Better bounds for block cipher modes of operation via nonce-based key derivation

Shay Gueron, Yehuda Lindell

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

16 Scopus citations

Abstract

Block cipher modes of operation provide a way to securely encrypt using a block cipher. The main factors in analyzing modes of operation are the level of security achieved (chosen-plaintext security, authenticated encryption, nonce-misuse resistance, and so on) and performance. When measuring the security level of a mode of operation, it does not sufice to consider asymptotics, and a concrete analysis is necessary. This is especially the case today, when encryption rates can be very high, and so birthday bounds may be approached or even reached. In this paper, we show that key-derivation at every encryption significantly improves the security bounds in many cases. We present a new key-derivation method that utilizes a truncated block cipher, and show that this is far better than standard block-cipher based key derivation. We prove that by using our key derivation method, we obtain greatly improved bounds for many modes of operation, with a result that the lifetime of a key can be significantly extended. We demonstrate this for AES-CTR (CPA-security), AESGCM (authenticated encryption) and AES-GCM-SIV (nonce-misuse resistance). Finally, we demonstrate that when using modern hardware with AES instructions (AES-NI), the performance penalty of deriving keys at each encryption is insignificant for most uses.

Original languageEnglish
Title of host publicationCCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages1019-1036
Number of pages18
ISBN (Electronic)9781450349468
DOIs
StatePublished - 30 Oct 2017
Event24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 - Dallas, United States
Duration: 30 Oct 20173 Nov 2017

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
Country/TerritoryUnited States
CityDallas
Period30/10/173/11/17

Bibliographical note

Publisher Copyright:
© 2017 author(s).

Funding

FundersFunder number
Horizon 2020 Framework Programme645622

    Fingerprint

    Dive into the research topics of 'Better bounds for block cipher modes of operation via nonce-based key derivation'. Together they form a unique fingerprint.

    Cite this