Strong Authenticity with Leakage Under Weak and Falsifiable Physical Assumptions

Abstract

Authenticity can be compromised by information leaked via side-channels (e.g., power consumption). Examples of attacks include direct key recoveries and attacks against the tag verification which may lead to forgeries. At FSE 2018, Berti et al. described two authenticated encryption schemes which provide authenticity assuming a leak-free implementation of a Tweakable Block Cipher. Precisely, security is guaranteed even if all the intermediate computations of the target implementation are leaked in full but the long-term key. Yet, while a leak-free implementation reasonably models strongly protected implementations of a, it remains an idealized physical assumption that may be too demanding in many cases, in particular if hardware engineers mitigate the leakage to a good extent but (due to performance constraints) do not reach leak-freeness. In this paper, we get rid of this important limitation by introducing the notion of Strong Unpredictability with Leakage for and. It captures the hardness for an adversary to provide a fresh and valid input/output pair for a, even having oracle access to the, its inverse and their leakages. This definition is game-based and may be verified/falsified by laboratories. Based on it, we then provide two Message Authentication Codes which are secure if the on which they rely are implemented in a way that maintains a sufficient unpredictability. Thus, we improve the theoretical foundations of leakage-resilient and extend them towards engineering constraints that are easier to achieve in practice. (The full version of this paper is available on ePrint [8].).