[Resource Topic] 2022/1591: ISAP+: ISAP with Fast Authentication

Welcome to the resource topic for 2022/1591

Title:
ISAP+: ISAP with Fast Authentication

Authors: Arghya Bhattacharjee, Avik Chakraborti, Nilanjan Datta, Cuauhtemoc Mancillas-López, Mridul Nandi

Abstract:

This paper analyses the lightweight, sponge-based NAEAD mode \textsf{ISAP}, one of the finalists of the NIST Lightweight Cryptography (LWC) standardisation project, that achieves high-throughput with inherent protection against differential power analysis (DPA). We observe that \textsf{ISAP} requires 256-bit capacity in the authentication module to satisfy the NIST LWC security criteria. In this paper, we study the analysis carefully and observe that this is primarily due to the collision in the associated data part of the hash function which can be used in the forgery of the mode. However, the same is not applicable to the ciphertext part of the hash function because a collision in the ciphertext part does not always lead to a forgery. In this context, we define a new security notion, named \textsf{2PI+} security, which is a strictly stronger notion than the collision security, and show that the security of a class of encrypt-then-hash based MAC type of authenticated encryptions, that includes \textsf{ISAP}, reduces to the \textsf{2PI+} security of the underlying hash function used in the authentication module. Next we investigate and observe that a feed-forward variant of the generic sponge hash achieves better \textsf{2PI+} security as compared to the generic sponge hash. We use this fact to present a close variant of \textsf{ISAP}, named \textsf{ISAP+}, which is structurally similar to \textsf{ISAP}, except that it uses the feed-forward variant of the generic sponge hash in the authentication module. This improves the overall security of the mode, and hence we can set the capacity of the ciphertext part to 192 bits (to achieve a higher throughput) and yet satisfy the NIST LWC security criteria.

ePrint: https://eprint.iacr.org/2022/1591

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .