The low-call diet: authenticated encryption for call counting HSM users

Authors:
Mike Bond;George French;Nigel P. Smart;Gaven J. Watson
Affiliations:
Cryptomathic A/S, Cambridge, UK;Barclays Bank Plc, London, UK;University of Bristol, UK;University of Bristol, UK
Venue:
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Year:
2013

Citing 12
Cited 0

OCB: a block-cipher mode of operation for efficient authenticated encryption

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Authenticated-encryption with associated-data

Proceedings of the 9th ACM conference on Computer and communications security
MDx-MAC and Building Fast MACs from Hash Functions

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Does Encryption with Redundancy Provide Authenticity?

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Attacks on Cryptoprocessor Transaction Sets

CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
A Concrete Security Treatment of Symmetric Encryption

FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Message authentication on 64-bit architectures

SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
An introduction to security API analysis

Foundations of security analysis and design VI
The security and performance of the galois/counter mode (GCM) of operation

INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
Tag size does matter: attacks and proofs for the TLS record protocol

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a new mode of operation for obtaining authenticated encryption suited for use in environments, e.g. banking and government, where cryptographic services are only available via a Hardware Security Module (HSM) which protects the keys but offers a limited API. The practical problem is that despite the existence of better modes of operation, modern HSMs still provide nothing but a basic (unauthenticated) CBC mode of encryption, and since they mediate all access to the key, solutions must work around this. Our mode of operation makes only a single call to the HSM, yet provides a secure authenticated encryption scheme; authentication is obtained by manipulation of the plaintext being passed to the HSM via a call to an unkeyed hash function. The scheme offers a considerable performance improvement compared to more traditional authenticated encryption techniques which must be implemented using multiple calls to the HSM. Our new mode of operation is provided with a proof of security, on the assumption that the underlying block cipher used in the CBC mode is a strong pseudorandom permutation, and that the hash function is modelled as a random oracle.