Attacking a Leakage-Resilient Authenticated Encryption Scheme without Leakage

Publication Type:

Journal Article


Information & Security: An International Journal, Volume 37, p.45-53 (2017)


attack, authenticated encryption, block cypher, leakage-resilience


Leakage-resilient authenticated encryption (AE) aims at privacy and authenticity against adversaries with an additional side channel. The first published “leakage resilient” AE scheme is the RCB block cipher mode. As it turns out, RCB is insecure, even if there is no side channel for the adversary. The current paper presents several attacks on RCB.