MAC Precomputation with Applications to Secure Memory Academic Article uri icon


  • We present Shallow MAC (ShMAC), a fixed-input-length message authentication code that performs most of the computation prior to the availability of the message. Specifically, ShMACs message-dependent computation is much faster and smaller in hardware than the evaluation of a pseudorandom permutation (PRP) and can be implemented by a small shallow circuit, while its precomputation consists of one PRP evaluation. A main building block for ShMAC is the notion of strong differential uniformity (SDU), which we introduce and which may be of independent interest. We show an efficient SDU construction built from previously considered differentially uniform functions. Our main motivating application is a system architecture where a hardware-secured processor uses memory controlled by an adversary. We also present in technical detail a novel, efficient approach to encrypting and authenticating memory and discuss the associated tradeoffs, while paying special attention to minimizing hardware costs and the reduction of Dynamic Random Access Memory latency.

published proceedings

  • ACM Transactions on Privacy and Security

author list (cited authors)

  • Garay, J. A., Kolesnikov, V., & Mclellan, R.

citation count

  • 0

complete list of authors

  • Garay, Juan A||Kolesnikov, Vladimir||Mclellan, Rae

publication date

  • September 2016