Checking the correctness of memories
SFCS '91 Proceedings of the 32nd annual symposium on Foundations of computer science
Differentially uniform mappings for cryptography
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Architectural support for copy and tamper resistant software
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Universal Hashing and Authentication Codes
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
LFSR-based Hashing and Authentication
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Caches and Hash Trees for Efficient Memory Integrity Verification
HPCA '03 Proceedings of the 9th International Symposium on High-Performance Computer Architecture
Secrecy, authentication, and public key systems.
Secrecy, authentication, and public key systems.
A parallelized way to provide data encryption and integrity checking on a processor-memory bus
Proceedings of the 43rd annual Design Automation Conference
Aegis: a single-chip secure processor
Aegis: a single-chip secure processor
Aegis: A Single-Chip Secure Processor
IEEE Design & Test
TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
How Efficient Can Memory Checking Be?
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
On efficient message authentication via block cipher design techniques
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Provably secure MACs from differentially-uniform permutations and AES-Based implementations
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Understanding two-round differentials in AES
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Parallelizable authentication trees
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Delayed-key message authentication for streams
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
| Hi-index | 0.00 |
We present ShMAC (Shallow MAC), a fixed input length message authentication code that performs most of the computation prior to the availability of the message. Specifically, ShMAC's message-dependent computation is much faster and smaller in hardware than the evaluation of a pseudorandom permutation (PRP), and can be implemented by a small shallow circuit, while its precomputation consists of one PRP evaluation. A main building block for ShMAC is the notion of strong differential uniformity (SDU), which we introduce, and which may be of independent interest. We present an efficient SDU construction built from previously considered differentially uniform functions. Our motivating application is a system where a hardware-secured processor uses memory controlled by an adversary. We present in technical detail a novel, more efficient approach to encrypting and authenticating memory and discuss the associated trade-offs, while paying special attention to minimizing hardware costs and the reduction of DRAM latency.