Degabriele, Jean Paul ; Govinden, Jérôme ; Günther, Felix ; Paterson, Kenneth G. (2021)
The Security of ChaCha20-Poly1305 in the Multi-User Setting.
27th ACM Conference on Computer and Communications Security. virtual Conference (15.11.2021-19.11.2021)
doi: 10.1145/3460120.3484814
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
The ChaCha20-Poly1305 AEAD scheme is being increasingly widely deployed in practice. Practitioners need proven security bounds in order to set data limits and rekeying intervals for the scheme. But the formal security analysis of ChaCha20-Poly1305 currently lags behind that of AES-GCM. The only extant analysis (Procter, 2014) contains a flaw and is only for the single-user setting. We rectify this situation. We prove a multi-user security bound on the AEAD security of ChaCha20-Poly1305 and establish the tightness of each term in our bound through matching attacks. We show how our bound differs both qualitatively and quantitatively from the known bounds for AES-GCM, highlighting how subtle design choices lead to distinctive security properties. We translate our bound to the nonce-randomized setting employed in TLS 1.3 and elsewhere, and we additionally improve the corresponding security bounds for GCM. Finally, we provide a simple yet stronger variant of ChaCha20-Poly1305 that addresses the deficiencies highlighted by our analysis.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2021 |
| Autor(en): | Degabriele, Jean Paul ; Govinden, Jérôme ; Günther, Felix ; Paterson, Kenneth G. |
| Art des Eintrags: | Bibliographie |
| Titel: | The Security of ChaCha20-Poly1305 in the Multi-User Setting |
| Sprache: | Englisch |
| Publikationsjahr: | 13 November 2021 |
| Verlag: | ACM |
| Buchtitel: | CCS´21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security |
| Veranstaltungstitel: | 27th ACM Conference on Computer and Communications Security |
| Veranstaltungsort: | virtual Conference |
| Veranstaltungsdatum: | 15.11.2021-19.11.2021 |
| DOI: | 10.1145/3460120.3484814 |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | The ChaCha20-Poly1305 AEAD scheme is being increasingly widely deployed in practice. Practitioners need proven security bounds in order to set data limits and rekeying intervals for the scheme. But the formal security analysis of ChaCha20-Poly1305 currently lags behind that of AES-GCM. The only extant analysis (Procter, 2014) contains a flaw and is only for the single-user setting. We rectify this situation. We prove a multi-user security bound on the AEAD security of ChaCha20-Poly1305 and establish the tightness of each term in our bound through matching attacks. We show how our bound differs both qualitatively and quantitatively from the known bounds for AES-GCM, highlighting how subtle design choices lead to distinctive security properties. We translate our bound to the nonce-randomized setting employed in TLS 1.3 and elsewhere, and we additionally improve the corresponding security bounds for GCM. Finally, we provide a simple yet stronger variant of ChaCha20-Poly1305 that addresses the deficiencies highlighted by our analysis. |
| Freie Schlagworte: | nonce randomization, GCM, ChaCha20-Poly1305, TLS 1.3, tight security, AEAD, multi-user security |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Kryptographie und Komplexitätstheorie Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy |
| Hinterlegungsdatum: | 17 Aug 2023 07:40 |
| Letzte Änderung: | 17 Aug 2023 07:40 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum