Leakage-Resilient Symmetric Encryption via Re-keying

Michel Abdalla 1 Sonia Belaid 2, 1 Pierre-Alain Fouque 1
1 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
Abstract : In the paper, we study whether it is possible to construct an efficient leakage-resilient symmetric scheme using the AES block cipher. We aim at bridging the gap between the theoretical leakage-resilient symmetric primitives used to build encryption schemes and the practical schemes that do not have any security proof against side-channel adversaries. Our goal is to construct an as efficient as possible leakage-resilient encryption scheme, but we do not want to change the cryptographic schemes already implemented. The basic idea consists in adding a leakage-resilient re-keying scheme on top of the encryption scheme and has been already suggested by Kocher to thwart differential power analysis techniques. Indeed, in such analysis, the adversary queries the encryption box and from the knowledge of the plaintext/ciphertext, she can perform a divide-and-conquer key recovery attack. The method consisting in changing the key for each or after a small number of encryption with the same key is known as re-keying. It prevents DPA adversaries but not SPA attacks which uses one single leakage trace. Here, we prove that using a leakage-resilient re-keying scheme on top of a secure encryption scheme in the standard model, leads to a leakage-resilient encryption scheme. The main advantage of the AES block cipher is that its implementations are generally heuristically-secure against SPA adversaries. This assumption is used in many concrete instantiations of leakage-resilient symmetric primitives. Consequently, if we use it and change the key for each new message block, the adversary will not be able to recover any key if the re-keying scheme is leakage-resilient. There is mainly two different techniques for re-keying scheme, either parallel or sequential, but if we want to avoid the adversary having access to many inputs/outputs, only the sequential method is possible. However, the main drawback of the latter technique is that in case of de-synchronization, many useless computations are required. In our re-keying scheme, we use ideas from the skip-list data structure to efficiently recover a specific key.
Type de document :
Communication dans un congrès
Guido Bertoni and Jean-Sébastien Coron. Cryptographic Hardware and Embedded Systems - CHES 2013, Aug 2013, Santa Barbara, United States. Springer, 8086, pp.471-488, 2013, Lecture Notes in Computer Science. 〈10.1007/978-3-642-40349-1_27〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00870955
Contributeur : Sonia Belaid <>
Soumis le : mardi 8 octobre 2013 - 14:23:37
Dernière modification le : vendredi 25 mai 2018 - 12:02:05

Lien texte intégral

Identifiants

Collections

Citation

Michel Abdalla, Sonia Belaid, Pierre-Alain Fouque. Leakage-Resilient Symmetric Encryption via Re-keying. Guido Bertoni and Jean-Sébastien Coron. Cryptographic Hardware and Embedded Systems - CHES 2013, Aug 2013, Santa Barbara, United States. Springer, 8086, pp.471-488, 2013, Lecture Notes in Computer Science. 〈10.1007/978-3-642-40349-1_27〉. 〈hal-00870955〉

Partager

Métriques

Consultations de la notice

404