On the Impacts of Mathematical Realization over Practical Security of Leakage Resilient Cryptographic Schemes

In real world, in order to transform an abstract and generic cryptographic scheme into actual physical implementation, one usually undergoes two processes: mathematical realization at algorithmic level and physical realization at implementation level. In black-box model (i.e. leakage-free setting), a cryptographic scheme can be mathematically realized without affecting its theoretical security as long as the mathematical components meet the required cryptographic properties. However, up to now, no previous work formally show that whether one can mathematically realize a leakage resilient cryptographic scheme in existent ways without affecting its practical security. Our results give a negative answer to this important question by introducing attacks against several kinds of mathematical realization of a practical leakage resilient cryptographic scheme. To be specific, there may exist a big gap between the theoretical tolerance leakage bits number and the practical tolerance leakage bits number of the same leakage resilient cryptographic scheme if the mathematical components in the mathematical realization are not provably secure in leakage setting.

[1]  Yael Tauman Kalai,et al.  Public-Key Encryption Schemes with Auxiliary Inputs , 2010, TCC.

[2]  Yevgeniy Dodis,et al.  Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model , 2009, CRYPTO.

[3]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[4]  Stefan Dziembowski,et al.  Intrusion-Resilience Via the Bounded-Storage Model , 2006, TCC.

[5]  David Cash,et al.  Intrusion-Resilient Key Exchange in the Bounded Retrieval Model , 2007, TCC.

[6]  Moni Naor,et al.  Public-Key Encryption in the Bounded-Retrieval Model , 2010, EUROCRYPT.

[7]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[8]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[9]  Yevgeniy Dodis,et al.  Cryptography against Continuous Memory Attacks , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[10]  Stefan Dziembowski,et al.  On Forward-Secure Storage Extended Abstract , 2006 .

[11]  Christophe Clavier,et al.  Universal Exponentiation Algorithm , 2001, CHES.

[12]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[13]  Moti Yung,et al.  Practical leakage-resilient pseudorandom generators , 2010, CCS '10.

[14]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[15]  Stefan Dziembowski,et al.  Intrusion-Resilient Secret Sharing , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[16]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[17]  François-Xavier Standaert How Leaky Is an Extractor? , 2010, LATINCRYPT.

[18]  Srinivas Vivek,et al.  Limits of a conjecture on a leakage-resilient cryptosystem , 2014, Inf. Process. Lett..

[19]  Eike Kiltz,et al.  Leakage Resilient ElGamal Encryption , 2010, ASIACRYPT.

[20]  Allison Bishop,et al.  How to leak on key updates , 2011, STOC '11.

[21]  Elena Trichina,et al.  Implementation of Elliptic Curve Cryptography with Built-In Counter Measures against Side Channel Attacks , 2002, CHES.

[22]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[23]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[24]  Yael Tauman Kalai,et al.  On cryptography with auxiliary input , 2009, STOC '09.

[25]  Bruce Schneier,et al.  Cryptanalytic Attacks on Pseudorandom Number Generators , 1998, FSE.

[26]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[27]  Yael Tauman Kalai,et al.  Overcoming the Hole in the Bucket: Public-Key Cryptography Resilient to Continual Memory Leakage , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.