Journal Title
Title of Journal: J Supercomput
|
Abbravation: The Journal of Supercomputing
|
|
|
|
|
Authors: Megha Agrawal Tarun Kumar Bansal Donghoon Chang Amit Kumar Chauhan Seokhie Hong Jinkeon Kang Somitra Kumar Sanadhya
Publish Date: 2016/08/22
Volume: 74, Issue: 9, Pages: 4173-4198
Abstract
The security of modern cryptosystems relies on the secrecy of the keys Against the expectation that the keys used in cryptographic algorithms are perfectly secure the keys can get compromised when implemented on physical devices Because of the computational leakages from the execution of cryptographic algorithms a variety of sidechannel measurements can lead to full breaks of the targeted physical devices Leakageresilient cryptography aims at defining leakages in a generic model and designing provably secure primitives to capture sidechannel attacks For this purpose several rekeying schemes are proposed to prevent encryption scheme from using the same key many times In this paper we propose a leakageresilient authenticated encryption scheme called Rekeying Code Book RCB that is secure against the sidechannel attacks by combining with existing rekeying schemes Our approach is to find efficient composition by combining two independent primitives authenticated encryption and rekeying schemes rather than designing new algorithms We also give the precise definitions of privacy and authenticity for authenticated encryption in a leakageresilient model and then we provide the security proofs for RCB in a leakageresilient modelTo prove this lemma we use the hybrid argument This proof goes similar to the Lemma 33 given in 32 Let F be a function family from 0 1m to 0 1n and key length be k and let m ge 1 We also let Open image in new window and let Open image in new window We construct an algorithm mathcal C mathcal A given blackbox access to an adversary mathcal C with advantage mathsf Adv mFmathrm otlrprfmathcal C and algorithm mathcal C mathcal A defines an adversary mathcal A with advantage mathsf Adv fmathrm otlrprfmathcal A ge mathsf Adv mFmathrm otlrprfmathcal C/mAdversary mathcal C given oracle f first chooses an integer Open image in new window at random Next it chooses functions Open image in new window from F uniformly and independently It sets f i to its oracle function f with leakage function L It also chooses random functions f i+1 ldots f m from mathcal R It now runs adversary mathcal A with oracles f 1 ldots f m when the query is to jth oracle it answers via g j and invokes its oracle when j = i and otherwise uses its one of the chosen functions Adversary mathcal C outputs the same answer as whatever mathcal A outputsTo choose f 1 ldots f i1 from F meant to choose randomly i 1 keys K 1 ldots K i 1 Open image in new window and reply to jth query x for j i by f jx Furthermore mathcal A cannot choose random functions Therefore whenever mathcal B asks a jth query x for j i it chooses a random string of length k if x is not queried before add to the record list and returns it else if it is already chosen then answers taken from the record listLet mathsf AE = mathsf KG E D be an authenticated encryption scheme as defined in Sect 23 Our AE scheme is composed of two parts—the rekeying scheme g and the block cipher f For the nonadaptive granular leakageresilient model our AE scheme is split into time steps which leak independently The adversary mathcal A is allowed to choose a leakage function L = L 1 L 2 with components for each of these time steps L 1 for rekeying scheme and L 2 for the block cipher Then he submit q distinct queries to his oracle For each query he gets back either the real or random output of his query with leakage which is exactly the output of the leakage function L he chose We put a restriction on adversary mathcal A that he cannot make query to rekeying oracle without asking queries to encryption oracle We show that our scheme is leakageresilient secure We organize our security proof as a sequence of games 33 We start with game G 0 as a real game We make transitions in game G 0 to convert it into the random game G n for some n We say text PrG i as the winning event that the game G i outputs 1 for i = 0 1 2 ldots
Keywords:
.
|
Other Papers In This Journal:
|