FEDT: Forkcipher-based Leakage-resilient Beyond-birthday-secure AE

Abstract

There has been a notable surge of research on leakage-resilient authenticated encryption (AE) schemes, in the bounded as well as the unbounded leakage model. The latter has garnered significant attention due to its detailed and practical orientation. Designers have commonly utilized (tweakable) block ciphers, exemplified by the TEDT scheme, achieving 𝒪 ( n − log ( n 2 ) ) -bit integrity under leakage and comparable AE security in the black-box setting. However, the privacy of TEDT was limited by n / 2 -bits under leakage; TEDT2 sought to overcome these limitations by achieving improved security with 𝒪 ( n − log n ) -bit integrity and privacy under leakage. This work introduces FEDT, an efficient leakage-resilient authenticated encryption (AE) scheme based on fork-cipher. Compared to the state-of-the-art schemes TEDT and TEDT2, which process messages with a rate of 1 / 2 block per primitive call for encryption and one for authentication, FEDT doubles their rates at the price of a different primitive. FEDT employs a more parallelizable tree-based encryption compared to its predecessors while maintaining 𝒪 ( n − log n ) -bit security for both privacy and integrity under leakage. FEDT prioritizes high throughput at the cost of increased latency. For settings where latency is important, we propose FEDT*, which combines the authentication part of FEDT with a CTR-based encryption. FEDT* offers security equivalent to FEDT while increasing the encryption rate of 4 / 3 and reducing the latency.