• PDF / 510,388 Bytes
• 22 Pages / 439.37 x 666.142 pts Page_size
• 84 Downloads / 264 Views

DOWNLOAD

REPORT

4

NTT Secure Platform Laboratories, Tokyo, Japan [email protected] 2 Nagoya University, Nagoya, Japan [email protected] 3 NEC Corporation, Tokyo, Japan [email protected] Applied Statistics Unit, Indian Statistical Institute, Kolkata, India [email protected]

Abstract. This paper presents a design of authenticated encryption (AE) focusing on minimizing the implementation size, i.e., hardware gates or working memory on software. The scheme is called COFB, for COmbined FeedBack. COFB uses an n-bit blockcipher as the underlying primitive, and relies on the use of a nonce for security. In addition to the state required for executing the underlying blockcipher, COFB needs only n/2 bits state as a mask. Till date, for all existing constructions in which masks have been applied, at least n bit masks have been used. Thus, we have shown the possibility of reducing the size of a mask without degrading the security level much. Moreover, it requires one blockcipher call to process one input block. We show COFB is provably secure up to O(2n/2 /n) queries which is almost up to the standard birthday bound. We also present our hardware implementation results. Experimental implementation results suggest that our proposal has a good performance and the smallest footprint among all known blockcipherbased AE. Keywords: COFB

1

· AES · Authenticated encryption · Blockcipher

Introduction

Authenticated encryption (AE) is a symmetric-key cryptographic primitive for providing both confidentiality and authenticity. Due to the recent rise in communication networks operated on small devices, the era of the so-called Internet of Things, AE is expected to play a key role in securing these networks. In this paper, we study blockcipher modes for AE with primary focus on the hardware implementation size. Here, we consider the overhead in size, thus the state memory size beyond the underlying blockcipher itself (including the key schedule) is the criteria we want to minimize. We observe this direction has not c International Association for Cryptologic Research 2017  W. Fischer and N. Homma (Eds.): CHES 2017, LNCS 10529, pp. 277–298, 2017. DOI: 10.1007/978-3-319-66787-4 14

278

A. Chakraborti et al.

received much attention until the launch of CAESAR competition (see below), while it would be relevant for future communication devices requiring ultra lowpower operations. A general approach to reduce the entire hardware size of AE modes is to use a lightweight blockcipher [15,17,25,48,49] or to use standard AES implemented in a tiny, serialized core [37], where the latter is shown to be effective for various schemes including popular CCM [5] or OCB [32] modes, as shown in [16] and [12]. Our approach is orthogonal to these directions. In this paper, we propose a new blockcipher AE mode which utilizes both plaintext and ciphertext feedback. Our proposal is called COFB for COmbined FeedBack, and we show that this enables essentially AE using the minimum amount of state memory while keeping the security level similar

Recommend Documents

Optical Imaging: How Far Can We Go

217 23 2MB

How Fast Can We Go: Abbreviated Prostate MR Protocols

183 66 393KB

How Can We Prevent Falls?

218 57 6MB

Password-authenticated searchable encryption

195 69 1012KB

Biometric-Authenticated Searchable Encryption

163 49 15MB

Authenticated Encryption with Variable Stretch

215 46 31MB

Heterogeneous Deniable Authenticated Encryption Protocol

185 52 57MB

How Can We All Be Intercultural Leaders?

197 59 9MB

Identity-Based Authenticated Encryption with Identity Confidentiality

213 87 39MB

How well can we estimate immigration trends using Google data?

236 71 1MB

How Stretchable Can We Make Thin Metal Films?

187 45 491KB

How fast can we go? The status of our knowledge of the rates of gas-liquid metal reactions

163 94 2MB