Sponges Resist Leakage: The Case of Authenticated Encryption

  • Jean Paul DegabrieleEmail author
  • Christian Janson
  • Patrick Struck
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11922)


In this work we advance the study of leakage-resilient Authenticated Encryption with Associated Data (AEAD) and lay the theoretical groundwork for building such schemes from sponges. Building on the work of Barwell et al. (ASIACRYPT 2017), we reduce the problem of constructing leakage-resilient AEAD schemes to that of building fixed-input-length function families that retain pseudorandomness and unpredictability in the presence of leakage. Notably, neither property is implied by the other in the leakage-resilient setting. We then show that such a function family can be combined with standard primitives, namely a pseudorandom generator and a collision-resistant hash, to yield a nonce-based AEAD scheme. In addition, our construction is quite efficient in that it requires only two calls to this leakage-resilient function per encryption or decryption call. This construction can be instantiated entirely from the T-sponge to yield a concrete AEAD scheme which we call \({ \textsc {Slae}}\). We prove this sponge-based instantiation secure in the non-adaptive leakage setting. \({ \textsc {Slae}}\) bears many similarities and is indeed inspired by \({ \textsc {Isap}}\), which was proposed by Dobraunig et al. at FSE 2017. However, while retaining most of the practical advantages of \({ \textsc {Isap}}\), \({ \textsc {Slae}}\) additionally benefits from a formal security treatment.


AEAD Leakage Resilience Side channels SLAE ISAP 



We thank Daniel Baur and Christian Schuller for initial discussions during the early stages of this project, and our anonymous reviewers for their constructive comments. Degabriele was supported by the German Federal Ministry of Education and Research (BMBF) as well as by the Hessian State Ministry for Higher Education, Research and Arts (HMWK) within CRISP. Janson was co-funded by the DFG as part of project P2 within the CRC 1119 CROSSING. Struck was funded by the DFG as part of project P1 within the CRC 1119 CROSSING.


  1. 1.
    Abdalla, M., Belaïd, S., Fouque, P.-A.: Leakage-resilient symmetric encryption via re-keying. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 471–488. Springer, Heidelberg (2013). Scholar
  2. 2.
    Abed, F., Berti, F., Lucks, S.: Insecurity of RCB: leakage-resilient authenticated encryption. Cryptology ePrint Archive, Report 2016/1121 (2016).
  3. 3.
    Agrawal, M., et al.: RCB: leakage-resilient authenticated encryption via re-keying. J. Supercomputing 74(9), 4173–4198 (2018)CrossRefGoogle Scholar
  4. 4.
    Barwell, G., Martin, D.P., Oswald, E., Stam, M.: Authenticated encryption in the face of protocol and side channel leakage. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 693–723. Springer, Cham (2017). Scholar
  5. 5.
    Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006). Scholar
  6. 6.
    Bernstein, D.J.: CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness (2014)Google Scholar
  7. 7.
    Berti, F., Koeune, F., Pereira, O., Peters, T., Standaert, F.-X.: Leakage-resilient and misuse-resistant authenticated encryption. Cryptology ePrint Archive, Report 2016/996 (2016).
  8. 8.
    Berti, F., Pereira, O., Peters, T., Standaert, F.-X.: On leakage-resilient authenticated encryption with decryption leakages. IACR Trans. Symm. Cryptol. 2017(3), 271–293 (2017)Google Scholar
  9. 9.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: ECRYPT Hash Workshop (2007).
  10. 10.
    Dobraunig, C., Eichlseder, M., Mangard, S., Mendel, F., Unterluggauer, T.: ISAP - towards side-channel secure authenticated encryption. IACR Trans. Symm. Cryptol. 2017(1), 80–105 (2017)Google Scholar
  11. 11.
    Dobraunig, C., Mennink, B.: Leakage resilience of the duplex construction. Cryptology ePrint Archive, Report 2019/225 (2019).
  12. 12.
    Dodis, Y., Pietrzak, K.: Leakage-resilient pseudorandom functions and side-channel attacks on feistel networks. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 21–40. Springer, Heidelberg (2010). Scholar
  13. 13.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: 49th FOCS, pp. 293–302. IEEE Computer Society Press, October 2008Google Scholar
  14. 14.
    Faust, S., Pietrzak, K., Schipper, J.: Practical leakage-resilient symmetric cryptography. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 213–232. Springer, Heidelberg (2012). Scholar
  15. 15.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Guo, C., Pereira, O., Peters, T., Standaert, F.-X.: Leakage-resilient authenticated encryption with misuse in the leveled leakage setting: definitions, separation results, and constructions. Cryptology ePrint Archive, Report 2018/484 (2018).
  17. 17.
    Guo, C., Pereira, O., Peters, T., Standaert, F.-X.: Towards lightweight side-channel security and the leakage-resilience of the duplex sponge. Cryptology ePrint Archive, Report 2019/193 (2019).
  18. 18.
    Longo, J., Martin, D.P., Oswald, E., Page, D., Stam, M., Tunstall, M.J.: Simulatable leakage: analysis, pitfalls, and new constructions. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 223–242. Springer, Heidelberg (2014). Scholar
  19. 19.
    Namprempre, C., Rogaway, P., Shrimpton, T.: Reconsidering generic composition. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 257–274. Springer, Heidelberg (2014). Scholar
  20. 20.
    Pereira, O., Standaert, F.-X., Vivek, S.: Leakage-resilient authentication and encryption from symmetric cryptographic primitives. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 96–108. ACM Press, October 2015Google Scholar
  21. 21.
    Rogaway, P.: Authenticated-encryption with associated-data. In: Atluri, V. (ed.) ACM CCS 2002, pp. 98–107. ACM Press, November 2002Google Scholar
  22. 22.
    Standaert, F., Pereira, O., Yu, Y., Quisquater, J., Yung, M., Oswald, E.: Leakage resilient cryptography in practice. In: Sadeghi, A., Naccache, D. (eds.) Towards Hardware-Intrinsic Security - Foundations and Practice. Information Security and Cryptography, pp. 99–134. Springer, Heidelberg (2010). Scholar
  23. 23.
    Standaert, F.-X., Pereira, O., Yu, Y.: Leakage-resilient symmetric cryptography under empirically verifiable assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 335–352. Springer, Heidelberg (2013). Scholar
  24. 24.
    Yu, Y., Standaert, F.-X., Pereira, O., Yung, M.: Practical leakage-resilient pseudorandom generators. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM CCS 2010, pp. 141–151. ACM Press, October 2010Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Jean Paul Degabriele
    • 1
    Email author
  • Christian Janson
    • 2
  • Patrick Struck
    • 3
  1. 1.CNSTechnische Universität DarmstadtDarmstadtGermany
  2. 2.CryptoplexityTechnische Universität DarmstadtDarmstadtGermany
  3. 3.CDCTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations