Analysis and Design of Authenticated Encryption Schemes
Authentication and encryption are two intertwined technologies that help ensure data and network security. While in most peoples minds confidentiality is the primary goal of cryptography, message authentication is arguably as important. Deploying two separate primitives for the encryption and the authentication, in addition to being an inefficient solution, may not necessarily achieve the two required security goals. Authenticated Encryption (AE) schemes [efficiently provide both confidentiality and authentication simultaneously. Such schemes are applied in different cryptographic protocols such as IPsec and TLS and hence the security of many applications such as e-commerce and e-contract signing depends on the security of the underlying AE scheme. Recently, there have been a series of disastrous attacks resulting from the wrong application of confidentiality and authenticity primitives. Consequently, and following the National Institute for Standards and Technology (NIST) AES competition, the European Union eStream stream ciphers competition, and the NIST SHA-3 hash function competition, in January 2013, a new a new Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) funded by NIST was announced. The first phase of this competition started in March 2014. This public competition calls for submissions to select an authenticated cipher portfolio. While being relatively new, the competition has provided a boost to the cryptographic research community to consider the analysis and design of these AE primitives.
The objective of this proposed project is to investigate the security of the AE algorithms and related primitives such as block ciphers, dedicated hash functions and message authentication codes (MAC) schemes. An AE scheme is considered insecure if one can launch a forgery attack with time and memory complexity less than that claimed by the designers. A forgery occurs if the adversary can produce corrupted ciphertext that the receiver accepts but the legitimate sender never encrypted. Relevant to hash functions, AE schemes have a block cipher core, accordingly the goals of this project are to: (i) Apply state of the art cryptanalytic attacks to AE schemes. In particular, we plan to investigate the security of the relevant AE algorithm with respect to variations of differential attacks. Differential attacks aim to diminish the propagation of differences between two plaintexts as encryption rounds progresses, eventually producing two ciphertexts with the same authentication tag. We intend to examine how the differential attacks which has successfully been applied to a wide variety of block ciphers and hash functions can be tuned and utilized to attack various AE algorithms, (ii) Investigate the applicability of software side-channel attack models such that leaking secret data through the AE cache timing. The defence approach often leads to decline in performance and designers sometimes tend to ignore it. Side channel attacks have been successfully applied to block ciphers which support its applicability to AE algorithms, and (iii) Establish the criteria for quantifying the AE scheme resistance towards different sources of attacks, and apply this knowledge to the design of an efficient and secure AE algorithm. More precisely, we plan to provide a complete design for a secure dedicated simple and scalable AES-based AE algorithm, which is intended to operate within a constrained resource environment. Looking at the recently proposed AE algorithms, one can reveal the close relation between AE algorithms and block ciphers.
