Sammanfattning
During recent years, research on authenticated encryption has been thriving through two highly active and practice-motivated research directions: provably secure leakage-resilience schemes and key- or context-commitment security. However, the intersection of both fields had been overlooked until very recently. In ToSC 1/2024, Struck and Weish\"aupl studied generic compositions of Encryption schemes and Message Authentication Codes for building committing leakage-resilient schemes. They showed that, in general, Encrypt-then-MAC (EtM) and MAC-then-Encrypt (MtE) are not committing while Encrypt-and-MAC (EaM) is under plausible and weak assumptions on the components. However, real-world schemes are rarely strict black-box constructions. Instead, while various leakage-resilient schemes follow blueprints inspired by generic compositions, they often tweak them for security and/or efficiency reasons.
We show that with careful selection of the underlying primitives such as equal encryption and authentication keys as well as a collision-resistant PRF as the MAC, these blueprints are committing. Our results do not contradict the results by Struck and Weishäupl since we pose more, but practically-motivated, requirements on the components. We demonstrate the practical relevance of our results by showing that our results on those blueprints allow to easily derive proofs that several state-of-the-art leakage-resilient schemes are indeed committing, including TEDT and its descendants TEDT2 and Romulus-T, as well as the single-pass scheme Triplex.
We show that with careful selection of the underlying primitives such as equal encryption and authentication keys as well as a collision-resistant PRF as the MAC, these blueprints are committing. Our results do not contradict the results by Struck and Weishäupl since we pose more, but practically-motivated, requirements on the components. We demonstrate the practical relevance of our results by showing that our results on those blueprints allow to easily derive proofs that several state-of-the-art leakage-resilient schemes are indeed committing, including TEDT and its descendants TEDT2 and Romulus-T, as well as the single-pass scheme Triplex.
Originalspråk | engelska |
---|---|
Tidskrift | IACR Transactions on Symmetric Cryptology |
Volym | 2024 |
Nummer | 2 |
DOI | |
Status | Published - 2024 juni 18 |
Ämnesklassifikation (UKÄ)
- Datavetenskap (datalogi)