Paper 2020/1019

Security of Streaming Encryption in Google's Tink Library

Viet Tung Hoang and Yaobin Shen

Abstract

We analyze the multi-user security of the streaming encryption in Google's Tink library via an extended version of the framework of nonce-based online authenticated encryption of Hoang et al. (CRYPTO'15) to support random-access decryption. We show that Tink's design choice of using random nonces and a nonce-based key-derivation function indeed improves the concrete security bound. We then give two better alternatives that are more robust against randomness failure. In addition, we show how to efficiently instantiate the key-derivation function via AES, instead of relying on HMAC-SHA256 like the current design in Tink. To accomplish this we give a multi-user analysis of the XOR-of-permutation construction of Bellare, Krovetz, and Rogaway (EUROCRYPT'98).

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. ACM CCS 2020
Keywords
Online AEstreaming encryptionGoogle's Tink library
Contact author(s)
tvhoang @ cs fsu edu
History
2020-08-27: received
Short URL
https://ia.cr/2020/1019
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1019,
      author = {Viet Tung Hoang and Yaobin Shen},
      title = {Security of Streaming Encryption in Google's Tink Library},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1019},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/1019}},
      url = {https://eprint.iacr.org/2020/1019}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.