation-based attacks are major concerns for modern cryptography. For symmetric-key cryptography, a significant amount of exploration has taken place in this regard for primitives such as block ciphers. Concerning symmetric-key operating modes, such as Authenticated Encryption with Associated...
Saved in:
| Main Authors: | , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/164487 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-164487 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1644872023-02-28T20:11:04Z Exploring integrity of AEADs with faults: definitions and constructions Saha, Sayandeep Khairallah, Mustafa Peyrin, Thomas School of Physical and Mathematical Sciences Science::Mathematics Fault Attack Side-Channel Attack Implementation-based attacks are major concerns for modern cryptography. For symmetric-key cryptography, a significant amount of exploration has taken place in this regard for primitives such as block ciphers. Concerning symmetric-key operating modes, such as Authenticated Encryption with Associated Data (AEAD), the state-of-the-art mainly addresses the passive Side-Channel Attacks (SCA) in the form of leakage resilient cryptography. So far, only a handful of work address Fault Attacks (FA) in the context of AEADs concerning the fundamental properties – integrity and confidentiality. In this paper, we address this gap by exploring mode-level issues arising due to FAs. We emphasize that FAs can be fatal even in cases where the adversary does not aim to extract the long-term secret, but rather tries to violate the basic security requirements (integrity and confidentiality). Notably, we show novel integrity attack examples on state-of-the-art AEAD constructions and even on a prior fault-resilient AEAD construction called SIV$. On the constructive side, we first present new security notions of fault-resilience, for PRF (frPRF), MAC (frMAC) and AEAD (frAE), the latter can be seen as an improved version of the notion introduced by Fischlin and Gunther at CT-RSA’20. Then, we propose new constructions to turn a frPRF into a fault-resilient MAC frMAC (hash-then-frPRF) and into a fault-resilient AEAD frAE (MAC-then-Encrypt-then-MAC or MEM). Nanyang Technological University Published version This work was supported by a joint Wallenberg AI, Autonomous Systems and SoftwareProgram-Nanyang Technological Universy (WASP-NTU) grant. 2023-01-30T02:13:01Z 2023-01-30T02:13:01Z 2022 Journal Article Saha, S., Khairallah, M. & Peyrin, T. (2022). Exploring integrity of AEADs with faults: definitions and constructions. IACR Transactions On Symmetric Cryptology, 2022(4), 291-324. https://dx.doi.org/10.46586/tosc.v2022.i4.291-324 2519-173X https://hdl.handle.net/10356/164487 10.46586/tosc.v2022.i4.291-324 2-s2.0-85143669819 4 2022 291 324 en IACR Transactions on Symmetric Cryptology © 2022 Sayandeep Saha, Mustafa Khairallah, Thomas Peyrin. This work is licensed under a Creative Commons Attribution 4.0 International License. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Science::Mathematics Fault Attack Side-Channel Attack |
| spellingShingle |
Science::Mathematics Fault Attack Side-Channel Attack Saha, Sayandeep Khairallah, Mustafa Peyrin, Thomas Exploring integrity of AEADs with faults: definitions and constructions |
| description |
Implementation-based attacks are major concerns for modern cryptography. For symmetric-key cryptography, a significant amount of exploration has taken place in this regard for primitives such as block ciphers. Concerning symmetric-key operating modes, such as Authenticated Encryption with Associated Data (AEAD), the state-of-the-art mainly addresses the passive Side-Channel Attacks (SCA) in the form of leakage resilient cryptography. So far, only a handful of work address Fault Attacks (FA) in the context of AEADs concerning the fundamental properties – integrity and confidentiality. In this paper, we address this gap by exploring mode-level issues arising due to FAs. We emphasize that FAs can be fatal even in cases where the adversary does not aim to extract the long-term secret, but rather tries to violate the basic security requirements (integrity and confidentiality). Notably, we show novel integrity attack examples on state-of-the-art AEAD constructions and even on a prior fault-resilient AEAD construction called SIV$. On the constructive side, we first present new security notions of fault-resilience, for PRF (frPRF), MAC (frMAC) and AEAD (frAE), the latter can be seen as an improved version of the notion introduced by Fischlin and Gunther at CT-RSA’20. Then, we propose new constructions to turn a frPRF into a fault-resilient MAC frMAC (hash-then-frPRF) and into a fault-resilient AEAD frAE (MAC-then-Encrypt-then-MAC or MEM). |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Saha, Sayandeep Khairallah, Mustafa Peyrin, Thomas |
| format |
Article |
| author |
Saha, Sayandeep Khairallah, Mustafa Peyrin, Thomas |
| author_sort |
Saha, Sayandeep |
| title |
Exploring integrity of AEADs with faults: definitions and constructions |
| title_short |
Exploring integrity of AEADs with faults: definitions and constructions |
| title_full |
Exploring integrity of AEADs with faults: definitions and constructions |
| title_fullStr |
Exploring integrity of AEADs with faults: definitions and constructions |
| title_full_unstemmed |
Exploring integrity of AEADs with faults: definitions and constructions |
| title_sort |
exploring integrity of aeads with faults: definitions and constructions |
| publishDate |
2023 |
| url |
https://hdl.handle.net/10356/164487 |
| _version_ |
1759858246160482304 |