Leakage-Resilient Cryptography over Large Finite Fields: Theory and Practice

Information leakage is a major concern in modern day IT-security. In fact, a malicious user is often able to extract information about private values from the computation performed on the devices. In specific settings, such as RFID, where a low computational complexity is required, it is hard to apply standard techniques to achieve resilience against this kind of attacks. In this paper, we present a framework to make cryptographic primitives based on large finite fields robust against information leakage with a bounded computational cost. The approach makes use of the inner product extractor and guarantees security in the presence of leakage in a widely accepted model. Furthermore, we show how to apply the proposed techniques to the authentication protocol Lapin, and we compare it to existing solutions.

[1]  Stefan Dziembowski,et al.  Leakage-Resilient Circuits without Computational Assumptions , 2012, TCC.

[2]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[3]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[4]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography From the Inner-Product Extractor , 2011, IACR Cryptol. ePrint Arch..

[5]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[6]  Anup Rao,et al.  An Exposition of Bourgain's 2-Source Extractor , 2007, Electron. Colloquium Comput. Complex..

[7]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[8]  Stefan Dziembowski,et al.  Leakage-Resilient Storage , 2010, SCN.

[9]  Emmanuel Prouff,et al.  On the Practical Security of a Leakage Resilient Masking Scheme , 2014, CT-RSA.

[10]  Guy N. Rothblum,et al.  How to Compute in the Presence of Leakage , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[11]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[12]  Yael Tauman Kalai,et al.  Overcoming the Hole in the Bucket: Public-Key Cryptography Resilient to Continual Memory Leakage , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[13]  Guy N. Rothblum,et al.  Securing Computation against Continuous Leakage , 2010, CRYPTO.

[14]  Vadim Lyubashevsky,et al.  Man-in-the-Middle Secure Authentication Schemes from LPN and Weak PRFs , 2013, IACR Cryptol. ePrint Arch..

[15]  Lubos Gaspar,et al.  Hardware Implementation and Side-Channel Analysis of Lapin , 2014, CT-RSA.

[16]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[17]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[18]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[19]  Ingrid Verbauwhede,et al.  Theory and Practice of a Leakage Resilient Masking Scheme , 2012, ASIACRYPT.

[20]  Christof Paar,et al.  Lapin: An Efficient Authentication Protocol Based on Ring-LPN , 2012, FSE.

[21]  Yevgeniy Dodis,et al.  Cryptography against Continuous Memory Attacks , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[22]  Marcin Andrychowicz Efficient Refreshing Protocol for Leakage-Resilient Storage Based on the Inner-Product Extractor , 2012, ArXiv.

[23]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[24]  Emmanuel Prouff,et al.  Higher-order glitch free implementation of the AES using Secure Multi-Party Computation protocols , 2011, Journal of Cryptographic Engineering.

[25]  Yevgeniy Vahlis,et al.  On Protecting Cryptographic Keys Against Continual Leakage , 2010, IACR Cryptol. ePrint Arch..

[26]  Umesh V. Vazirani Towards a strong communication complexity theory or generating quasi-random sequences from two communicating slightly-random sources , 1985, STOC '85.