Exploring Integrity of AEADs with Faults: Definitions and Constructions

Authors

  • Sayandeep Saha School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore, Singapore
  • Mustafa Khairallah School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore, Singapore; Seagate Research, Singapore, Singapore
  • Thomas Peyrin School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore, Singapore

DOI:

https://doi.org/10.46586/tosc.v2022.i4.291-324

Keywords:

Fault Attack, Side-Channel Attack, Authenticated Encryption with Associated Data

Abstract

Implementation-based attacks are major concerns for modern cryptography. For symmetric-key cryptography, a significant amount of exploration has taken place in this regard for primitives such as block ciphers. Concerning symmetric-key operating modes, such as Authenticated Encryption with Associated Data (AEAD), the stateof-the-art mainly addresses the passive Side-Channel Attacks (SCA) in the form of leakage resilient cryptography. So far, only a handful of work address Fault Attacks (FA) in the context of AEADs concerning the fundamental properties – integrity and confidentiality. In this paper, we address this gap by exploring mode-level issues arising due to FAs. We emphasize that FAs can be fatal even in cases where the adversary does not aim to extract the long-term secret, but rather tries to violate the basic security requirements (integrity and confidentiality). Notably, we show novel integrity attack examples on state-of-the-art AEAD constructions and even on a prior fault-resilient AEAD construction called SIV$. On the constructive side, we first present new security notions of fault-resilience, for PRF (frPRF), MAC (frMAC) and AEAD (frAE), the latter can be seen as an improved version of the notion introduced by Fischlin and Gunther at CT-RSA’20. Then, we propose new constructions to turn a frPRF into a fault-resilient MAC frMAC (hash-then-frPRF) and into a fault-resilient AEAD frAE (MAC-then-Encrypt-then-MAC or MEM).

Downloads

Published

2022-12-07

How to Cite

Saha, S., Khairallah, M., & Peyrin, T. (2022). Exploring Integrity of AEADs with Faults: Definitions and Constructions. IACR Transactions on Symmetric Cryptology, 2022(4), 291–324. https://doi.org/10.46586/tosc.v2022.i4.291-324

Issue

Section

Articles