Sage Journals: Discover world-class research

Abstract

Authentication Encryption with Associated Data (AEAD) is a scheme that preserves the integrity of both the cipher text and authenticated data. In AEAD, cipher suites like GCM_SIV and AES_GCM_SIV provides the message integrity through nonce-based authentication encryption technique. The problem of nonce-based authentication encryption is the repetition of nonce in two different messages that violates message integrity property when the number of message blocks is maximized to 2³². This paper verifies the maximum limit of nonce usefulness and proves better security bounds attained in GCM_SIV and AES_GCM_SIV using nonce-reuse/misuse resistance authentication encryption (NRMR-AE) technique. The NRMR-AE resistance property achieves better security bounds and performance even when the nonces are repeated in different messages. But nonce repetition in NRMR-AE property reduces the number of message encryption and message length (in blocks) in GCM_SIV and AES_GCM_SIV AEAD methods used in QUIC(Quick UDP Internet Communications) and TLS Cipher suites which is found to be a greater drawback. This paper increases the number of messages encrypted even with maximum number of nonce repetition ensuring that the message length in AES_GCM_SIV meets the standard NIST bound 2^-32.

Get full access to this article

View all access options for this article.

References

Mennink

Bart

and Neves

Samuel

, Optimal PRFs from Blockcipher Designs. IACR Transactions on Symmetric Cryptology, ISSN 2519-173X 2017(3), 228–252.

Bellare

and Impagliazzo

, A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion. Cryptology ePrint Archive, Report 1999/024, 1999. http://eprint.iacr.org/1999/024.

Chanathip Namprempre, Phillip Rogaway, and Thomas Shrimpton. Reconsidering Generic Composition. In Phong Q. Nguyen and Elisabeth Oswald, editors, Advances in Cryptology – EUROCRYPT 2014, volume 8441 of LNCS, pages 257–274. Springer, 2014.

Dworkin

, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, Nov. 2007. http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf

Gueron

and Lindell

, GCM-SIV: Full nonce misuse-resistantauthenticated encryption at under one cycle per byte. https://eprint.iacr.org/2015/102.pdf.

Gueron

, Langley

and Lindell.

, AES-GCM-SIV: Special citation and Analysis, Cryptology ePrint Archive, Report 2 017/168, 2017. http://eprint.iacr.org/2017/168.

Gilboa

and Gueron

, Distinguishing a truncated random permutation from a random function. Cryptology ePrint Archive, Report 2015/773, 2015. http://eprint.iacr.org/2015/773.

Gueron

, Langley

and Lindell

, AES-GCM-SIV: Specification and analysis. Cryptology ePrint Archive, Report 2017/168, 2017. http://eprint.iacr.org/2017/168.

Böck

Hanno

, Zauner

Aaron

, Devlin

Sean

, Somorovsky

Juraj

and Jovanovic

Philipp

, Nonce-Disrespecting Adversaries: PracticalForgery Attacks on GCM in TLS, https://eprint.iacr.org/2016/475.pdf.

10.

Harkins

, Synthetic Initialization Vector (SIV) Authenticated En-cryption Using the Advanced Encryption Standard (AES). RFC 5297(Informational), Oct. 2008. https://tools.ietf.org/html/rfc5297.

11.

Iwata

and Seurin

, Reconsidering the security bound of AES-GCM-SIV.IACR Trans, Symm. Cryptol2017(4) (2017), 240–267.

12.

Iwata

, New blockcipher modes of operation with beyond the birthday bound security. In M. J. B. Robshaw, editor, FSE 2006, volume 4047 of LNCS, pages 310–327. Springer, Heidelberg, Mar. 2006.

13.

Joux.:Authentication Failures in NIST version of GCM. 2006. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/800-38Series-Drafts/GCM/Jouxcomments.pdf.

14.

Salowey

Joseph

, Choudhury

Abhijit

and McGrew

David A.

, AES Galois Counter Mode (GCM) Cipher Suites for TLS. IETF RFC 5288, 2008.

15.

McGrew

D.A.

and Viega

, The Security and Performance of the Galois/Counter Mode (GCM) of Operation. In INDOCRYPT 2004, Springer (LNCS 3348), pages 343–355, 2004.

16.

McGrew

and Bailey

, “AES-CCM Cipher Suites for Transport Layer Security (TLS)”, RFC 6655, DOI 10.17487/RFC6655, July 2012. https://www.rfc-editor.org/info/rfc6655.

17.

Rogaway

and Shrimpton

, The SIV Mode of Operation for Deterministic Authenticated-Encryption (Key Wrap) and MisuseResistant Nonce-Based Authenticated-Encryption. Availablefrom http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/siv/siv.pdf (2007).

18.

Gilboa

Shoni

, Gueron

Shay

and Morris

Ben

, How many queries are needed to distinguish atruncated random permutation from a random function?Journal of Cryptology31(1) (2018), 162–171.

19.

Krovetz

Ted

, Philip Rogaway. The Software Performance of Authenticated-Encryption Modes. Pages 306–327, Springer-Verlag, 2011.

20.

Iwata

Tetsu

and Minematsu

Kazuhiko

, Stronger Security Variants of GCM-SIV. IACR Trans, Symmetric Cryptol2016(1) (2016), 134–157.

21.

Ashur

Tomer

, Dunkelman

Orr

and Luykx

Atul

, Boosting Authenticated Encryption Robustness With Minimal Modifications,Annual International Cryptology Conference, Advances in Cryptology – CRYPTO 2017 pp. 3–33.

22.

QUIC, a multiplexed stream transport over UDP. https://www.chromium.org/quic.

23.

Roskind

Jim

, Quick UDP internet connections: Multiplexed stream transport over UDP, 2012. https://docs.google.com/document/d/1RNHkx_VvKWyWg6Lr8SZ-saqsQx7rFVev2jRFUoVD34/edit.

24.

Roskind

Jim

, Experimenting with QUIC. The Chromium Blog, 2013. http://blog.chromium.org/2013/06/experimenting-with-quic.html.

25.

Gilboa

and Gueron

, The Advantage of Truncated Permutations. Manuscript, 2016. https://arxiv.org/abs/1610.02518.

26.

Iwata

, Ohashi

and Minematsu

, Breaking and repairing GCM security proofs. In R. Safavi- Naini and R. Canetti, editors, CRYPTO 2012, volume 7417 of LNCS, pages 31–49. Springer, Heidelberg, Aug. 2012.

Nonce reuse/misuse resistance authentication encryption schemes for modern TLS cipher suites and QUIC based web servers

Abstract

Get full access to this article

References