Cryptology ePrint Archive: Report 2016/952

ISAP -- Towards Side-Channel Secure Authenticated Encryption

Christoph Dobraunig and Maria Eichlseder and Stefan Mangard and Florian Mendel and Thomas Unterluggauer

Abstract: Side-channel attacks and in particular differential power analysis (DPA) attacks pose a serious threat to cryptographic implementations. One approach to counteract such attacks are cryptographic schemes based on fresh re-keying. In settings of pre-shared secret keys, such schemes render DPA attacks infeasible by deriving session keys and by ensuring that the attacker cannot collect side-channel leakage on the session key during cryptographic operations with different inputs. While these schemes can be applied to secure standard communication settings, current re-keying approaches are unable to provide protection in settings where the same input needs to be processed multiple times.

In this work, we therefore adapt the re-keying approach and present a symmetric authenticated encryption scheme that is secure against DPA attacks and that does not have such a usage restriction. This means that our scheme fully complies with the requirements given in the CAESAR call and hence, can be used like other nonce-based authenticated encryption schemes without loss of side-channel protection. Its resistance against side-channel analysis is highly relevant for several applications in practice, like bulk storage settings in general and the protection of FPGA bitfiles and firmware images in particular.

Category / Keywords: secret-key cryptography / authenticated encryption, fresh re-keying, passive side-channel attacks, sponge construction, permutation-based construction

Original Publication (in the same form): IACR-FSE-2017

Date: received 3 Oct 2016, last revised 21 Feb 2017

Contact author: christoph dobraunig at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Version: 20170221:084218 (All versions of this report)

Short URL: ia.cr/2016/952

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]