Paper 2016/1074

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption

Thomas Unterluggauer, Mario Werner, and Stefan Mangard


Differential power analysis (DPA) is a powerful tool to extract the key of a cryptographic implementation from observing its power consumption during the en-/decryption of many different inputs. Therefore, cryptographic schemes based on frequent re-keying such as leakage-resilient encryption aim to inherently prevent DPA on the secret key by limiting the amount of data being processed under one key. However, the original asset of encryption, namely the plaintext, is disregarded. This paper builds on this observation and shows that the re-keying countermeasure does not only protect the secret key, but also induces another DPA vulnerability that allows for plaintext recovery. Namely, the frequent re-keying in leakage-resilient streaming modes causes constant plaintexts to be attackable through first-order DPA. Similarly, constant plaintexts can be revealed from re-keyed block ciphers using templates in a second-order DPA. Such plaintext recovery is particularly critical whenever long-term key material is encrypted and thus leaked. Besides leakage-resilient encryption, the presented attacks are also relevant for a wide range of other applications in practice that implicitly use re-keying, such as multi-party communication and memory encryption with random initialization for the key. Practical evaluations on both an FPGA and a microcontroller support the feasibility of the attacks and thus suggest the use of cryptographic implementations protected by mechanisms like masking in scenarios that require data encryption with multiple keys.

Available format(s)
Publication info
Published elsewhere. DATE 2017
differential power analysisside-channel attackleakage-resilient encryptionre-keying
Contact author(s)
thomas unterluggauer @ iaik tugraz at
2016-11-17: received
Short URL
Creative Commons Attribution


      author = {Thomas Unterluggauer and Mario Werner and Stefan Mangard},
      title = {Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1074},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.