Paper 2016/996

Leakage-Resilient and Misuse-Resistant Authenticated Encryption

Francesco Berti, François Koeune, Olivier Pereira, Thomas Peters, and François-Xavier Standaert

Abstract

Leakage-resilience and misuse-resistance are two important properties for the deployment of authenticated encryption schemes. They aim at mitigating the impact of implementation flaws due to side-channel leakages and misused randomness. In this paper, we discuss their interactions and incompatibilities. For this purpose, we first show a generic composition mode of a MAC with an encryption scheme that leads to a misuse-resistant authenticated encryption scheme, and also show that misuse-resistance does not hold anymore in the presence of leakages, even when relying on leakage-resilient MACs and encryption schemes. Next, we argue that full misuse-resistance with leakage may be impossible to achieve with simple primitives such as hash functions and block ciphers. As a result, we formalize a new security notion of ciphertext integrity with misuse and leakage, which seems to be the best that can be achieved in a symmetric cryptographic setting, and describe first efficient constructions satisfying it.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
leakage-resilience
Contact author(s)
thomas peters @ uclouvain be
History
2017-02-15: revised
2016-10-20: received
See all versions
Short URL
https://ia.cr/2016/996
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2016/996,
      author = {Francesco Berti and François Koeune and Olivier Pereira and Thomas Peters and François-Xavier Standaert},
      title = {Leakage-Resilient and Misuse-Resistant Authenticated Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/996},
      year = {2016},
      url = {https://eprint.iacr.org/2016/996}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.