Leakage-Resilient Cryptography from Minimal Assumptions

We present new constructions of leakage-resilient cryptosystems, which remain provably secure even if the attacker learns some arbitrary partial information about their internal secret-key. For any polynomial $$\ell $$ℓ, we can instantiate these schemes so as to tolerate up to $$\ell $$ℓ bits of leakage. While there has been much prior work constructing such leakage-resilient cryptosystems under concrete number-theoretic and algebraic assumptions, we present the first schemes under general and minimal assumptions. In particular, we construct:Leakage-resilient public-key encryption from any standard public-key encryption.Leakage-resilient weak pseudorandom functions, symmetric-key encryption, and message-authentication codes from any one-way function. These are the first constructions of leakage-resilient symmetric-key primitives that do not rely on public-key assumptions. We also get the first constructions of leakage-resilient public-key encryption from “search assumptions,” such as the hardness of factoring or CDH. Although our schemes can tolerate arbitrarily large amounts of leakage, the tolerated rate of leakage (defined as the ratio of leakage amount to key size) is rather poor in comparison with prior results under specific assumptions. As a building block of independent interest, we study a notion of weak hash-proof systems in the public-key and symmetric-key settings. While these inherit some of the interesting security properties of standard hash-proof systems, we can instantiate them under general assumptions.

[1]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[2]  Nir Bitansky,et al.  Leakage-Tolerant Interactive Protocols , 2012, TCC.

[3]  Giovanni Di Crescenzo,et al.  Perfectly Secure Password Protocols in the Bounded Retrieval Model , 2006, TCC.

[4]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[5]  Stefan Dziembowski,et al.  Intrusion-Resilience Via the Bounded-Storage Model , 2006, TCC.

[6]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[7]  R. Jueneman,et al.  Message authentication , 1985, IEEE Communications Magazine.

[8]  Markus G. Kuhn,et al.  Known Attacks against Smartcards , 2022 .

[9]  Abhishek Jain,et al.  Parallel Repetition for Leakage Resilience Amplification Revisited , 2011, TCC.

[10]  Yael Tauman Kalai,et al.  Robustness of the Learning with Errors Assumption , 2010, ICS.

[11]  Guy N. Rothblum,et al.  How to Compute in the Presence of Leakage , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[12]  P. Kocher,et al.  Differential power analysis, advances in cryptology-CRYPTO'99 , 1999 .

[13]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[14]  Yael Tauman Kalai,et al.  Overcoming the Hole in the Bucket: Public-Key Cryptography Resilient to Continual Memory Leakage , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[15]  Allison Bishop,et al.  On the Insecurity of Parallel Repetition for Leakage Resilience , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[16]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[17]  Yevgeniy Dodis,et al.  Cryptography against Continuous Memory Attacks , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[18]  Brent Waters,et al.  Practical leakage-resilient identity-based encryption from simple assumptions , 2010, CCS '10.

[19]  Shai Halevi,et al.  After-the-Fact Leakage in Public-Key Encryption , 2011, IACR Cryptol. ePrint Arch..

[20]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[21]  Yael Tauman Kalai,et al.  Leaky Pseudo-Entropy Functions , 2011, ICS.

[22]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[23]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[24]  Ronald Cramer Theory of cryptography : 9th theory of cryptography conference, TCC 2012, Taormina, Sicily, Italy, March 19-21, 2012 : proceedings , 2012 .

[25]  Allison Bishop,et al.  Storing Secrets on Continually Leaky Devices , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[26]  Carmit Hazay,et al.  Leakage-Resilient Cryptography from Minimal Assumptions , 2013, EUROCRYPT.

[27]  Amit Sahai,et al.  Leakage-Resilient Zero Knowledge , 2011, CRYPTO.

[28]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[29]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[30]  Yuval Ishai Theory of cryptography : 8th Theory of Cryptography Conference, TCC 2011, Providence, RI, USA, March 28-30, 2011 : proceedings , 2011 .

[31]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[32]  François-Xavier Standaert How Leaky Is an Extractor? , 2010, LATINCRYPT.

[33]  Johan Hstad,et al.  Construction of a pseudo-random generator from any one-way function , 1989 .

[34]  Ivan Damgård,et al.  Improved Non-committing Encryption Schemes Based on a General Complexity Assumption , 2000, CRYPTO.

[35]  Aggelos Kiayias,et al.  A Little Honesty Goes a Long Way - The Two-Tier Model for Secure Multiparty Computation , 2015, TCC.

[36]  Yevgeniy Dodis,et al.  Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model , 2009, CRYPTO.

[37]  Zvika Brakerski,et al.  Circular and Leakage Resilient Public-Key Encryption Under Subgroup Indistinguishability (or: Quadratic Residuosity Strikes Back) , 2010, IACR Cryptol. ePrint Arch..

[38]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[39]  Daniel Wichs,et al.  Fully Leakage-Resilient Signatures , 2011, EUROCRYPT.

[40]  Yevgeniy Dodis,et al.  Efficient Public-Key Cryptography in the Presence of Key Leakage , 2010, ASIACRYPT.

[41]  Shai Halevi,et al.  Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, New York, NY, USA, March 4-7, 2006, Proceedings (Lecture Notes in Computer Science) , 2006 .

[42]  Yael Tauman Kalai,et al.  A Parallel Repetition Theorem for Leakage Resilience , 2012, TCC.

[43]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[44]  Salil P. Vadhan,et al.  Constructing Locally Computable Extractors and Cryptosystems in the Bounded-Storage Model , 2003, Journal of Cryptology.

[45]  David Cash,et al.  Intrusion-Resilient Key Exchange in the Bounded Retrieval Model , 2007, TCC.

[46]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[47]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[48]  Moni Naor,et al.  Public-Key Encryption in the Bounded-Retrieval Model , 2010, EUROCRYPT.

[49]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[50]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[51]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[52]  Salil P. Vadhan,et al.  On Constructing Locally Computable Extractors and Cryptosystems in the Bounded Storage Model , 2003, CRYPTO.

[53]  Eike Kiltz,et al.  Message Authentication, Revisited , 2012, EUROCRYPT.

[54]  Yevgeniy Dodis,et al.  Overcoming weak expectations , 2012, 2012 IEEE Information Theory Workshop.

[55]  Allison Bishop,et al.  How to leak on key updates , 2011, STOC '11.