Improved leakage-resistant authenticated encryption based on hardware aes coprocessors

14Citations
Citations of this article
8Readers
Mendeley users who have this article in their library.

Abstract

We revisit Unterstein et al.’s leakage-resilient authenticated encryption scheme from CHES 2020. Its main goal is to enable secure software updates by leveraging unprotected (e.g., AES, SHA256) coprocessors available on low-end mi-crocontrollers. We show that the design of this scheme ignores an important attack vector that can significantly reduce its security claims, and that the evaluation of its leakage-resilient PRF is quite sensitive to minor variations of its measurements, which can easily lead to security overstatements. We then describe and analyze a new mode of operation for which we propose more conservative security parameters and show that it competes with the CHES 2020 one in terms of performances. As an additional bonus, our solution relies only on AES-128 coprocessors, and it halves the amount of key material needed in order to encrypt and authenticate.

Cite

CITATION STYLE

APA

Bronchain, O., Momin, C., Peters, T., & Standaert, F. X. (2021). Improved leakage-resistant authenticated encryption based on hardware aes coprocessors. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(3), 641–676. https://doi.org/10.46586/tches.v2021.i3.641-676

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free