Cryptology ePrint Archive: Report 2016/996

Leakage-Resilient and Misuse-Resistant Authenticated Encryption

Francesco Berti and François Koeune and Olivier Pereira and Thomas Peters and François-Xavier Standaert

Abstract: Leakage-resilience and misuse-resistance are two important properties for the deployment of authenticated encryption schemes. They aim at mitigating the impact of implementation flaws due to side-channel leakages and misused randomness. In this paper, we discuss their interactions and incompatibilities.

For this purpose, we first show a generic composition mode of a MAC with an encryption scheme that leads to a misuse-resistant authenticated encryption scheme, and also show that misuse-resistance does not hold anymore in the presence of leakages, even when relying on leakage-resilient MACs and encryption schemes.

Next, we argue that full misuse-resistance with leakage may be impossible to achieve with simple primitives such as hash functions and block ciphers. As a result, we formalize a new security notion of ciphertext integrity with misuse and leakage, which seems to be the best that can be achieved in a symmetric cryptographic setting, and describe first efficient constructions satisfying it.

Category / Keywords: secret-key cryptography / leakage-resilience

Date: received 17 Oct 2016, last revised 15 Feb 2017

Contact author: thomas peters at uclouvain be

Available format(s): PDF | BibTeX Citation

Version: 20170215:143551 (All versions of this report)

Short URL: ia.cr/2016/996

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]