Secure Message Authentication in the Presence of Leakage and Faults

Authors

  • Francesco Berti Bar-Ilan University, Ramat Gan, Israel
  • Chun Guo School of Cyber Science and Technology, Shandong University, Qingdao, Shandong, China; Shandong Research Institute of Industrial Technology, Jinan, Shandong, China
  • Thomas Peters UCLouvain, ICTEAM/ELEN/Crypto Group, Louvain-la-Neuve, Belgium
  • Yaobin Shen UCLouvain, ICTEAM/ELEN/Crypto Group, Louvain-la-Neuve, Belgium
  • François-Xavier Standaert UCLouvain, ICTEAM/ELEN/Crypto Group, Louvain-la-Neuve, Belgium

DOI:

https://doi.org/10.46586/tosc.v2023.i1.288-315

Keywords:

Leakage, Faults, Combine Attacks, Mode-Level Protections

Abstract

Security against side-channels and faults is a must for the deployment of embedded cryptography. A wide body of research has investigated solutions to secure implementations against these attacks at different abstraction levels. Yet, to a large extent, current solutions focus on one or the other threat. In this paper, we initiate a mode-level study of cryptographic primitives that can ensure security in a (new and practically-motivated) adversarial model combining leakage and faults. Our goal is to identify constructions that do not require a uniform protection of all their operations against both attack vectors. For this purpose, we first introduce a versatile and intuitive model to capture leakage and faults. We then show that a MAC from Asiacrypt 2021 natively enables a leveled implementation for fault resilience where only its underlying tweakable block cipher must be protected, if only the tag verification can be faulted. We finally describe two approaches to amplify security for fault resilience when also the tag generation can be faulted. One is based on iteration and requires the adversary to inject increasingly large faults to succeed. The other is based on randomness and allows provable security against differential faults.

Downloads

Published

2023-03-10

Issue

Section

Articles

How to Cite

Secure Message Authentication in the Presence of Leakage and Faults. (2023). IACR Transactions on Symmetric Cryptology, 2023(1), 288-315. https://doi.org/10.46586/tosc.v2023.i1.288-315