Paper 2016/996

Leakage-Resilient and Misuse-Resistant Authenticated Encryption

Francesco Berti, François Koeune, Olivier Pereira, Thomas Peters, and François-Xavier Standaert


Leakage-resilience and misuse-resistance are two important properties for the deployment of authenticated encryption schemes. They aim at mitigating the impact of implementation flaws due to side-channel leakages and misused randomness. In this paper, we discuss their interactions and incompatibilities. For this purpose, we first show a generic composition mode of a MAC with an encryption scheme that leads to a misuse-resistant authenticated encryption scheme, and also show that misuse-resistance does not hold anymore in the presence of leakages, even when relying on leakage-resilient MACs and encryption schemes. Next, we argue that full misuse-resistance with leakage may be impossible to achieve with simple primitives such as hash functions and block ciphers. As a result, we formalize a new security notion of ciphertext integrity with misuse and leakage, which seems to be the best that can be achieved in a symmetric cryptographic setting, and describe first efficient constructions satisfying it.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
thomas peters @ uclouvain be
2017-02-15: revised
2016-10-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Francesco Berti and François Koeune and Olivier Pereira and Thomas Peters and François-Xavier Standaert},
      title = {Leakage-Resilient and Misuse-Resistant Authenticated Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2016/996},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.