Cryptology ePrint Archive: Report 2019/137

TEDT, a Leakage-Resilient AEAD mode for High (Physical) Security Applications

Francesco Berti and Chun Guo and Olivier Pereira and Thomas Peters and François-Xavier Standaert

Abstract: We propose TEDT, a new Authenticated Encryption with Associated Data (AEAD) mode leveraging Tweakable Block Ciphers (TBCs). TEDT provides the following features: (i) It offers asymptotically optimal security in the multi-user setting. (ii) It offers nonce misuse-resilience, that is, the repetition of nonces does not impact the security of ciphertexts produced with fresh nonces. (iii) It offers KDM security in the multi-user setting, that is, its security is maintained even if key-dependent messages are encrypted. (iv) It offers full leakage-resilience, that is, it limits the exploitability of physical leakages via side-channel attacks, even if these leakages happen during every message encryption and decryption operation. (v) It can be implemented with a remarkably low energy cost when strong resistance to side-channel attacks is needed, supports online encryption and handles static & incremental associated data efficiently. Concretely, TEDT encourages leveled implementations, in which two TBCs are implemented: one needs strong and energy demanding protections against side-channel attacks but is used in a limited way, while the other only requires weak and energy efficient protections and performs the bulk of the computation. As a result, TEDT leads to considerably more energy efficient implementations compared to traditional AEAD schemes, whose side-channel security requires to uniformly protect every (T)BC execution.

Category / Keywords: secret-key cryptography / Authenticated encryption, re-keying, tweakable block cipher, beyond-birthday bound, multi-user security, side-channel security, key-dependent messages security, leveled implementations, low energy implementations.

Date: received 8 Feb 2019, last revised 13 Feb 2019

Contact author: chun guo at uclouvain be

Available format(s): PDF | BibTeX Citation

Version: 20190213:215331 (All versions of this report)

Short URL: ia.cr/2019/137


[ Cryptology ePrint archive ]