Paper 2022/1142

Secure Message Authentication in the Presence of Leakage and Faults

Francesco Berti, TU Darmstadt, Germany
Chun Guo, Shandong University, China
Thomas Peters, UCLouvain, Belgium
Yaobin Shen, UCLouvain, Belgium
François-Xavier Standaert, UCLouvain, Belgium

Security against side-channels and faults is a must for the deployment of embedded cryptography. A wide body of research has investigated solutions to secure implementations against these attacks at different abstraction levels. Yet, to a large extent, current solutions focus on one or the other threat. In this paper, we initiate a mode-level study of cryptographic primitives that can ensure security in a (new and practically-motivated) adversarial model combining leakage and faults. Our goal is to identify constructions that do not require a uniform protections of all their operations against both attack vectors. For this purpose, we first introduce a versatile and intuitive model to capture leakage and faults. We then show that a MAC introduced at Asiacrypt 2021 natively enables a leveled implementation where only its underlying tweakable block cipher must be protected, as long as only its tag verification can be faulted. We finally describe two approaches to amplify security in the case where also the tag generation can be faulted. One is based on iteration and requires the adversary to inject increasingly large faults to succeed. The other is based on randomness and allows provable security against differential faults.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in TOSC 2023
leakage; faults; mode-level protections
Contact author(s)
francesco berti @ tu-darmstadt de
201999900076 @ sdu edu cn
thomas peters @ uclouvain be
yaobin shen @ uclouvain be
fstandae @ uclouvain be
2023-02-20: revised
2022-09-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Francesco Berti and Chun Guo and Thomas Peters and Yaobin Shen and François-Xavier Standaert},
      title = {Secure Message Authentication in the Presence of Leakage and Faults},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1142},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.