Results 1  10
of
161
Leakageresilient cryptography
 In Proceedings of the 49th IEEE Symposium on Foundation of Computer Science
, 2008
"... We construct a streamcipher S whose implementation is secure even if a bounded amount of arbitrary (adversarially chosen) information on the internal state of S is leaked during computation. This captures all possible sidechannel attacks on S where the amount of information leaked in a given peri ..."
Abstract

Cited by 143 (9 self)
 Add to MetaCart
given K1,...,Kℓ−1, f1(τ1),..., fℓ−1(τℓ−1) and also the complete internal state of S after Kℓ has been computed (i.e. S is forwardsecure). The construction is based on alternating extraction (used in the intrusionresilient secretsharing scheme from FOCS’07). We move this concept to the computational
Impossibility Results for LeakageResilient Zero Knowledge and MultiParty Computation
"... In [AGP14] Ananth et al. showed that continual leakageresilient nontransferable interactive proofs exist when a leakfree inputencoding phase is allowed and a common reference string is available. They left open the problem of removing the need of a common reference string. In [BGJK12] Boyle et a ..."
Abstract
 Add to MetaCart
al. showed that for some interesting functionalities continual leakageresilient secure computation is possible when leakfree interactive preprocessing and inputencoding phases are allowed. They left open the problem of removing the interactive preprocessing. In this work we study the above
Fully LeakageResilient Signatures
, 2010
"... A signature scheme is fully leakage resilient (Katz and Vaikuntanathan, ASIACRYPT ’09) if it is existentially unforgeable under an adaptive chosenmessage attack even in a setting where an adversary may obtain bounded (yet arbitrary) leakage information on all intermediate values that are used throu ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
throughout the lifetime of the system. This is a strong and meaningful notion of security that captures a wide range of sidechannel attacks. One of the main challenges in constructing fully leakageresilient signature schemes is dealing with leakage that may depend on the random bits used by the signing
LeakageResilient Storage
"... Abstract. We study a problem of secure date storage on hardware that may leak information. We introduce a new primitive, that we call leakageresilient storage (LRS), which is an (unkeyed) scheme for encoding messages. The security of LRS is defined with respect to a class Γ of leakage functions. We ..."
Abstract

Cited by 14 (8 self)
 Add to MetaCart
Abstract. We study a problem of secure date storage on hardware that may leak information. We introduce a new primitive, that we call leakageresilient storage (LRS), which is an (unkeyed) scheme for encoding messages. The security of LRS is defined with respect to a class Γ of leakage functions
LeakageResilient ElGamal
, 2010
"... Blinding is a popular and wellknown countermeasure to protect publickey cryptosystems against sidechannel attacks. The high level idea is to randomize an exponentiation in order to prevent multiple measurements of the same operation on different data, as such measurements might allow the adversar ..."
Abstract
 Add to MetaCart
. In particular, we propose a muliplicatively blinded version of ElGamal publickey encryption where • we prove that the scheme, instantiated over bilinear groups of prime order p (where p−1 is not smooth) is leakageresilient in the genericgroup model. Here we consider the model of chosencipherext security
LeakageResilient Digital Signatures
, 2011
"... In this class we gave a definition of leakageresilient signatures in the bounded memory leakage model and then gave a construction due to Katz and Vaikuntanathan [KV09]. 1 Review of Leakage Models Before constructing leakageresilient signatures we will review and clarify the different leakage mode ..."
Abstract
 Add to MetaCart
a leakageresilient signature scheme in the bounded leakage model. A digital signature scheme is a triple of PPT algorithms S =(Gen, Sign, Ver). Syntactically: • Gen(1 k)=(sk, vk) wherek is a security parameter and (sk, vk) is a keypair consisting of a private signature key and a public
Fully LeakageResilient Codes
"... Abstract. Leakage resilient codes (LRCs) are probabilistic encoding schemes that guarantee message hiding even under some bounded leakage on the codeword. We introduce the notion of fully leakage resilient codes (FLRCs), where the adversary can leak some λ0 bits from the encoding process, i.e., the ..."
Abstract
 Add to MetaCart
the message. For λ0 = 0 our new simulationbased notion is equivalent to the usual gamebased definition. A FLRC would be interesting in its own right and would be useful in building other leakageresilient primitives in a composable manner. We give a fairly general impossibility result for FLRCs
LeakageResilient Coin Tossing
, 2011
"... The ability to collectively toss a common coin among n parties in the presence of faults is an important primitive in the arsenal of randomized distributed protocols. In the case of dishonest majority, it was shown to be impossible to achieve less than 1 bias in O(r) rounds (Cleve STOC r ’86). In th ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
). In the case of honest majority, in contrast, unconditionally secure O(1)round protocols for generating common perfectly unbiased coins follow from general completeness theorems on multiparty secure protocols in the perfectly secure channels model (e.g., BGW, CCD STOC ’88). However, in the multi
A leakageresilient mode of operation
 In EUROCRYPT
, 2009
"... Abstract. A weak pseudorandom function (wPRF) is a pseudorandom functions with a relaxed security requirement, where one only requires the output to be pseudorandom when queried on random (and not adversarially chosen) inputs. We show that unlike standard PRFs, wPRFs are secure against memory attack ..."
Abstract

Cited by 76 (5 self)
 Add to MetaCart
attacks, that is they remain secure even if a bounded amount of information about the secret key is leaked to the adversary. As an application of this result we propose a simple mode of operation which – when instantiated with any wPRF – gives a leakageresilient streamcipher. Such a cipher is secure
Leakageresilient Attributebased Encryptions with Fast Decryption: Model, Analysis and Construction ∗†
, 2013
"... Traditionally, in attributebased encryption (ABE), an access structure is constructed from a linear secret sharing scheme (LSSS), a boolean formula or an access tree. In this work, we encode the access structure as their minimal sets, which is equivalent to the existence of a smallest monotonic spa ..."
Abstract
 Add to MetaCart
span program for the characteristic function of the same access structure. We present two leakageresilient attributebased encryption schemes, ciphertextpolicy ABE (LRCPABE) and keypolicy ABE (LRKPABE), that can tolerate private key and master key to be partially leaked. By using our encoding
Results 1  10
of
161