Block cipher modes of operation provide a way to securely encrypt using a block cipher. The main factors in analyzing modes of operation are the level of security achieved (chosen-plaintext security, authenticated encryption, nonce-misuse resistance, and so on) and performance. When measuring the security level of a mode of operation, it does not sufice to consider asymptotics, and a concrete analysis is necessary. This is especially the case today, when encryption rates can be very high, and so birthday bounds may be approached or even reached. In this paper, we show that key-derivation at every encryption significantly improves the security bounds in many cases. We present a new key-derivation method that utilizes a truncated block cipher, and show that this is far better than standard block-cipher based key derivation. We prove that by using our key derivation method, we obtain greatly improved bounds for many modes of operation, with a result that the lifetime of a key can be significantly extended. We demonstrate this for AES-CTR (CPA-security), AESGCM (authenticated encryption) and AES-GCM-SIV (nonce-misuse resistance). Finally, we demonstrate that when using modern hardware with AES instructions (AES-NI), the performance penalty of deriving keys at each encryption is insignificant for most uses.
|Title of host publication||CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security|
|Publisher||Association for Computing Machinery|
|Number of pages||18|
|State||Published - 30 Oct 2017|
|Event||24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 - Dallas, United States|
Duration: 30 Oct 2017 → 3 Nov 2017
|Name||Proceedings of the ACM Conference on Computer and Communications Security|
|Conference||24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017|
|Period||30/10/17 → 3/11/17|
Bibliographical notePublisher Copyright:
© 2017 author(s).
ASJC Scopus subject areas
- Computer Networks and Communications