Exploring Integrity of AEADs with Faults: Definitions and Constructions

Implementation-based attacks are major concerns for modern cryptography. For symmetric-key cryptography, a significant amount of exploration has taken place in this regard primitives such as block ciphers. Concerning operating modes, Authenticated Encryption with Associated Data (AEAD), the stateof-the-art mainly addresses passive Side-Channel Attacks (SCA) form leakage resilient So far, only handful work address Fault (FA) context AEADs concerning fundamental properties – integrity and confidentiality. In paper, we gap by exploring mode-level issues arising due to FAs. We emphasize that FAs can be fatal even cases where adversary does not aim extract long-term secret, but rather tries violate basic security requirements (integrity confidentiality). Notably, show novel attack examples on state-of-the-art AEAD constructions prior fault-resilient construction called SIV$. On constructive side, first present new notions fault-resilience, PRF (frPRF), MAC (frMAC) (frAE), latter seen an improved version notion introduced Fischlin Gunther at CT-RSA’20. Then, propose turn frPRF into frMAC (hash-then-frPRF) frAE (MAC-then-Encrypt-then-MAC or MEM).