Paper 2019/193

Towards Low-Energy Leakage-Resistant Authenticated Encryption from the Duplex Sponge Construction

Chun Guo, Olivier Pereira, Thomas Peters, and François-Xavier Standaert


The ongoing NIST lightweight standardization process explicitly puts forward a requirement of side-channel security, which has renewed the interest for Authenticated Encryption schemes (AEs) with light(er)-weight side-channel secure implementations. To address this challenge, we investigate the leakage-resilience of a generic duplex-based stream cipher, and prove the classical bound, i.e., $\approx2^{c/2}$, under an assumption of non-invertible leakage. Based on this, we propose a new 1-pass AE mode TETSponge, which carefully combines a tweakable block cipher that must have strong protections against side-channel attacks and is scarcely used, and a duplex-style permutation that only needs weak side-channel protections and is used to frugally process the message and associated data. TETSponge offers: (i) provable resistance against side-channel attacks during both encryption and decryption, (ii) some level of nonce misuse robustness, and (iii) black-box AE security with good bounds in the multi-user setting as well. We conclude that TETSponge offers an appealing option for the implementation of lightweight AE in settings where side-channel attacks are an actual concern. Our analysis offers the first rigorous methodology for the analysis of the leakage-resilience of sponge/duplex-based AEs. It can be easily adapted to others: we demonstrate this by showcasing brief analyzes of two other 1-pass AEs Ascon, GIBBON, and two 2-pass AEs TEDTSponge and ISAP. These provide various insights for both designs and implementations.

Note: Incorporated some suggestions & fixed typos.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Authenticated EncryptionDuplex ConstructionLeakage-ResilienceLeveled Implementations.
Contact author(s)
chun guo @ uclouvain be
2019-08-14: last of 3 revisions
2019-02-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Chun Guo and Olivier Pereira and Thomas Peters and François-Xavier Standaert},
      title = {Towards Low-Energy Leakage-Resistant Authenticated Encryption from the Duplex Sponge Construction},
      howpublished = {Cryptology ePrint Archive, Paper 2019/193},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.