Towards Low-Energy Leakage-Resistant Authenticated Encryption from the Duplex Sponge Construction

Paper 2019/193

Towards Low-Energy Leakage-Resistant Authenticated Encryption from the Duplex Sponge Construction

Chun Guo, Olivier Pereira, Thomas Peters, and François-Xavier Standaert

Abstract

The ongoing NIST lightweight standardization process explicitly puts forward a requirement of side-channel security, which has renewed the interest for Authenticated Encryption schemes (AEs) with light(er)-weight side-channel secure implementations. To address this challenge, we investigate the leakage-resilience of a generic duplex-based stream cipher, and prove the classical bound, i.e., $\approx2^{c/2}$, under an assumption of non-invertible leakage. Based on this, we propose a new 1-pass AE mode TETSponge, which carefully combines a tweakable block cipher that must have strong protections against side-channel attacks and is scarcely used, and a duplex-style permutation that only needs weak side-channel protections and is used to frugally process the message and associated data. TETSponge offers: (i) provable resistance against side-channel attacks during both encryption and decryption, (ii) some level of nonce misuse robustness, and (iii) black-box AE security with good bounds in the multi-user setting as well. We conclude that TETSponge offers an appealing option for the implementation of lightweight AE in settings where side-channel attacks are an actual concern. Our analysis offers the first rigorous methodology for the analysis of the leakage-resilience of sponge/duplex-based AEs. It can be easily adapted to others: we demonstrate this by showcasing brief analyzes of two other 1-pass AEs Ascon, GIBBON, and two 2-pass AEs TEDTSponge and ISAP. These provide various insights for both designs and implementations.

Note: Incorporated some suggestions & fixed typos.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Authenticated EncryptionDuplex ConstructionLeakage-ResilienceLeveled Implementations.
Contact author(s)
chun guo @ uclouvain be
History
2019-08-14: last of 3 revisions
2019-02-26: received
See all versions
Short URL
https://ia.cr/2019/193
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/193,
      author = {Chun Guo and Olivier Pereira and Thomas Peters and François-Xavier Standaert},
      title = {Towards Low-Energy Leakage-Resistant Authenticated Encryption from the Duplex Sponge Construction},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/193},
      year = {2019},
      url = {https://eprint.iacr.org/2019/193}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.