	US 11,706,015 B2
	Side channel timing attack mitigation in securing data in transit
Adam Markowitz, Santa Cruz, CA (US)
Assigned to Google LLC, Mountain View, CA (US)
Filed by Google LLC, Mountain View, CA (US)
Filed on Oct. 27, 2021, as Appl. No. 17/452,412.
Application 17/452,412 is a continuation of application No. 16/362,675, filed on Mar. 24, 2019, granted, now 11,177,933.
Prior Publication US 2022/0052833 A1, Feb. 17, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/00 (2022.01); H04L 9/08 (2006.01); H04L 9/06 (2006.01); H04L 9/32 (2006.01)

CPC H04L 9/003 (2013.01) [H04L 9/0618 (2013.01); H04L 9/0844 (2013.01); H04L 9/3242 (2013.01)]

20 Claims

1. A computer-implemented method for side-channel attack mitigation in streaming encryption, the method when executed by data processing hardware causes the data processing hardware to perform operations comprising:

reading an input stream into a decryption process;

extracting from the input stream:

an encryption envelope having a wrapped key;

a cipher text; and

a first message authentication code (MAC);

generating a second MAC using the wrapped key of the encryption envelope; and

performing decryption of the cipher text in constant time by:

determining whether the encryption envelope is authentic by comparing the first MAC extracted from the encryption envelope and the second MAC generated using the wrapped key;

when the encryption envelope is authentic, generating an authenticated decryption of the cipher text using the wrapped key of the encryption envelope; and

wherein performing decryption of the cipher text in constant time indicates whether the wrapped key is an actual key that generated the cipher text of the encryption envelope.