Results 1  10
of
39
PublicKey Cryptosystems Resilient to Key Leakage
"... Most of the work in the analysis of cryptographic schemes is concentrated in abstract adversarial models that do not capture sidechannel attacks. Such attacks exploit various forms of unintended information leakage, which is inherent to almost all physical implementations. Inspired by recent sidec ..."
Abstract

Cited by 89 (6 self)
 Add to MetaCart
(Show Context)
Most of the work in the analysis of cryptographic schemes is concentrated in abstract adversarial models that do not capture sidechannel attacks. Such attacks exploit various forms of unintended information leakage, which is inherent to almost all physical implementations. Inspired by recent sidechannel attacks, especially the “cold boot attacks ” of Halderman et al. (USENIX Security ’08), Akavia, Goldwasser and Vaikuntanathan (TCC ’09) formalized a realistic framework for modeling the security of encryption schemes against a wide class of sidechannel attacks in which adversarially chosen functions of the secret key are leaked. In the setting of publickey encryption, Akavia et al. showed that Regev’s latticebased scheme (STOC ’05) is resilient to any leakage of
Appendonly signatures
 in International Colloquium on Automata, Languages and Programming
, 2005
"... Abstract. The strongest standard security notion for digital signature schemes is unforgeability under chosen message attacks. In practice, however, this notion can be insufficient due to “sidechannel attacks ” which exploit leakage of information about the secret internal state. In this work we pu ..."
Abstract

Cited by 53 (10 self)
 Add to MetaCart
(Show Context)
Abstract. The strongest standard security notion for digital signature schemes is unforgeability under chosen message attacks. In practice, however, this notion can be insufficient due to “sidechannel attacks ” which exploit leakage of information about the secret internal state. In this work we put forward the notion of “leakageresilient signatures, ” which strengthens the standard security notion by giving the adversary the additional power to learn a bounded amount of arbitrary information about the secret state that was accessed during every signature generation. This notion naturally implies security against all sidechannel attacks as long as the amount of information leaked on each invocation is bounded and “only computation leaks information.” The main result of this paper is a construction which gives a (treebased, stateful) leakageresilient signature scheme based on any 3time signature scheme. The amount of information that our scheme can safely leak per signature generation is 1/3 of the information the underlying 3time signature scheme can leak in total. Signature schemes that remain secure even if a bounded total amount of information is leaked were recently constructed, hence instantiating our construction with these schemes gives the first constructions of provably secure leakageresilient signature schemes. The above construction assumes that the signing algorithm can sample truly random bits, and thus an implementation would need some special hardware (randomness gates). Simply generating this randomness using a leakageresilient streamcipher will in general not work. Our second contribution is a sound general principle to replace uniform random bits in any leakageresilient construction with pseudorandom ones: run two leakageresilient streamciphers (with independent keys) in parallel and then apply a twosource extractor to their outputs. 1
D.: Nonmalleable codes
 In: ICS (2010
"... We introduce the notion of “nonmalleable codes ” which relaxes the notion of errorcorrection and errordetection. Informally, a code is nonmalleable if the message contained in a modified codeword is either the original message, or a completely unrelated value. In contrast to errorcorrection and ..."
Abstract

Cited by 45 (6 self)
 Add to MetaCart
We introduce the notion of “nonmalleable codes ” which relaxes the notion of errorcorrection and errordetection. Informally, a code is nonmalleable if the message contained in a modified codeword is either the original message, or a completely unrelated value. In contrast to errorcorrection and errordetection, nonmalleability can be achieved for very rich classes of modifications. We construct an efficient code that is nonmalleable with respect to modifications that effect each bit of the codeword arbitrarily (i.e. leave it untouched, flip it or set it to either 0 or 1), but independently of the value of the other bits of the codeword. Using the probabilistic method, we also show a very strong and general statement: there exists a nonmalleable code for every “small enough ” family F of functions via which codewords can be modified. Although this probabilistic method argument does not directly yield efficient constructions, it gives us efficient nonmalleable codes in the randomoracle model for very general classes of tampering functions — e.g. functions where every bit in the tampered codeword can depend arbitrarily on any 99 % of the bits in the original codeword. As an application of nonmalleable codes, we show that they provide an elegant algorithmic solution to the task of protecting functionalities implemented in hardware (e.g. signature cards) against “tampering attacks”. In such attacks, the secret state of a physical system is tampered, in the hopes that future interaction with the modified system will reveal some secret information. This problem, was previously studied in the work of Gennaro et al. in 2004 under the name “algorithmic tamper proof security ” (ATP). We show that nonmalleable codes can be used to achieve important improvements over the prior work. In particular, we show that any functionality can be made secure against a large class of tampering attacks, simply by encoding the secretstate with a nonmalleable code while it is stored in memory. 1
Achieving leakage resilience through dual system encryption
 In TCC
, 2011
"... In this work, we show that strong leakage resilience for cryptosystems with advanced functionalities can be obtained quite naturally within the methodology of dual system encryption, recently introduced by Waters. We demonstrate this concretely by providing fully secure IBE, HIBE, and ABE systems wh ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
In this work, we show that strong leakage resilience for cryptosystems with advanced functionalities can be obtained quite naturally within the methodology of dual system encryption, recently introduced by Waters. We demonstrate this concretely by providing fully secure IBE, HIBE, and ABE systems which are resilient to bounded leakage from each of many secret keys per user, as well as many master keys. This can be realized as resilience against continual leakage if we assume keys are periodically updated and no (or logarithmic) leakage is allowed during the update process. Our systems are obtained by applying a simple modification to previous dual system encryption constructions: essentially this provides a generic tool for making dual system encryption schemes leakageresilient. 1
Tamper and Leakage Resilience in the SplitState Model
, 2011
"... It is notoriously difficult to create hardware that is immune from side channel and tampering attacks. A lot of recent literature, therefore, has instead considered algorithmic defenses from such attacks. In this paper, we show how to algorithmically secure any cryptographic functionality from conti ..."
Abstract

Cited by 19 (3 self)
 Add to MetaCart
(Show Context)
It is notoriously difficult to create hardware that is immune from side channel and tampering attacks. A lot of recent literature, therefore, has instead considered algorithmic defenses from such attacks. In this paper, we show how to algorithmically secure any cryptographic functionality from continual splitstate leakage and tampering attacks. A splitstate attack on cryptographic hardware is one that targets separate parts of the hardware separately. Our construction does not require the hardware to have access to randomness. On contrast, prior work on protecting from continual combined leakage and tampering [KKS11] required true randomness for each update. Our construction is in the common reference string (CRS) model; the CRS must be hardwired into the device. We note that prior negative results show that it is impossible to algorithmically secure a cryptographic functionality against a combination of arbitrary continual leakage and tampering attacks without true randomness; therefore restricting our attention to the splitstate model is justified. Our construction is simple and modular, and relies on a new construction, in the CRS model, of nonmalleable codes with respect to splitstate tampering functions, which may be of independent interest. 1
How to Leak on Key Updates
"... In the continual memory leakage model, security against attackers who can repeatedly obtain leakage is achieved by periodically updating the secret key. This is an appealing model which captures a wide class of sidechannel attacks, but all previous constructions in this model provide only a very mi ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
In the continual memory leakage model, security against attackers who can repeatedly obtain leakage is achieved by periodically updating the secret key. This is an appealing model which captures a wide class of sidechannel attacks, but all previous constructions in this model provide only a very minimal amount of leakage tolerance during secret key updates. Since key updates may happen frequently, improving security guarantees against attackers who obtain leakage during these updates is an important problem. In this work, we present the first cryptographic primitives which are secure against a superlogarithmic amount of leakage during secret key updates. We present signature and public key encryption schemes in the standard model which can tolerate a constant fraction of the secret key to be leaked between updates as well as a constant fraction of the secret key and update randomness to be leaked during updates. Our signature scheme also allows us to leak a constant fraction of the entire secret state during signing. Before this work, it was unknown how to tolerate superlogarithmic leakage during updates even in the random oracle model. We rely on subgroup decision assumptions in composite order bilinear groups. 1
LeakageResilient Pseudorandom Functions and SideChannel Attacks on Feistel Networks
"... Abstract. A cryptographic primitive is leakageresilient, if it remains secure even if an adversary can learn a bounded amount of arbitrary information about the computation with every invocation. As a consequence, the physical implementation of a leakageresilient primitive is secure against every ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
(Show Context)
Abstract. A cryptographic primitive is leakageresilient, if it remains secure even if an adversary can learn a bounded amount of arbitrary information about the computation with every invocation. As a consequence, the physical implementation of a leakageresilient primitive is secure against every sidechannel as long as the amount of information leaked per invocation is bounded. In this paper we prove positive and negative results about the feasibility of constructing leakageresilient pseudorandom functions and permutations (i.e. blockciphers). Our results are three fold: 1. We construct (from any standard PRF) a PRF which satisfies a relaxed notion of leakageresilience where (1) the leakage function is fixed (and not adaptively chosen with each query.) and (2) the computation is split into several steps which leak individually (a “step ” will be the invocation of the underlying PRF.) 2. We prove that a Feistel network with a superlogarithmic number of rounds, each instantiated with a leakageresilient PRF, is a leakage resilient PRP. This reduction also holds for the nonadaptive notion just discussed, we thus get a blockcipher which is leakageresilient (against nonadaptive leakage). 3. We propose generic sidechannel attacks against Feistel networks. The attacks are generic in the sense that they work for any round functions (e.g. uniformly random functions) and only require some simple leakage from the inputs to the round functions. For example we show how to invert an r round Feistel network over 2n bits making 4 · (n + 1) r−2 forward queries, if with each query we are also given as leakage the Hamming weight of the inputs to the r round functions. This complements the result from the previous item showing that a superconstant number of rounds is necessary. 1
TamperProof Circuits: How to Trade Leakage for TamperResilience
"... Abstract. Tampering attacks are cryptanalytic attacks on the implementation of cryptographic algorithms (e.g., smart cards), where an adversary introduces faults with the hope that the tampered device will reveal secret information. Inspired by the work of Ishai et al. [Eurocrypt’06], we propose a c ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Tampering attacks are cryptanalytic attacks on the implementation of cryptographic algorithms (e.g., smart cards), where an adversary introduces faults with the hope that the tampered device will reveal secret information. Inspired by the work of Ishai et al. [Eurocrypt’06], we propose a compiler that transforms any circuit into a new circuit with the same functionality, but which is resilient against a welldefined and powerful tampering adversary. More concretely, our transformed circuits remain secure even if the adversary can adaptively tamper with every wire in the circuit as long as the tampering fails with some probability δ> 0. This additional requirement is motivated by practical tampering attacks, where it is often difficult to guarantee the success of a specific attack. Formally, we show that a qquery tampering attack against the transformed circuit can be “simulated ” with only blackbox access to the original circuit and log(q) bits of additional auxiliary information. Thus, if the implemented cryptographic scheme is secure against log(q) bits of leakage, then our implementation is tamperproof in the above sense. Surprisingly, allowing for this small amount of information leakage allows for much more efficient compilers, which moreover do not require randomness during evaluation. Similar to earlier works our compiler requires small, stateless and computationindependent tamperproof gadgets. Thus, our result can be interpreted as reducing the problem of shielding arbitrary complex computation to protecting simple components. 1
On Symmetric Encryption and Point Obfuscation
, 2010
"... We show tight connections between several cryptographic primitives, namely encryption with weakly random keys, encryption with keydependent messages (KDM), and obfuscation of point functions with multibit output (which we call multibit point functions, or MBPFs, for short). These primitives, whic ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
We show tight connections between several cryptographic primitives, namely encryption with weakly random keys, encryption with keydependent messages (KDM), and obfuscation of point functions with multibit output (which we call multibit point functions, or MBPFs, for short). These primitives, which have been studied mostly separately in recent works, bear some apparent similarities, both in the flavor of their security requirements and in the flavor of their constructions and assumptions. Still, rigorous connections have not been drawn. Our results can be interpreted as indicating that MBPF obfuscators imply a very strong form of encryption that simultaneously achieves security for weaklyrandom keys and keydependent messages as special cases. Similarly, each one of the other primitives implies a certain restricted form of MBPF obfuscation. Our results carry both constructions and impossibility results from one primitive to others. In particular: • The recent impossibility result for KDM security of Haitner and Holenstein (TCC ’09) carries over to MBPF obfuscators. • The CanettiDakdouk construction of MBPF obfuscators based on a strong variant of the DDH assumption (EC ’08) gives an encryption scheme which is secure w.r.t. any weak key distribution of superlogarithmic minentropy (and in particular, also has very strong leakage resilient properties). • All the recent constructions of encryption schemes that are secure w.r.t. weak keys imply a weak form of MBPF obfuscators.
Survey: Leakage resilience and the bounded retrieval model
 In ICITS
, 2009
"... Abstract. This survey paper studies recent advances in the field of LeakageResilient Cryptography. This booming area is concerned with the design of cryptographic primitives resistant to arbitrary sidechannel attacks, where an attacker can repeatedly and adaptively learn information about the secr ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
(Show Context)
Abstract. This survey paper studies recent advances in the field of LeakageResilient Cryptography. This booming area is concerned with the design of cryptographic primitives resistant to arbitrary sidechannel attacks, where an attacker can repeatedly and adaptively learn information about the secret key, subject only to the constraint that the overall amount of such information is bounded by some parameter ℓ. We start by surveying recent results in the so called Relative Leakage Model, where all the parameters of the system are allowed to depend on ℓ, and the goal is to make ℓ large relative to the length of the secret key. We conclude by showing how to extend the relative leakage results to the Bounded Retrieval Model (aka “Absolute Leakage Model”), where only the secret key length is allowed to be slightly larger than ℓ, but all other system parameters (e.g., publickey, communication, etc.) are independent of the absolute value of ℓ. Throughout the presentation we will emphasize the informationtheoretic techniques used in leakageresilient cryptography. 1