Paper 2013/433

On Symmetric Encryption with Distinguishable Decryption Failures

Alexandra Boldyreva, Jean Paul Degabriele, Kenneth G. Paterson, and Martijn Stam


We propose to relax the assumption that decryption failures are indistinguishable in security models for symmetric encryption. Our main purpose is to build models that better reflect the reality of cryptographic implementations, and to surface the security issues that arise from doing so. We systematically explore the consequences of this relaxation, with some surprising consequences for our understanding of this basic cryptographic primitive. Our results should be useful to practitioners who wish to build accurate models of their implementations and then analyse them. They should also be of value to more theoretical cryptographers proposing new encryption schemes, who, in an ideal world, would be compelled by this work to consider the possibility that their schemes might leak more than simple decryption failures.

Note: Minor typos were corrected.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. FSE 2013
multiple errorscryptographic practiceimplementationdecryption failuressecurity models
Contact author(s)
jpdega @ gmail com
2014-06-25: last of 3 revisions
2013-07-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Alexandra Boldyreva and Jean Paul Degabriele and Kenneth G.  Paterson and Martijn Stam},
      title = {On Symmetric Encryption with Distinguishable Decryption Failures},
      howpublished = {Cryptology ePrint Archive, Paper 2013/433},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.