Paper 2013/292

A Leakage Resilient MAC

Daniel P. Martin, Elisabeth Oswald, Martijn Stam, and Marcin Wojcik

Abstract

We put forward the first practical message authentication code (MAC) which is provably secure against continuous leakage under the Only Computation Leaks Information (OCLI) assumption. Within the context of continuous leakage, we introduce a novel modular proof technique: while most previous schemes are proven secure directly in the face of leakage, we reduce the (leakage) security of our scheme to its non-leakage security. This modularity, while known in other contexts, has two advantages: it makes it clearer which parts of the proof rely on which assumptions (i.e. whether a given assumption is needed for the leakage or the non- leakage security) and it also means that, if the security of the non-leakage version is improved, the security in the face of leakage is improved ‘for free’. We conclude the paper by discussing implementations; one on a popular core for embedded systems (the ARM Cortex-M4) and one on a high end processor (Intel i7), and investigate some performance and security aspects.

Note: Added results after implementing the scheme

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. 15th International Conference on Cryptography and Coding
Keywords
Leakage ResilienceMessage Authentication CodeProvable SecuritySide ChannelsImple- mentation
Contact author(s)
Elisabeth Oswald @ bristol ac uk
History
2015-09-09: last of 3 revisions
2013-05-23: received
See all versions
Short URL
https://ia.cr/2013/292
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/292,
      author = {Daniel P.  Martin and Elisabeth Oswald and Martijn Stam and Marcin Wojcik},
      title = {A Leakage Resilient MAC},
      howpublished = {Cryptology ePrint Archive, Paper 2013/292},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/292}},
      url = {https://eprint.iacr.org/2013/292}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.