SCAUT: Side-channel Security for Authenticated Encryption
You are here: Home \ Projects \ SCAUT

The classical approach to achieve multiple security properties such as authentication, integrity and confidentiality is to combine dedicated building blocks separately achieving each property. This apparently obvious process proves in fact to be very difficult, as testified by numerous attacks exploiting weaknesses in the “mortar” connecting the blocks, even in widely used, and presumably well-known, products such as OpenSSL. A promising approach to solve this issue is the use of combined primitives. This is for example the case for authenticated encryption, a fundamental cryptographic primitive that ensures at the same time confidentiality, integrity and authentication. Many new authenticated encryption schemes were recently proposed in the framework of the CAESAR competition.


The goal of this research project is to investigate the efficiency and security of these new proposals. That is, assuming that authenticated encryption will be deployed on small embedded platforms, how to guarantee that these algorithms can be implemented within the time budget imposed by practical applications, while making sure that they cannot (or at least not easily) be broken, especially by attacks taking advantage of physical information leakages (so-called side-channel attacks). Besides, a more prospective research will investigate the possibilities to extend the recent trend of “leakage-resilient” cryptography towards authentication and authenticated encryption. That is, can we design algorithms or encryption modes that are inherently more secure against physical attacks?

Innovation in the project will naturally derive from state-of-the-art scientific problems combined with practical implementation constraints, as typically encountered by cryptographic engineers. For example, we expect recent advances in authenticated encryption to be more efficient than the previous “Encrypt-then-MAC” approach. Beside, we also expect the joint investigation of algorithmic and physical security issues to lead to improved efficiency for solutions to be eventually exploited by our sponsor Worldline SA/NV.

While authenticated encryption is generally important for most applications, understanding physical security and ensuring sufficient resistance against side-channel attacks is especially important for companies like Worldline SA/NV, for which certified smart cards and terminals are at the core of the deployed technology. We expect the project outcomes to be useful, both for the IP cores and the expertise developed. Namely, we will investigate the implementation properties of various authenticated encryption schemes on various platforms (smart cards, FPGAs…), in different scenarios (i.e. optimized for different criteria, with and without security against physical attacks). This part of the project will be directly exploitable by our sponsor, in order to select a scheme and re-use parts of our implementations. Besides, certification against physical attacks (e.g. via Common Criteria, ISO 17825, FIPS 140…) is a time-consuming and expensive process, both for the development of secure IPs and for their evaluation by third parties. Progresses in the field of side-channel resistance are therefore strategic for companies involved in the development of and exploitation of secure tokens. They allow them to speed up their interactions with such processes, and reduce development costs. Hence, the expertise developed in the project will also be useful for Worldline SA/NV, and extend a long-term collaboration with the DPA laboratory at ULB. Eventually, this project is expected to bring benefits to future security standards, both by allowing an early analysis of the likely candidates to become the future authenticated encryption standards, and by contributing to a vast academic effort towards theoretically sound analysis methodologies, yielding future improved resistance evaluation standards.


[15 August 2016] The CAESAR selection committee has selected the following submissions as third-round candidates: ACORN, AEGIS, COLM (AES-COPA + ELmD), AES-JAMBU, AES-OTR, AEZ, ASCON, CLOC + SILC, Deoxys, Ketje, Keyak, MORUS, NORX, OCB, Tiaoxin.

[24 November 2015] SCREAM retained for the second round of the CAESAR competition


Projects Partners

Projects Sponsors