Skip to main content
SpringerLink
Log in

Efficient Leakage-Resilient MACs Without Idealized Assumptions

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2021 (ASIACRYPT 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13091))

Abstract

The security proofs of leakage-resilient MACs based on symmetric building blocks currently rely on idealized assumptions that hardly translate into interpretable guidelines for the cryptographic engineers implementing these schemes. In this paper, we first present a leakage-resilient MAC that is both efficient and secure under standard and easily interpretable black box and physical assumptions. It only requires a collision resistant hash function and a single call per message authentication to a Tweakable Block Cipher (\(\mathsf {TBC}\)) that is unpredictable with leakage. This construction leverages two design twists: large tweaks for the \(\mathsf {TBC}\) and a verification process that checks the inverse \(\mathsf {TBC}\) against a constant. It enjoys beyond birthday security bounds. We then discuss the cost of getting rid of these design twists. We show that security can be proven without them as well. Yet, a construction without large tweaks requires stronger (non idealized) assumptions and may incur performance overheads if specialized \(\mathsf {TBC}\)s with large tweaks can be exploited, and a construction without twisted verification requires even stronger assumptions (still non idealized) and leads to more involved bounds. The combination of these results makes a case for our first pragmatic construction and suggests the design of \(\mathsf {TBC}\)s with large tweaks and good properties for side-channel countermeasures as an interesting challenge.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Adversaries are sometimes allowed to “model” the leakage. For this purpose, we grant them access to the oracle \(\mathsf {L}\). This oracle is peculiar since it allows the adversary to make queries not only on inputs x but also of keys \(k'\) of its choice.

  2. 2.

    Degabriele et al. give an alternative definition in [14]. The main difference is that the set of inputs (\(\mathcal {S}\) in their definition, \(\mathcal {L}\) in ours) is not increased for inputs X for which only the leakage is observed, while we always give access to both the primitive’s output and their leakage. Hence, this definition cannot be satisfied in the unbounded leakage model as we aim, since the adversary can then get a valid tag in full. (Their motivation was also different from ours and specially tailored for analyzing constructions leveraging leakage-resilient PRFs).

  3. 3.

    h can be computed by the adversary since the key s of the hash function is public.

  4. 4.

    \(i \overset{\%}{=} j\) means that if i comes from a tag-generation query and j from a verification query, or vice-versa, then they are considered differently.

  5. 5.

    In the black box setting (i.e., without leakage), the security of this construction is beyond birthday since \((q_V+1)~\epsilon _{\mathsf {sUP}\text {-}\mathsf {L2}} \le \epsilon _{\mathsf {sPRP}} + \frac{q_V+1}{2^{128}-q_M-q_V}\), which is optimal.

  6. 6.

    The choice to reuse v as the only tweak of the \(\mathsf {TBC}\) in our design is crucial. With distinct tweaks the security bound will be much more loose. Among other advantages, here, we only have to deal with the verification queries.

  7. 7.

    The latter trick was also used in [8].

References

  1. An, J.H., Bellare, M.: Constructing VIL-MACs from FIL-MACs: message authentication under weakened assumptions. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 252–269. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_16

    Chapter  Google Scholar 

  2. Andreeva, E., Stam, M.: The symbiosis between collision and preimage resistance. In: Chen, L. (ed.) IMACC 2011. LNCS, vol. 7089, pp. 152–171. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25516-8_10

    Chapter  MATH  Google Scholar 

  3. Armknecht, F., Fleischmann, E., Krause, M., Lee, J., Stam, M., Steinberger, J.: The preimage security of double-block-length compression functions. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 233–251. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_13

    Chapter  Google Scholar 

  4. Azouaoui, M., et al.: A systematic appraisal of side channel evaluation strategies. In: van der Merwe, T., Mitchell, C., Mehrnezhad, M. (eds.) SSR 2020. LNCS, vol. 12529, pp. 46–66. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64357-7_3

    Chapter  Google Scholar 

  5. Bellare, M., Hoang, V.T., Keelveedhi, S.: Instantiating random oracles via UCEs. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 398–415. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_23

    Chapter  Google Scholar 

  6. Bellizia, D., et al.: Mode-level vs. implementation-level physical security in symmetric cryptography. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 369–400. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56784-2_13

    Chapter  Google Scholar 

  7. Berman, I., Degwekar, A., Rothblum, R.D., Vasudevan, P.N.: Multi-collision resistant hash functions and their applications. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 133–161. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_5

    Chapter  Google Scholar 

  8. Berti, F., Guo, C., Pereira, O., Peters, T., Standaert, F.-X.: Strong authenticity with leakage under weak and falsifiable physical assumptions. In: Liu, Z., Yung, M. (eds.) Inscrypt 2019. LNCS, vol. 12020, pp. 517–532. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42921-8_31

    Chapter  Google Scholar 

  9. Berti, F., Guo, C., Pereira, O., Peters, T., Standaert, F.: Tedt, a leakage-resist AEAD mode for high physical security applications. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(1), 256–320 (2020)

    Google Scholar 

  10. Berti, F., Koeune, F., Pereira, O., Peters, T., Standaert, F.: Ciphertext integrity with misuse and leakage: definition and efficient constructions with symmetric primitives. In: AsiaCCS, pp. 37–50. ACM (2018)

    Google Scholar 

  11. Berti, F., Pereira, O., Peters, T., Standaert, F.: On leakage-resilient authenticated encryption with decryption leakages. IACR Trans. Symmetric Cryptol. 2017(3), 271–293 (2017)

    Article  Google Scholar 

  12. Canetti, R., Chen, Y., Reyzin, L., Rothblum, R.D.: Fiat-Shamir and correlation intractability from strong KDM-secure encryption. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 91–122. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_4

    Chapter  Google Scholar 

  13. Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)

    Article  MathSciNet  Google Scholar 

  14. Degabriele, J.P., Janson, C., Struck, P.: Sponges resist leakage: the case of authenticated encryption. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11922, pp. 209–240. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34621-8_8

    Chapter  Google Scholar 

  15. Dobraunig, C., et al.: Isap v2.0. IACR Transactions of Symmetric Cryptology 2020(S1), 390–416 (2020)

    Google Scholar 

  16. Dobraunig, C., Mennink, B.: Leakage resilience of the duplex construction. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11923, pp. 225–255. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34618-8_8

    Chapter  Google Scholar 

  17. Dobraunig, C., Mennink, B.: Leakage resilient value comparison with application to message authentication. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 377–407. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_13

    Chapter  Google Scholar 

  18. Dodis, Y., Steinberger, J.: Message authentication codes from unpredictable block ciphers. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 267–285. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_16

    Chapter  Google Scholar 

  19. Dodis, Y., Steinberger, J.: Domain extension for MACs beyond the birthday barrier. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 323–342. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_19

    Chapter  Google Scholar 

  20. Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS, pp. 293–302. IEEE Computer Society (2008)

    Google Scholar 

  21. Fuller, B., Hamlin, A.: Unifying leakage classes: simulatable leakage and pseudoentropy. In: Lehmann, A., Wolf, S. (eds.) ICITS 2015. LNCS, vol. 9063, pp. 69–86. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17470-9_5

    Chapter  Google Scholar 

  22. Goudarzi, D., Rivain, M.: How fast can higher-order masking be in software? In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 567–597. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_20

    Chapter  MATH  Google Scholar 

  23. Guo, C., Pereira, O., Peters, T., Standaert, F.: Towards low-energy leakage-resistant authenticated encryption from the duplex sponge construction. IACR Trans. Symmetric Cryptol. 2020(1), 6–42 (2020)

    Article  Google Scholar 

  24. Guo, C., Standaert, F., Wang, W., Yu, Y.: Efficient side-channel secure message authentication with better bounds. IACR Trans. Symmetric Cryptol. 2019(4), 23–53 (2019)

    Google Scholar 

  25. Hazay, C., López-Alt, A., Wee, H., Wichs, D.: Leakage-resilient cryptography from minimal assumptions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 160–176. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_10

    Chapter  Google Scholar 

  26. Hirose, S.: Some plausible constructions of double-block-length hash functions. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 210–225. Springer, Heidelberg (2006). https://doi.org/10.1007/11799313_14

    Chapter  Google Scholar 

  27. Jean, J., Nikolić, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 274–288. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_15

    Chapter  Google Scholar 

  28. Jean, J., Nikolic, I., Peyrin, T., Seurin, Y.: Deoxys v1. 41. CAESAR Competition, Final Portfolio (2016)

    Google Scholar 

  29. Katz, J., Lindell, Y.: Introduction to Modern Cryptography, Second Edition. CRC Press (2014)

    Google Scholar 

  30. Krämer, J., Struck, P.: Leakage-resilient authenticated encryption from leakage-resilient pseudorandom functions. In: Bertoni, G.M., Regazzoni, F. (eds.) COSADE 2020. LNCS, vol. 12244, pp. 315–337. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-68773-1_15

    Chapter  Google Scholar 

  31. Martin, D.P., Oswald, E., Stam, M., Wójcik, M.: A leakage resilient MAC. In: Groth, J. (ed.) IMACC 2015. LNCS, vol. 9496, pp. 295–310. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27239-9_18

    Chapter  Google Scholar 

  32. Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_16

    Chapter  MATH  Google Scholar 

  33. Pereira, O., Standaert, F., Vivek, S.: Leakage-resilient authentication and encryption from symmetric cryptographic primitives. In: CCS, pp. 96–108. ACM (2015)

    Google Scholar 

  34. Schipper, J.: Leakage-resilient authentication. Master’s thesis (2011)

    Google Scholar 

  35. Suzuki, K., Tonien, D., Kurosawa, K., Toyota, K.: Birthday paradox for multi-collisions. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 29–40. Springer, Heidelberg (2006). https://doi.org/10.1007/11927587_5

    Chapter  Google Scholar 

  36. Zhang, L., Wu, W., Wang, P., Zhang, L., Wu, S., Liang, B.: Constructing rate-1 MACs from related-key unpredictable block ciphers: PGV model revisited. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 250–269. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13858-4_14

    Chapter  Google Scholar 

Download references

Acknowledgments

We thank the ASIACRYPT 2021 reviewers for their insightful feedback. Francesco Berti was founded by the Emmy Noether Program FA 1320/1-1 of the German Research Foundation (DFG). Chun Guo was supported in parts by the Program of Taishan Young Scholars of the Shandong Province, the Program of Qilu Young Scholars (Grant No. 6158008996 3177) of Shandong University, the National Natural Science Foundation of China (Grant No. 62002202), and the Shandong Nature Science Foundation of China (Grant No. ZR2020MF053). Thomas Peters and François-Xavier Standaert are research associate and senior research associate of the Belgian Fund for Scientific Research (F.R.S.-FNRS). This work has been funded in parts by the EU through the ERC project SWORD (724725).

Author information

Authors and Affiliations

  1. UCLouvain, ICTEAM/ELEN/Crypto Group, Louvain-la-Neuve, Belgium

    Francesco Berti, Thomas Peters & François-Xavier Standaert

  2. TU Darmstadt, Germany, CAC - Applied Cryptography, Darmstadt, Germany

    Francesco Berti

  3. School of Cyber Science and Technology, Shandong University, Qingdao, 266237, Shandong, China

    Chun Guo

  4. Key Laboratory of Cryptologic Technology and Information Security of Ministry of Education, Shandong University, Qingdao, 266237, Shandong, China

    Chun Guo

  5. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Chun Guo

Authors
  1. Francesco Berti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chun Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Peters
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. François-Xavier Standaert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Francesco Berti , Chun Guo , Thomas Peters or François-Xavier Standaert .

Editor information

Editors and Affiliations

  1. NTT Corporation, Tokyo, Japan

    Mehdi Tibouchi

  2. Nanyang Technological University, Singapore, Singapore

    Huaxiong Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Berti, F., Guo, C., Peters, T., Standaert, FX. (2021). Efficient Leakage-Resilient MACs Without Idealized Assumptions. In: Tibouchi, M., Wang, H. (eds) Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science(), vol 13091. Springer, Cham. https://doi.org/10.1007/978-3-030-92075-3_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-92075-3_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92074-6

  • Online ISBN: 978-3-030-92075-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation