International Association
for Cryptologic Research

We introduce a novel notion, denoted as IND-rCCA, to formalize the security and robustness of authenticated encryption. This notion is an augmentation of common notions defined for AEAD schemes by considering indistinguishability of potential leakage due to decryption failure in the presence of multiple checks for errors. We further extend this notion to IND-sf-rCCA to formalize the stateful security involving out-of-order ciphertext. Additionally, we present a modification to the Encode-then-Encrypt-then-MAC (EEM) paradigm to boost its robustness. We then analyze the security of the modification and show that it satisfies IND-rCCA security.