Paper 2024/190

Constructing Committing and Leakage-Resilient Authenticated Encryption

Patrick Struck, University of Konstanz
Maximiliane Weishäupl, University of Regensburg

The main goal of this work is to construct authenticated encryption (AE) that is both committing and leakage-resilient. As a first approach for this we consider generic composition as a well-known method for constructing AE schemes. While the leakage resilience of generic composition schemes has already been analyzed by Barwell et al. (AC'17), for committing security this is not the case. We fill this gap by providing a separate analysis of the generic composition paradigms with respect to committing security, giving both positive and negative results: By means of a concrete attack, we show that Encrypt-then-MAC is not committing. Furthermore, we prove that Encrypt-and-MAC is committing, given that the underlying schemes satisfy security notions we introduce for this purpose. We later prove these new notions achievable by providing schemes that satisfy them. MAC-then-Encrypt turns out to be more difficult due to the fact that the tag is not outputted alongside the ciphertext as it is done for the other two composition methods. Nevertheless, we give a detailed heuristic analysis of MAC-then-Encrypt with respect to committing security, leaving a definite result as an open task for future work. Our results, in combination with the fact that only Encrypt-then-MAC yields leakage-resilient AE schemes, show that one cannot obtain AE schemes that are both committing and leakage-resilient via generic composition. As a second approach for constructing committing and leakage-resilient AE, we develop a generic transformation that turns an arbitrary AE scheme into one that fulfills both properties. The transformation relies on a keyed function that is both binding, i.e., it is hard to find key-input pairs that result in the same output, and leakage-resilient pseudorandom.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in TOSC 2024
Authenticated EncryptionCommitting SecurityLeakage Resilience
Contact author(s)
patrick struck @ uni-konstanz de
maximiliane weishaeupl @ ur de
2024-02-09: approved
2024-02-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Patrick Struck and Maximiliane Weishäupl},
      title = {Constructing Committing and Leakage-Resilient Authenticated Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2024/190},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.