Lightweight authenticated encryption mode suitable for threshold implementation (Q2119030): Difference between revisions

From MaRDI portal
Changed an Item
ReferenceBot (talk | contribs)
Changed an Item
 
(8 intermediate revisions by 4 users not shown)
Property / describes a project that uses
 
Property / describes a project that uses: MiMC / rank
 
Normal rank
Property / describes a project that uses
 
Property / describes a project that uses: tweakey / rank
 
Normal rank
Property / describes a project that uses
 
Property / describes a project that uses: SKINNY / rank
 
Normal rank
Property / describes a project that uses
 
Property / describes a project that uses: Lilliput / rank
 
Normal rank
Property / describes a project that uses
 
Property / describes a project that uses: FreePDK45 / rank
 
Normal rank
Property / MaRDI profile type
 
Property / MaRDI profile type: MaRDI publication profile / rank
 
Normal rank
Property / full work available at URL
 
Property / full work available at URL: https://doi.org/10.1007/978-3-030-45724-2_24 / rank
 
Normal rank
Property / OpenAlex ID
 
Property / OpenAlex ID: W3022759749 / rank
 
Normal rank
Property / cites work
 
Property / cites work: MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity / rank
 
Normal rank
Property / cites work
 
Property / cites work: Ciphers for MPC and FHE / rank
 
Normal rank
Property / cites work
 
Property / cites work: Authenticated encryption in the face of protocol and side channel leakage / rank
 
Normal rank
Property / cites work
 
Property / cites work: The SKINNY Family of Block Ciphers and Its Low-Latency Variant MANTIS / rank
 
Normal rank
Property / cites work
 
Property / cites work: Reducing the cost of authenticity with leakages: a CIML2-secure AE scheme with one call to a strongly protected tweakable block cipher / rank
 
Normal rank
Property / cites work
 
Property / cites work: Duplexing the Sponge: Single-Pass Authenticated Encryption and Other Applications / rank
 
Normal rank
Property / cites work
 
Property / cites work: Uniform first-order threshold implementations / rank
 
Normal rank
Property / cites work
 
Property / cites work: A Tale of Two Shares: Why Two-Share Threshold Implementation Seems Worthwhile—and Why It Is Not / rank
 
Normal rank
Property / cites work
 
Property / cites work: Masking AES with \(d+1\) shares in hardware / rank
 
Normal rank
Property / cites work
 
Property / cites work: Sponges resist leakage: the case of authenticated encryption / rank
 
Normal rank
Property / cites work
 
Property / cites work: Leakage resilience of the duplex construction / rank
 
Normal rank
Property / cites work
 
Property / cites work: A practical forgery attack on Lilliput-AE / rank
 
Normal rank
Property / cites work
 
Property / cites work: Constructing TI-friendly substitution boxes using shift-invariant permutations / rank
 
Normal rank
Property / cites work
 
Property / cites work: Authenticated encryption with nonce misuse and physical leakage: definitions, separation results and first construction (extended abstract) / rank
 
Normal rank
Property / cites work
 
Property / cites work: Advances in Cryptology - CRYPTO 2003 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Tweaks and Keys for Block Ciphers: The TWEAKEY Framework / rank
 
Normal rank
Property / cites work
 
Property / cites work: Beyond conventional security in sponge-based authenticated encryption modes / rank
 
Normal rank
Property / cites work
 
Property / cites work: The Software Performance of Authenticated-Encryption Modes / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q4365755 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Pushing the Limits: A Very Compact and a Threshold Implementation of AES / rank
 
Normal rank
Property / cites work
 
Property / cites work: How to use metaheuristics for design of symmetric-key primitives / rank
 
Normal rank
Property / cites work
 
Property / cites work: Threshold Implementations Against Side-Channel Attacks and Glitches / rank
 
Normal rank
Property / cites work
 
Property / cites work: Side-channel resistant crypto for less than 2,300 GE / rank
 
Normal rank
Property / cites work
 
Property / cites work: A New Variant of PMAC: Beyond the Birthday Bound / rank
 
Normal rank
Property / cites work
 
Property / cites work: Speeding up MILP Aided Differential Characteristic Search with Matsui’s Strategy / rank
 
Normal rank
Property / cites work
 
Property / cites work: Related-Key Impossible-Differential Attack on Reduced-Round Skinny / rank
 
Normal rank

Latest revision as of 12:13, 4 December 2024

scientific article
Language Label Description Also known as
English
Lightweight authenticated encryption mode suitable for threshold implementation
scientific article

    Statements

    Lightweight authenticated encryption mode suitable for threshold implementation (English)
    0 references
    0 references
    0 references
    0 references
    23 March 2022
    0 references
    This paper proposes tweakable block cipher (TBC) based modes $\text{PFB}_-\text{Plus}$ and $\text{PFB}\omega$ that are efficient in threshold implementations (TI). Let $t$ be an algebraic degree of a target function, e.g. $t = 1$ (resp. $t > 1$) for linear (resp. non-linear) function. The $d\text{-}th$ order TI encodes the internal state into $dt+1$ shares. Hence, the area size increases proportionally to the number of shares. This implies that TBC-based modes can be smaller than block cipher (BC) based modes in TI because TBC requires an $s$-bit block to ensure $s$-bit security, e.g. PFB and Romulus, while BC requires a 2s-bit block. However, even with those TBC based modes, the minimum they can reach is 3 shares of $s$-bit state with $t = 2$ and the first-order TI $(d = 1)$. Their first design $\text{PFB}_-\text{Plus}$ aims to break the barrier of the $3s$-bit state in TI. The block size of an underlying TBC is $s/2$ bits and the output of TBC is linearly expanded to $s$ bits. This expanded state requires only 2 shares in the first-order TI, which makes the total state size $2.5s$ bits.They also provide rigorous security proof of $\text{PFB}_-\text{Plus}$. Their second design $\text{PFB}\omega$ further increases a parameter $\omega$: a ratio of the security level s to the block size of an underlying TBC. They prove the security of $\text{PFB}\omega$ for any $\omega$ under some assumptions for an underlying TBC and for parameters used to update a state. Next, they show a concrete instantiation of $\text{PFB}_-\text{Plus}$ for 128-bit security. It requires a TBC with a 64-bit block, 128-bit key, and 128-bit tweak, while no existing TBC can support it. They design a new TBC by extending SKINNY and provide basic security evaluation. Finally, they give hardware benchmarks of $\text{PFB}_-\text{Plus}$ in the first-order TI to show that TI of $\text{PFB}_-\text{Plus}$ is smaller than that of PFB by more than one thousand gates and is the smallest within the schemes having 128-bit security. For the entire collection see [Zbl 1482.94003].
    0 references
    authenticated encryption
    0 references
    threshold implementation
    0 references
    beyond-birthday-bound security
    0 references
    tweakable block cipher
    0 references
    lightweight
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references

    Identifiers