Post-Quantum Authenticated Encryption against Chosen-Ciphertext Side-Channel Attacks
نویسندگان
چکیده
Over the last years, side-channel analysis of Post-Quantum Cryptography (PQC) candidates in NIST standardization initiative has received increased attention. In particular, it been shown that some post-quantum Key Encapsulation Mechanisms (KEMs) are vulnerable to Chosen-Ciphertext Side-Channel Attacks (CC-SCA). These powerful attacks target re-encryption step Fujisaki-Okamoto (FO) transform, which is commonly used achieve CCA security such schemes. To sufficiently protect PQC KEMs on embedded devices against a CC-SCA, masking at increasingly higher order required, induces considerable overhead. this work, we propose use conceptually simple construction, ΕtS KEM, alleviates impact CC-SCA. It uses Encrypt-then-Sign (EtS) paradigm introduced by Zheng ISW ’97 and further analyzed An, Dodis Rabin EUROCRYPT ’02, instantiates postquantum authenticated KEM outsider-security model. While construction generic, apply CRYSTALS-Kyber relying CRYSTALSDilithium Falcon signature We show CC-SCA-protected EtS version requires less than 10% cycles required for FO-based cost additional data/communication additionally protecting fault injection attacks, necessarily due added verification, remains negligible compared large FO transform orders. Lastly, discuss relevant cases our construction.
منابع مشابه
Homomorphic Authenticated Encryption Secure against Chosen-Ciphertext Attack
We study homomorphic authenticated encryption, where privacy and authenticity of data are protected simultaneously. We define homomorphic versions of various security notions for privacy and authenticity, and investigate relations between them. In particular, we show that it is possible to give a natural definition of IND-CCA for homomorphic authenticated encryption, unlike the case of homomorp...
متن کاملISAP - Authenticated Encryption Inherently Secure Against Passive Side-Channel Attacks
Side-channel attacks and in particular differential power analysis (DPA) attacks pose a serious threat to cryptographic implementations. One approach to counteract such attacks are cryptographic schemes based on fresh re-keying. In settings of pre-shared secret keys, such schemes render DPA infeasible by deriving session keys and by ensuring that the attacker cannot collect side-channel leakage...
متن کاملID-based Encryption Scheme Secure against Chosen Ciphertext Attacks
ID-based encryption allows for a sender to encrypt a message to an identity without access to a public key certificate. Based on the bilinear pairing, Boneh and Franklin proposed the first practical IDbased encryption scheme and used the padding technique of FujisakiOkamto to extend it to be a chosen ciphertext secure version. In this letter, we would like to use another padding technique to pr...
متن کاملChosen-Ciphertext Attacks Against MOSQUITO
Self-Synchronizing Stream Ciphers (SSSC) are a particular class of symmetric encryption algorithms, such that the resynchronization is automatic, in case of error during the transmission of the ciphertext. In this paper, we extend the scope of chosen-ciphertext attacks against SSSC. Previous work in this area include the cryptanalysis of dedicated constructions, like KNOT, HBB or SSS. We go fur...
متن کاملEncryption Schemes Secure against Chosen-Ciphertext Selective Opening Attacks
Imagine many small devices send data to a single receiver, encrypted using the receiver’s public key. Assume an adversary that has the power to adaptively corrupt a subset of these devices. Given the information obtained from these corruptions, do the ciphertexts from uncorrupted devices remain secure? Recent results suggest that conventional security notions for encryption schemes (like IND-CC...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IACR transactions on cryptographic hardware and embedded systems
سال: 2022
ISSN: ['2569-2925']
DOI: https://doi.org/10.46586/tches.v2022.i4.372-396