Leakage-Resilient Cryptography from Minimal Assumptions

Hazay, Carmit; López-Alt, Adriana; Wee, Hoeteck; Wichs, Daniel

doi:10.1007/s00145-015-9200-x

Cited by 22 publications

(30 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…consider only key leakage). In fact, this is also true for public-key encryption schemes: see, e.g., [27] for an early proposal in this direction and [15] for a more recent one. On the one hand, this seems unavoidable: indeed a single bit of leakage on the plaintext trivially breaks the semantic security game.…”

Section: Introductionmentioning

confidence: 92%

Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

Pereira

Standaert

Vivek

2015

Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Leakage-resilient cryptosystems aim to maintain security in situations where their implementation leaks physical information about their internal secrets. Because of their efficiency and usability on a wide range of platforms, solutions based on symmetric primitives (such as block ciphers) are particularly attractive in this context. So far, the literature has mostly focused on the design of leakage-resilient pseudorandom objects (e.g. PRGs, PRFs, PRPs). In this paper, we consider the complementary and practically important problem of designing secure authentication and encryption schemes. For this purpose, we follow a pragmatic approach based on the advantages and limitations of existing leakageresilient pseudorandom objects, and rely on the (arguably necessary, yet minimal) use of a leak-free component. The latter can typically be instantiated with a block cipher implementation protected by traditional countermeasures, and we investigate how to combine it with the more intensive use of a much more efficient (less protected) block cipher implementation. Based on these premises, we propose and analyse new constructions of leakage-resilient MAC and encryption schemes, which allow fixing security and efficiency drawbacks of previous proposals in this direction. For encryption, we additionally provide a detailed discussion of why previously proposed (indistinguishability based) security definitions cannot capture actual side-channel attacks, and suggest a relaxed and more realistic way to quantify leakage-resilience in this case, by reducing the security of many iterations of the primitive to the security of a single iteration, independent of the security notion guaranteed by this single iteration (that remains hard to define).

show abstract

Section: Introductionmentioning

confidence: 92%

Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

Pereira

Standaert

Vivek

2015

Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…In the full version [31], we show how to construct leakage-resilient PKE from wHPS by following the construction of Naor and Segev [43], while formalizing that the the weaker security of wHPS is sufficient. We apply an extractor to the output k of the wHPS, and then use the extracted randomness as a one-time-pad to encrypt a message of our choice.…”

Section: Constructing Lr-pke From Whpsmentioning

confidence: 99%

“…From wPRF to CPA Encryption. In the full version [31] we show how to construct leakage-resilient CPA-secure (LR-CPA) symmetric-key encryption from LR-wPRF.…”

Section: Leakage-resilient Wprf and Symmetric-key Encryption Definingmentioning

confidence: 99%

See 1 more Smart Citation

Leakage-Resilient Cryptography from Minimal Assumptions

Hazay

López-Alt

Wee

et al. 2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. We present new constructions of leakage-resilient cryptosystems, which remain provably secure even if the attacker learns some arbitrary partial information about their internal secret key. For any polynomial , we can instantiate these schemes so as to tolerate up to bits of leakage. While there has been much prior work constructing such leakage-resilient cryptosystems under concrete number-theoretic and algebraic assumptions, we present the first schemes under general and minimal assumptions. In particular, we construct:-Leakage-resilient public-key encryption from any standard public-key encryption. -Leakage-resilient weak pseudorandom functions, symmetric-key encryption, and message-authentication codes from any one-way function. These are the first constructions of leakage-resilient symmetric-key primitives that do not rely on public-key assumptions. We also get the first constructions of leakage-resilient public-key encryption from "search assumptions", such as the hardness of factoring or CDH. Although our schemes can tolerate arbitrarily large amounts of leakage, the tolerated rate of leakage (defined as the ratio of leakage-amount to key-size) is rather poor in comparison to prior results under specific assumptions.As a building block of independent interest, we study a notion of weak hash-proof systems in the public-key and symmetric-key settings. While these inherit some of the interesting security properties of standard hashproof systems, we can instantiate them under general assumptions.

show abstract

“…There are also other security models for leakage-resilience that consider more complicated scenarios of key leakage, e.g., auxiliary input model [11], continual-leakage model [5,9] and continual auxiliary input model [33]. Nevertheless, many works from those complicated models rely on the results from the bounded-leakage model as basic building blocks [19]. In this paper, we consider the bounded-leakage model in the setting of public-key encryption.…”

Section: Introductionmentioning

confidence: 99%

Leakage-Flexible CCA-secure Public-Key Encryption: Simple Construction and Free of Pairing

Qin

Liu

2014

Public-Key Cryptography – PKC 2014

View full text Add to dashboard Cite

Abstract. In AsiaCrypt 2013, Qin and Liu proposed a new approach to CCA-security of Public-Key Encryption (PKE) in the presence of bounded key-leakage, from any universal hash proof system (due to Cramer and Shoup) and any one-time lossy filter (a simplified version of lossy algebraic filters, due to Hofheinz). They presented two instantiations under the DDH and DCR assumptions, which result in leakage rate (defined as the ratio of leakage amount to the secret-key length) of 1/2 − o(1). In this paper, we extend their work to broader assumptions and to flexible leakage rate, more specifically to leakage rate of 1 − o(1).-We introduce the Refined Subgroup Indistinguishability (RSI) assumption, which is a subclass of subgroup indistinguishability assumptions, including many standard number-theoretical assumptions, like the quadratic residuosity assumption, the decisional composite residuosity assumption and the subgroup decision assumption over a group of known order defined by Boneh et al. -We show that universal hash proof (UHP) system and one-time lossy filter (OT-LF) can be simply and efficiently constructed from the RSI assumption. Applying Qin and Liu's paradigm gives simple and efficient PKE schemes under the RSI assumption. -With the RSI assumption over a specific group (free of pairing), public parameters of UHP and OT-LF can be chosen in a flexible way, resulting in a leakage-flexible CCA-secure PKE scheme. More specifically, we get the first CCA-secure PKE with leakage rate of 1 − o(1) without pairing.

show abstract

Leakage-Resilient Cryptography from Minimal Assumptions

Cited by 22 publications

References 45 publications

Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

Leakage-Resilient Cryptography from Minimal Assumptions

Leakage-Flexible CCA-secure Public-Key Encryption: Simple Construction and Free of Pairing

Contact Info

Product

Resources

About