Lightweight Authenticated Encryption Mode of Operation for - - PowerPoint PPT Presentation

SLIDE 1

Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers

Yusuke Naito* and Takeshi Sugawara**

*Mitsubishi Electric Corporation **The University of Electro-Communications

Workshop on Cryptographic Hardware and Embedded Systems (CHES 2020)

SLIDE 2

Our New Design: PFB (Plaintext Feedback) Mode

• Key features
• 64-bit security with a 64-bit tweakable block cipher (the beyond-the-birthday-bound security)
• Low memory usage with threshold implementation (TI)
• By replacing a non-linearly updated 64-bit state into a public tweak

1 Overview Previous work

Without TI With TI State Key

This work

State Key

= 256

128 128 x3

= 256 = 640 = 512

Tweak 128 64 64 x2 x3 x2 x1

SLIDE 3

Lightweight Cryptography

• Security for resource-constrained IoT devices
• Lightweight block ciphers
• Standardization
• 64-bit primitives are popular
• Memory (register) is a bottleneck in hardware implementation
• 4-bit S-box: 20--40 gates
• 128-bit register: 600--900 gates

2 Background

SLIDE 4

Lightweight Authenticated Encryption (AE)

• NIST is running a competition (LWC) for choosing a lightweight AE
• Optimizing the mode of operation for lightweight implementation
• Only 32-bit security when combined with a mode of operation with the birthday-

bound security, which is subject to a practical attack**

3 Background

State Key Additional states for tag generation AES GCM AES SAEB* We are hitting the limit: these 256 bits are necessary for running AES

*Y. Naito, M. Matsui, T. Sugawara, and D. Suzuki, “SAEB: A Lightweight Blockcipher-Based AEAD Mode of Operation,” CHES 2018.

128 128 128 128 128 128

** K. Bhargavan, G. Leurent "On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN", CCS2016.

SLIDE 5

Lightweight + SCA Resistance

• Resource-constrained devices are used in a hostile environment in which

side-channel attack (SCA) is a serious threat

• SCA protection in resource-constrained devices is even more challenging
• Lightweight cryptography that enable efficient SCA countermeasure is a

new frontier of research, e.g., TI-friendly S-box and SCREAM

4 Background

SLIDE 6

(1st order) Threshold Implementation

• Encode a sensitive value as a share, and implement crypto while preserving the shared

representation

• Efficiency provides security in the presence of glitches
• Multiplies the memory cost!

5 Background

xa xb xc a b c Xa Xb Xc

Input share (𝒚𝒃, 𝒚𝒄, 𝒚𝒅)

• X

x

Output share (𝒀𝒃, 𝒀𝒄, 𝒀𝒅)

𝜔! 𝜔" 𝜔# 𝜔

satisfying 𝒚𝒃 ⊕ 𝒚𝒄 ⊕ 𝒚𝒅 = 𝒚 satisfying 𝒀𝒃 ⊕ 𝒀𝒄 ⊕ 𝒀𝒅 = 𝒀

SLIDE 7

Reduce the Size of Non-Linearly Updated State

• Low memory usage with threshold implementation (TI)
• Challenge: birthday-bound security
• We use a tweakable block cipher (TBC) to efficiently achieve the beyond-the-

birthday-bound security, i.e., 64-bit security with a 64-bit primitive

6 Our approach SAEB AES

Without TI With TI State Key

This work

State Key

= 256

128 128 x3

= 256 = 640 = 512

Tweak 128 64 64 x2 x3 x2 x1

SLIDE 8

New Mode of Operation PFB (Plaintext Feedback)

• A nonce-based authenticated encryption with associated data using TBC
• Provides the beyond-the-birthday-bound security: security level = block length
• Based on iCOFB (Chakraborti et al. CHES2017) with several improvements:
• Adding associate-data processing
• Supporting arbitrary-length message
• Giving a new proof for a tighter security bound
• Hardware performance evaluation with TI

7 Contribution

x,N,1 ~

EK

M1 C1 H

Enc

Y1

x,N,l-1 ~

EK

Ml-1 Cl-1 Yl-1 Xl-1

x,N,l

~ EK

Ml Cl Yl Xl T ⊕

x,N,2 ~

EK

M2 C2 Y2 X2 ⊕ ⊕ ⊕

msb|M*|

• zp

⊕

~ EK

S

y,N,l

msbt

Plaintext M Ciphertext C Tag

SLIDE 9

Tweakable block cipher

• An extension of a block cipher with the third input called tweak
• We get an independent random permutation for each tweak, i.e., efficient

rekeying

8 Preliminary

EK

Message m Ciphertext c

EK

Message m Ciphertext c Tweak t

Block cipher Tweakable block cipher

~

SLIDE 10

Tweakable block cipher SKINNY

• A popular lightweight TBC
• Tweakey framework: no discrimination between the key and tweak

9 Preliminary f1 f2 f3

Round 2

f1 f2 f3

Round 1 Message m TK1 TK2 TK3

Tweakey: tweak or key Tweakey schedule: independent between TKs

Beierle et al., “The SKINNY Family of Block Ciphers and Its Low-Latency Variant MANTIS,” In CRYPTO 2016.

SLIDE 11

PFB

10 Proposed Method

x,N,1 ~

EK

M1 C1 H

Enc

Y1

x,N,l-1 ~

EK

Ml-1 Cl-1 Yl-1 Xl-1

x,N,l

~ EK

Ml Cl Yl Xl T

x,N,1

~ EK

M1 C1 H

Dec

Y1

x,N,2

~ EK

M2 C2 Y2 X2

x,N,l-1

~ EK

Ml-1 Cl-1 Yl-1 Xl-1

x,N,l

~ EK

Ml Cl Yl Xl ⊕

x,N,2 ~

EK

M2 C2 Y2 X2 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕

• zp

msb|M*| msb|Cl|

• zp

⊕

~ EK

S

y,N,l

T = T

?

^ msbt

~ EK

S

y,N,l

msbt

A1 0b

Hash

1,0n,2

~ EK

A3 V2

1,0n,1

~ EK

A2 V1

1,0n,a

~ EK

V

a

• zp(Aa)

H ⊕ ⊕ ⊕ ⊕

Associated Data A Plaintext M Ciphertext C Tag Plaintext M Ciphertext C

SLIDE 12

PFB cont.

• Memory for running a TDC is sufficient for the entire PFB operation.
• Tweak contains public parameters: a constant, nonce, and counter

11 Proposed Method

x, N, l-1 Ml-1 Cl-1 Xl-1 EK

~ Small constant Nonce Counter 64 64 Public tweak State Key

= 256 = 512

Tweak 128 64 64 x3 x2 x1 Without TI With TI Memory size

SLIDE 13

Security of PFB

• Target: b-bit security with the b-bit block length
• Assumption
• TBC as a TRP (Tweakable Random Permutation)
• Nonce respect setting (i.e., no nonce misuse)
• Privacy
• Game: distinguishing a ciphertext from a random sequence
• PFB achieves perfect security
• Authenticity
• Game: forging a valid tag with the query access to the decryption oracle
• A successful attack needs 2b decryption queries, i.e., PFB achieves b-bit security

12 Proposed Method

SLIDE 14

Proof sketch for privacy

• 1. No repeated tweak in encryption
• ∵ the (non-repeated) nonce and a counter
• 2. TBC’s output Y1,Y2,...,T are random and independent by the TRP

assumption

• 3. We cannot distinguish the ciphertexts and tag from a random string,

i.e., achieves perfect security

13 Proposed Method

x,N,1 ~

EK

M1 C1 H

Enc

Y1

x,N,l-1 ~

EK

Ml-1 Cl-1 Yl-1 Xl-1

x,N,l

~ EK

Ml Cl Yl Xl T ⊕

x,N,2 ~

EK

M2 C2 Y2 X2 ⊕ ⊕ ⊕

msb|M*|

• zp

⊕

~ EK

S

y,N,l

msbt

Plaintext M Ciphertext C Tag

SLIDE 15

Proof sketch for authenticity

• We consider two attack cases
• Attack case #1: guessing the tag in PFB’s decryption
• The success probability is roughly 1/2b for each query because the tag is almost

randomly chosen

• The probability Pr[#1] ≦ O(qD/2b) with qD queries to the Decryption oracle

14 Proposed Method

SLIDE 16

Proof sketch for authenticity cont.

• Attack case #2: exploiting the collision in the PFB states
• A collision in between the Enc and Dec states with the same nonce results in a collision of the tag,

i.e., successful tag forgery

• The probability to observe a collision is 1/2b, so Pr[#2] ≦ O(qD/2b) with qD Decryption queries

15 Proposed Method

H

Enc

M1 C1

⊕ x,N,1

M2 C2

⊕ x,N,2

X2 M3 C3

⊕ x,N,3

X3 Ml Cl

⊕ x,N,l

Xl T

y,N,l

S

Dec

H' M'1 C'1

⊕ x,N,1

M'2 C'2

⊕ x,N,2

X'2 M3 C3

⊕ x,N,3

X3 Ml Cl

⊕ x,N,l

Xl T

y,N,l

S

Collision Collision Collision Collision

SLIDE 17

Hardware architecture

• PFB with SKINNY-64-192 (a variant with

64-bit block and 192-bit tweakey)

• A serial SKINNY architecture with 4-bit

datapath

• The mode of operation is a thin wrapper:

with the MUX, XOR, AND gates

• Heterogeneous number of shares
• Green: 1-share (public)
• Red: 2-share (linear secret)
• Others: 3-share (nonlinear secret)

16 Performance Evaluation

g RC gen. State array TK3 array TK2 array TK1 array TK1 input TK2 input Tweak input id 3 4 4 4 4 4 Tweakey array A/M/C SKINNY C/M/T 4

SLIDE 18

Comparing memory sizes

• We traded a 64-bit non-linear state with a 64-bit public tweak
• The proposed method saves 128 bits with TI

17 Performance Evaluation Previous work: SAEB w/ GIFT-128 This work: PFB w/ Skinny-64-192

Without TI With TI State Key State Key

= 256

128 128 x3

= 256 = 640 = 512

Tweak 128 64 64 x2 x3 x2 x1

SLIDE 19

Hardware performance comparison w/ 3-share TI

• Smaller circuit area compared with the state-of-the-art: SAEB with GIFT-128
• Advantage over sponge-based schemes
• Key/tweak use the smaller number of shares

18 Performance Evaluation Ref. Scheme Circuit Area /GE This work PFB/Skinny-64 5,858 This work SAEB/GIFT-128 6,229 Groß et al.* Ascon w/o IF 7,970 Groß et al.* Ascon w IF 9,190 Arribas et al.** Ketje-JR 18,335

Previous AE implementations with TI Proposed method A 128-bit block cipher-based scheme implemented with the same design policy

[1] Groß et al., “Suit up! - Made-to-Measure Hardware Implementations of ASCON,” DSD 2015. [2] Arribas et al., “Guards in Action: First- Order SCA Secure Implementations of Ketje Without Additional Randomness,” DSD 2018.

SLIDE 20

Further improvement for 128-bit security*

• Further reducing the non-linearly updated state
• PFB_Plus that satisfy 2b-bit security for the b-bit blockcipher
• 128-bit security with a 64-bit TBC; even more efficient with TI

19 Discussion

*Y. Naito, Y. Sasaki, and T. Sugawara, “Lightweight Authenticated Encryption Mode Suitable for Threshold Implementation,” EUROCRYPT 2020

PFB w/ 128-bit TBC

Without TI With TI State Tweak

PFB_Plus* w/ 64-bit TBC

Extra

SAEB w/ 256-bit BC

State Key Key State Tweak Key

1024 768 704

SLIDE 21

Conclusion

• PFB: plaintext feedback mode
• Provides the beyond-the-birthday bound security, i.e., 64-bit security

with a 64-bit primitive

• Low memory usage with threshold implementation (TI)
• Achieves the smallest circuit area in hardware implementation
• TI-friendly mode of operation
• Further improvement: PFB_Plus
• The heterogeneity between state/key/tweak (cf. homogeneity in

permutation-based schemes) leads to a better performance with TI

20

SLIDE 22

21

Questions? Thank you for watching!