International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Spook: Sponge-Based Leakage-Resistant Authenticated Encryption with a Masked Tweakable Block Cipher

Authors:
Davide Bellizia , ICTEAM Institute, Université catholique de Louvain, Louvain-la-Neuve, Belgium
Francesco Berti , ICTEAM Institute, Université catholique de Louvain, Louvain-la-Neuve, Belgium
Olivier Bronchain , ICTEAM Institute, Université catholique de Louvain, Louvain-la-Neuve, Belgium
Gaëtan Cassiers , ICTEAM Institute, Université catholique de Louvain, Louvain-la-Neuve, Belgium
Sébastien Duval , ICTEAM Institute, Université catholique de Louvain, Louvain-la-Neuve, Belgium
Chun Guo , School of Cyber Science and Technology and Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China
Gregor Leander , Ruhr-Universität Bochum, Bochum, Germany
Gaëtan Leurent , Team SECRET, Inria Paris Research Center, Paris, France
Itamar Levi , ICTEAM Institute, Université catholique de Louvain, Louvain-la-Neuve, Belgium
Charles Momin , ICTEAM Institute, Université catholique de Louvain, Louvain-la-Neuve, Belgium
Olivier Pereira , ICTEAM Institute, Université catholique de Louvain, Louvain-la-Neuve, Belgium
Thomas Peters , ICTEAM Institute, Université catholique de Louvain, Louvain-la-Neuve, Belgium
François-Xavier Standaert , ICTEAM Institute, Université catholique de Louvain, Louvain-la-Neuve, Belgium
Balazs Udvarhelyi , ICTEAM Institute, Université catholique de Louvain, Louvain-la-Neuve, Belgium
Friedrich Wiemer , Ruhr-Universität Bochum, Bochum, Germany
Download:
DOI: 10.13154/tosc.v2020.iS1.295-349
URL: https://tosc.iacr.org/index.php/ToSC/article/view/8623
Search ePrint
Search Google
Abstract: This paper defines Spook: a sponge-based authenticated encryption with associated data algorithm. It is primarily designed to provide security against side-channel attacks at a low energy cost. For this purpose, Spook is mixing a leakageresistant mode of operation with bitslice ciphers enabling efficient and low latency implementations. The leakage-resistant mode of operation leverages a re-keying function to prevent differential side-channel analysis, a duplex sponge construction to efficiently process the data, and a tag verification based on a Tweakable Block Cipher (TBC) providing strong data integrity guarantees in the presence of leakages. The underlying bitslice ciphers are optimized for the masking countermeasures against side-channel attacks. Spook is an efficient single-pass algorithm. It ensures state-of-the-art black box security with several prominent features: (i) nonce misuse-resilience, (ii) beyond-birthday security with respect to the TBC block size, and (iii) multiuser security at minimum cost with a public tweak. Besides the specifications and design rationale, we provide first software and hardware implementation results of (unprotected) Spook which confirm the limited overheads that the use of two primitives sharing internal components imply. We also show that the integrity of Spook with leakage, so far analyzed with unbounded leakages for the duplex sponge and a strongly protected TBC modeled as leak-free, can be proven with a much weaker unpredictability assumption for the TBC. We finally discuss external cryptanalysis results and tweaks to improve both the security margins and efficiency of Spook.
BibTeX
@article{tosc-2020-30516,
  title={Spook: Sponge-Based Leakage-Resistant Authenticated Encryption with a Masked Tweakable Block Cipher},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2020, Special Issue 1},
  pages={295-349},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/8623},
  doi={10.13154/tosc.v2020.iS1.295-349},
  author={Davide Bellizia and Francesco Berti and Olivier Bronchain and Gaëtan Cassiers and Sébastien Duval and Chun Guo and Gregor Leander and Gaëtan Leurent and Itamar Levi and Charles Momin and Olivier Pereira and Thomas Peters and François-Xavier Standaert and Balazs Udvarhelyi and Friedrich Wiemer},
  year=2020
}