Sponge-Based Parallel Authenticated Encryption With Variable Tag Length and Side-Channel Protection

Jimale, Mohamud Ahmed and Abdullah, Nor Aniza and Kiah, Miss Laiha Mat and Idris, Mohd Yamani Idna and Z'Aba, Muhammad Reza and Jamil, Norziana and Rohmad, Mohd Saufy (2023) Sponge-Based Parallel Authenticated Encryption With Variable Tag Length and Side-Channel Protection. IEEE Access, 11. pp. 59661-59674. ISSN 2169-3536, DOI https://doi.org/10.1109/ACCESS.2023.3267161.

Full text not available from this repository.

Abstract

Authenticated Encryption (AE) protects confidentiality and integrity at the same time. The sponge construction is based on an iterated permutation or transformation that can be used to implement hashing, and AE schemes, among others. Sponge-based AE schemes offer desirable characteristics like parallelizability and incrementality. In addition, they provide security features such as protection against Chosen Plaintext Attacks, Chosen-Ciphertext Attacks, and Side-Channel Attacks (SCAs). Traditionally AE schemes assume the tag length, also called the stretch, as a fixed parameter per key, and the security is proved according to that assumption. However, the variable tag length per key could happen due to misconfiguration or misuse. In that case, the security would be violated, so it is vital to accommodate variable tag length without sacrificing other desirable features. Reyhanitabar et al. proposed Key Equivalent Separation by Stretch feature and concretized it for protection against tag length misuse attacks in block cipher-based AE schemes. However, the problem remains unresolved for sponge-based constructions, where current sponge-based schemes are vulnerable to tag length variation under the same key attacks. This work aims to bridge this gap by proposing a parallel, sponge-based AE scheme with a variable tag length per key that protects against SCAs and suggesting a lower bound for the recommended tag length. Finally, the security of the proposed scheme is discussed, and its performance is analyzed after implementing the proposed AE scheme in the C programming language.

Item Type: Article
Funders: Fundamental Research Grant Scheme (FRGS) of the Ministry of Higher Education, Malaysia (FP072-2019A) ; (FRGS/1/2019/ICT05/UM/02/1)
Uncontrolled Keywords: Authenticated encryption; integrity; message authentication code; nonce-based AE; parallel AE; privacy; side-channel attacks; sponge-based AE tag length; variable stretch
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Faculty of Computer Science & Information Technology > Department of Computer System & Technology
Depositing User: Ms. Juhaida Abd Rahim
Date Deposited: 17 Jul 2025 03:04
Last Modified: 17 Jul 2025 03:04
URI: http://eprints.um.edu.my/id/eprint/50962

Actions (login required)

View Item View Item
UM Research Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.