Paper 2017/068

Authenticated Encryption in the Face of Protocol and Side Channel Leakage

Guy Barwell, Daniel P. Martin, Elisabeth Oswald, and Martijn Stam


Authenticated encryption schemes in practice have to be robust against adversaries that have access to various types of leakage, for instance decryption leakage on invalid ciphertexts (protocol leakage), or leakage on the underlying primitives (side channel leakage). This work includes several novel contributions: we augment the notion of nonce-base authenticated encryption with the notion of continuous leakage and we prove composition results in the face of protocol and side channel leakage. Moreover, we show how to achieve authenticated encryption that is simultaneously both misuse resistant and leakage resilient, based on a sufficiently leakage resilient PRF, and finally we propose a concrete, pairing-based, instantiation of the latter.

Note: Updated full version of the corresponding Asiacrypt'17 author's version

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in ASIACRYPT 2017
provable securityauthenticated encryptiongeneric compositionleakage resiliencerobustness
Contact author(s)
martijn stam @ bristol ac uk
2017-09-13: last of 3 revisions
2017-01-31: received
See all versions
Short URL
Creative Commons Attribution


      author = {Guy Barwell and Daniel P.  Martin and Elisabeth Oswald and Martijn Stam},
      title = {Authenticated Encryption in the Face of Protocol and Side Channel Leakage},
      howpublished = {Cryptology ePrint Archive, Paper 2017/068},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.