Topic
Authenticated encryption
About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.
Papers published on a yearly basis
Papers
More filters
••
08 Sep 2020TL;DR: In this paper, the authors describe how by inserting a hardware trojan with low overhead in a hardware implementation of Ascon, it is possible to reduce the number of rounds of its initialization stage and perform a cube attack in order to obtain the key.
Abstract: Ascon algorithm was selected in 2019, in the CAESAR competition as the first option for lightweight applications as an alternative to AES-GCM for authenticated encryption. As with other encryption algorithms, Ascon relies on some parameters and security assumptions to guarantee its security. For example, if the number of rounds of the initialization phase of the encryption is reduced, the key can be obtained using a cube attack. In this work we describe how by inserting a hardware trojan with low overhead in a hardware implementation of Ascon, it is possible to reduce the number of rounds of its initialization stage and perform a cube attack in order to obtain the key in 94 seconds on average.
3 citations
•
3 citations
••
13 Jun 2012TL;DR: This paper motivates the need for pipelined variants of authenticated encryption modes in TEEs, describes a pipeline version of the EAX mode, and proves that it is as secure as standard, "baseline", EAX.
Abstract: Trusted execution environments (TEEs) are widely deployed both on mobile devices as well as in personal computers TEEs typically have a small amount of physically secure memory but they are not enough to realize certain algorithms, such as authenticated encryption modes, in the standard manner TEEs can however access the much larger but untrusted system memory using which "pipelined" variants of these algorithms can be realized by gradually reading input from, and/or writing output to the untrusted memory In this paper, we motivate the need for pipelined variants of authenticated encryption modes in TEEs, describe a pipelined version of the EAX mode, and prove that it is as secure as standard, "baseline", EAX We point out potential pitfalls in mapping the abstract description of a pipelined variant to concrete implementation and discuss how these can be avoided We also discuss other algorithms which can be adapted to the pipelined setting and proved correct in a similar fashion
3 citations
••
01 Sep 2018
TL;DR: This document defines several new cipher suites for the Transport Layer Security (TLS) protocol version 1.2 that are all based on the Ephemeral Elliptic Curve Diffie-Hellman with Pre-Shared Key (ECDHE_PSK) key exchange together with the Authenticated Encryption with Associated Data algorithms AES-GCM and AES- CCM.
Abstract: This document defines several new cipher suites for the Transport
Layer Security (TLS) protocol version 12 The cipher suites are all
based on the Ephemeral Elliptic Curve Diffie-Hellman with Pre-Shared
Key (ECDHE_PSK) key exchange together with the Authenticated
Encryption with Associated Data (AEAD) algorithms AES-GCM and AES-
CCM PSK provides light and efficient authentication, ECDHE provides
forward secrecy, and AES-GCM and AES-CCM provides encryption and
integrity protection
3 citations
•
TL;DR: In this paper, the authors investigate the security of the QUIC record layer, as standardized by the IETF in draft version 30, and propose a security definition for authenticated encryption with semi-implicit nonces.
Abstract: Drawing on earlier protocol-verification work, we investigate the security of the QUIC record layer, as standardized by the IETF in draft version 30. This version features major differences compared to Google’s original protocol and early IETF drafts. It serves as a useful test case for our verification methodology and toolchain, while also, hopefully, drawing attention to a little studied yet crucially important emerging standard.We model QUIC packet and header encryption, which uses a custom construction for privacy. To capture its goals, we propose a security definition for authenticated encryption with semi-implicit nonces. We show that QUIC uses an instance of a generic construction parameterized by a standard AEAD-secure scheme and a PRF-secure cipher. We formalize and verify the security of this construction in F. The proof uncovers interesting limitations of nonce confidentiality, due to the malleability of short headers and the ability to choose the number of least significant bits included in the packet counter. We propose improvements that simplify the proof and increase robustness against strong attacker models. In addition to the verified security model, we also give a concrete functional specification for the record layer, and prove that it satisfies important functionality properties (such as the correct successful decryption of encrypted packets) after fixing more errors in the draft. We then provide a high-performance implementation of the record layer that we prove to be memory safe, correct with respect to our concrete specification (inheriting its functional correctness properties), and secure with respect to our verified model. To evaluate this component, we develop a provably-safe implementation of the rest of the QUIC protocol. Our record layer achieves nearly 2 GB/s throughput, and our QUIC implementation’s performance is within 21% of an unverified baseline.
2 citations