TY - GEN
T1 - Beyond modes
T2 - 2014 Conference on Cryptographer's Track at the RSA, CT-RSA 2014
AU - Saarinen, Markku Juhani O.
PY - 2014
Y1 - 2014
N2 - BLINKER is a light-weight cryptographic suite and record protocol built from a single permutation. Its design is based on the Sponge construction used by the SHA-3 algorithm KECCAK. We examine the SpongeWrap authenticated encryption mode and expand its padding mechanism to offer explicit domain separation and enhanced security for our specific requirements: shared secret half-duplex keying, encryption, and a MAC-and-continue mode. We motivate these enhancements by showing that unlike legacy protocols, the resulting record protocol is secure against a two-channel synchronization attack while also having a significantly smaller implementation footprint. The design facilitates security proofs directly from a single cryptographic primitive (a single security assumption) rather than via idealization of multitude of algorithms, paddings and modes of operation. The protocol is also uniquely suitable for an autonomous or semi-autonomous hardware implementation of protocols where the secrets never leave the module, making it attractive for smart card and HSM designs.
AB - BLINKER is a light-weight cryptographic suite and record protocol built from a single permutation. Its design is based on the Sponge construction used by the SHA-3 algorithm KECCAK. We examine the SpongeWrap authenticated encryption mode and expand its padding mechanism to offer explicit domain separation and enhanced security for our specific requirements: shared secret half-duplex keying, encryption, and a MAC-and-continue mode. We motivate these enhancements by showing that unlike legacy protocols, the resulting record protocol is secure against a two-channel synchronization attack while also having a significantly smaller implementation footprint. The design facilitates security proofs directly from a single cryptographic primitive (a single security assumption) rather than via idealization of multitude of algorithms, paddings and modes of operation. The protocol is also uniquely suitable for an autonomous or semi-autonomous hardware implementation of protocols where the secrets never leave the module, making it attractive for smart card and HSM designs.
KW - Autonomous Hardware Encryption
KW - BLINKER
KW - Half-duplex security
KW - Lightweight Security
KW - Sponge Construction
KW - Sponge-based Protocols
UR - http://www.scopus.com/inward/record.url?scp=84901287993&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-04852-9_14
DO - 10.1007/978-3-319-04852-9_14
M3 - Conference contribution
AN - SCOPUS:84901287993
SN - 9783319048512
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 270
EP - 285
BT - Topics in Cryptology, CT-RSA 2014 - The Cryptographer's Track at the RSA Conference 2014, Proceedings
PB - Springer Verlag
Y2 - 25 February 2014 through 28 February 2014
ER -