Paper 2019/1034

Sponges Resist Leakage: The Case of Authenticated Encryption

Jean Paul Degabriele, Christian Janson, and Patrick Struck


In this work we advance the study of leakage-resilient Authenticated Encryption with Associated Data (AEAD) and lay the theoretical groundwork for building such schemes from sponges. Building on the work of Barwell et al. (ASIACRYPT 2017), we reduce the problem of constructing leakage-resilient AEAD schemes to that of building fixed-input-length function families that retain pseudorandomness and unpredictability in the presence of leakage. Notably, neither property is implied by the other in the leakage-resilient setting. We then show that such a function family can be combined with standard primitives, namely a pseudorandom generator and a collision-resistant hash, to yield a nonce-based AEAD scheme. In addition, our construction is quite efficient in that it requires only two calls to this leakage-resilient function per encryption or decryption call. This construction can be instantiated entirely from the T-sponge to yield a concrete AEAD scheme which we call SLAE. We prove this sponge-based instantiation secure in the non-adaptive leakage setting. SLAE bears many similarities and is indeed inspired by ISAP, which was proposed by Dobraunig et al. at FSE 2017. However, while retaining most of the practical advantages of ISAP, SLAE additionally benefits from a formal security treatment.

Note: This version update corrects the security bounds for SLFunc (Theorems 7 and 8). The corresponding security bounds in the proceedings version of this paper were incorrect.

Available format(s)
Secret-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2019
AEADLeakage ResilienceSide ChannelsSLAEISAP
Contact author(s)
jpdega @ gmail com
2020-03-11: last of 2 revisions
2019-09-16: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jean Paul Degabriele and Christian Janson and Patrick Struck},
      title = {Sponges Resist Leakage: The Case of Authenticated Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1034},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.