TEDT, a Leakage-Resist AEAD Mode for High Physical Security Applications


  • Francesco Berti ICTEAM/ELEN/Crypto Group, UCL, Louvain-la-Neuve, Belgium
  • Chun Guo ICTEAM/ELEN/Crypto Group, UCL, Louvain-la-Neuve, Belgium; School of Cyber Science and Technology and Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University
  • Olivier Pereira ICTEAM/ELEN/Crypto Group, UCL, Louvain-la-Neuve, Belgium
  • Thomas Peters ICTEAM/ELEN/Crypto Group, UCL, Louvain-la-Neuve, Belgium
  • François-Xavier Standaert ICTEAM/ELEN/Crypto Group, UCL, Louvain-la-Neuve, Belgium




Authenticated encryption, leakage-resilience/resistance, beyond-birthday bound, multi-user security, masking countermeasures, leveled implementations


We propose TEDT, a new Authenticated Encryption with Associated Data (AEAD) mode leveraging Tweakable Block Ciphers (TBCs). TEDT provides the following features: (i) It offers full leakage-resistance, that is, it limits the exploitability of physical leakages via side-channel attacks, even if these leakages happen during every message encryption and decryption operation. Moreover, the leakage integrity bound is asymptotically optimal in the multi-user setting. (ii) It offers nonce misuse-resilience, that is, the repetition of nonces does not impact the security of ciphertexts produced with fresh nonces. (iii) It can be implemented with a remarkably low energy cost when strong resistance to side-channel attacks is needed, supports online encryption and handles static and incremental associated data efficiently. Concretely, TEDT encourages so-called leveled implementations, in which two TBCs are implemented: the first one needs strong and energy demanding protections against side-channel attacks but is used in a limited way, while the other only requires weak and energy-efficient protections and performs the bulk of the computation. As a result, TEDT leads to more energy-efficient implementations compared to traditional AEAD schemes, whose side-channel security requires to uniformly protect every (T)BC execution.




How to Cite

Berti, F., Guo, C., Pereira, O., Peters, T., & Standaert, F.-X. (2019). TEDT, a Leakage-Resist AEAD Mode for High Physical Security Applications. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(1), 256–320. https://doi.org/10.13154/tches.v2020.i1.256-320