Abstract
This paper defines Spook: a sponge-based authenticated encryption with associated data algorithm. It is primarily designed to provide security against side-channel attacks at a low energy cost. For this purpose, Spook is mixing a leakage-resistant mode of operation with bitslice ciphers enabling efficient and low latency implementations. The leakage-resistant mode of operation leverages a re-keying function to prevent differential side-channel analysis, a duplex sponge construction to efficiently process the data, and a tag verification based on a Tweakable Block Cipher (TBC) providing strong data integrity guarantees in the presence of leakages. The underlying bitslice ciphers are optimized for the masking countermeasures against side-channel attacks. Spook is an efficient single-pass algorithm. It ensures state-of-the-art black box security with several prominent features: (i) nonce misuse-resilience, (ii) beyond-birthday security with respect to the TBC block size, and (iii) multi-user security at minimum cost with a public tweak. Besides the specifications and design rationale, we provide first software and hardware implementation results of (unprotected) Spook which confirm the limited overheads that the use of two primitives sharing internal components imply. We also show that the integrity of Spook with leakage, so far analyzed with unbounded leakages for the duplex sponge and a strongly protected TBC modeled as leak-free, can be proven with a much weaker unpredictability assumption for the TBC. We finally discuss external cryptanalysis results and tweaks to improve both the security margins and efficiency of Spook.
| Original language | English |
|---|---|
| Pages (from-to) | 295-349 |
| Number of pages | 55 |
| Journal | IACR Transactions on Symmetric Cryptology |
| Volume | 2020 |
| Issue number | Special Issue 1 |
| DOIs | |
| State | Published - 22 Jun 2020 |
| Externally published | Yes |
Bibliographical note
Publisher Copyright:© 2020, Ruhr-Universitat Bochum. All rights reserved.
Funding
The authors are grateful to Patrick Derbez, Paul Huynh, Virginie Lallemand, Léo Perrin, Maria Naya Plasencia and Andre Schrottenloher for sharing their analysis of Shadow and Spook and discussing tweaks. We specially thank Maria Naya Plasencia for numerous interactions. Gaëtan Cassiers, Thomas Peters and François-Xavier Standaert are respectively PhD Student, Post-Doctoral Researcher and Senior Research Associate of the Belgian Fund for Scientific Research (FNRS-F.R.S.). This work has been funded in part by European Union and the Walloon Region through the ERC Project 724725 (acronym SWORD), the FEDER Project USERMedia (convention 501907-379156), the H2020 project REASSURE and the Wallinov TRUSTEYE project. Acknowledgments. The authors are grateful to Patrick Derbez, Paul Huynh, Virginie Lallemand, Léo Perrin, Maria Naya Plasencia and Andre Schrottenloher for sharing their analysis of Shadow and Spook and discussing tweaks. We specially thank Maria Naya Plasencia for numerous interactions. Gaëtan Cassiers, Thomas Peters and François-Xavier Standaert are respectively PhD Student, Post-Doctoral Researcher and Senior Research Associate of the Belgian Fund for Scientific Research (FNRS-F.R.S.). This work has been funded in part by European Union and the Walloon Region through the ERC Project 724725 (acronym SWORD), the FEDER Project USERMedia (convention 501907-379156), the H2020 project REASSURE and the Wallinov TRUSTEYE project.
| Funders | Funder number |
|---|---|
| Horizon 2020 Framework Programme | 724725, 731591 |
| European Resuscitation Council | |
| Waalse Gewest | |
| European Commission | |
| Fonds De La Recherche Scientifique - FNRS | |
| European Regional Development Fund | 501907-379156 |
Keywords
- Authenticated encryption
- Bitslice ciphers
- Leakage-resistance
- Low energy
- Masking countermeasure
- NIST lightweight cryptography standardization effort