Date de l'exposé : 14 novembre 2014
SCREAM/iSCREAM: Side-Channel Resistant Authenticated Encryption withMasking.In this talk, I will describe the family of authenticated encryption (with associated data) algorithms SCREAM and iSCREAM. They are based on Liskov et al.'s Tweakable Authenticated Encryption (TAE) mode with the new tweakable block ciphers Scream and iScream. The main desirable features of SCREAM and iSCREAM are: * A simple and regular design allowing excellent performances on a wide range of architectures, in particular if masking is implemented as a side-channel countermeasure; * Inheriting from TAE, security beyond the birthday bound, i.e. a 128-bit security guarantee with up to 2128 bits of data processed with the same 128-bit key; * Low overheads for the authentication mode (e.g. no extra cipher calls to generate masks); * Fully parallelisable authenticated encryption with minimal ciphertext length. In addition, iSCREAM allows compact implementations for combined encryption and decryption, by taking advantage of involutive components in its underlying cipher iScream.