Improved Leakage-Resistant Authenticated Encryption based on Hardware AES Coprocessors

Authors

  • Olivier Bronchain Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium
  • Charles Momin Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium
  • Thomas Peters Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium
  • François-Xavier Standaert Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium

DOI:

https://doi.org/10.46586/tches.v2021.i3.641-676

Keywords:

Leakage-Resilient Cryptography, Authenticated Encryption, Secure Software Updates, Ciphertext Integrity, ARM Cortex, Differental Power Analysis

Abstract

We revisit Unterstein et al.’s leakage-resilient authenticated encryption scheme from CHES 2020. Its main goal is to enable secure software updates by leveraging unprotected (e.g., AES, SHA256) coprocessors available on low-end microcontrollers. We show that the design of this scheme ignores an important attack vector that can significantly reduce its security claims, and that the evaluation of its leakage-resilient PRF is quite sensitive to minor variations of its measurements, which can easily lead to security overstatements. We then describe and analyze a new mode of operation for which we propose more conservative security parameters and show that it competes with the CHES 2020 one in terms of performances. As an additional bonus, our solution relies only on AES-128 coprocessors, an

Downloads

Published

2021-07-09

Issue

Volume 2021, Issue 3

Section

Articles

License

Copyright (c) 2021 Olivier Bronchain, Charles Momin, Thomas Peters, François-Xavier Standaert

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Improved Leakage-Resistant Authenticated Encryption based on Hardware AES Coprocessors. (2021). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(3), 641-676. https://doi.org/10.46586/tches.v2021.i3.641-676