## CryptoDB

### Paper: On Leakage-Resilient Authenticated Encryption with Decryption Leakages

Authors: Francesco Berti , UCLouvain, ICTEAM – Crypto Group B-1348 Louvain-la-Neuve Olivier Pereira , UCLouvain, ICTEAM – Crypto Group B-1348 Louvain-la-Neuve Thomas Peters , UCLouvain, ICTEAM – Crypto Group B-1348 Louvain-la-Neuve François-Xavier Standaert , UCLouvain, ICTEAM – Crypto Group B-1348 Louvain-la-Neuve DOI: 10.13154/tosc.v2017.i3.271-293 URL: https://tosc.iacr.org/index.php/ToSC/article/view/774 Search ePrint Search Google At CCS 2015, Pereira et al. introduced a pragmatic model enabling the study of leakage-resilient symmetric cryptographic primitives based on the minimal use of a leak-free component. This model was recently used to prove the good integrity and confidentiality properties of an authenticated encryption scheme called DTE when the adversary is only given encryption leakages. In this paper, we extend this work by analyzing the case where decryption leakages are also available. We first exhibit attacks exploiting such leakages against the integrity of DTE (and variants) and show how to mitigate them. We then consider message confidentiality in a context where an adversary can observe decryption leakages but not the corresponding messages. The latter is motivated by applications such as secure bootloading and bitstream decryption. We finally formalize the confidentiality requirements that can be achieved in this case and propose a new construction satisfying them, while providing integrity properties with leakage that are as good as those of DTE.
##### BibTeX
@article{tosc-2017-28474,
title={On Leakage-Resilient Authenticated Encryption with Decryption Leakages},
journal={IACR Trans. Symmetric Cryptol.},
publisher={Ruhr-Universität Bochum},
volume={2017, Issue 3},
pages={271-293},
url={https://tosc.iacr.org/index.php/ToSC/article/view/774},
doi={10.13154/tosc.v2017.i3.271-293},
author={Francesco Berti and Olivier Pereira and Thomas Peters and François-Xavier Standaert},
year=2017
}