## Leakage-resilient cryptography (2008)

Venue: | In 49th FOCS |

Citations: | 84 - 7 self |

### BibTeX

@INPROCEEDINGS{Dziembowski08leakage-resilientcryptography,

author = {Stefan Dziembowski and La Sapienza and Krzysztof Pietrzak},

title = {Leakage-resilient cryptography},

booktitle = {In 49th FOCS},

year = {2008},

pages = {293--302},

publisher = {IEEE Computer Society Press}

}

### OpenURL

### Abstract

We construct a stream-cipher SC whose implementation is secure even if a bounded amount of arbitrary (adaptively, adversarially chosen) information about the internal state of SC is leaked during computation of each output block. This captures all possible side-channel attacks on SC where (1) the amount of information leaked in a given period is bounded, but overall can be arbitrary large and (2) “only computation leaks information”. The construction is based on alternating extraction (used in the intrusion-resilient secret-sharing scheme from FOCS’07). We move this concept to the computational setting by proving a lemma that states that the output of any pseudorandom generator (PRG) has high HILL pseudoentropy (i.e. is indistinguishable from some distribution with high min-entropy) even if arbitrary information about the seed is leaked. The amount of leakage λ that we can tolerate in each step depends on the strength of the underlying PRG, it is at least logarithmic, but can be as large as a constant fraction of the internal state of SC if the PRG is exponentially hard. 1.

### Citations

729 | Construction of pseudorandom generator from any one-way function
- H˚astad, Impagliazzo, et al.
- 1999
(Show Context)
Citation Context ...ic assumptions, for example secret-key encryption can be based ∗ An extended abstract of this paper appeared at FOCS’08 [13]. This version was last modified February 24, 2010. on any one-way function =-=[19]-=-. Also from the practical perspective, the currently used constructions have very strong security properties, e.g. after 30 years of intensive cryptanalytic efforts still the most practical attack on ... |

676 | B.: Differential power analysis
- Kocher, Jaffe, et al.
- 1999
(Show Context)
Citation Context ...ttacks against cryptosystems (still assumed to by sound as mathematical objects) have been found exploiting side-channels like running-time [24], electromagnetic radiation [32, 15], power consumption =-=[25]-=- and many more (see e.g. [33, 30]). 1 A typical countermeasure against this type of attacks is to design hardware that minimizes the leakage of secret data (e.g. by shielding any electromagnetic emiss... |

419 | Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and other systems
- Kocher
- 1996
(Show Context)
Citation Context ... to the mathematical object alone. In the last decade many attacks against cryptosystems (still assumed to by sound as mathematical objects) have been found exploiting side-channels like running-time =-=[24]-=-, electromagnetic radiation [32, 15], power consumption [25] and many more (see e.g. [33, 30]). 1 A typical countermeasure against this type of attacks is to design hardware that minimizes the leakage... |

356 | M.: Tamper resistance – a cautionary note
- Anderson, Kuhn
- 1996
(Show Context)
Citation Context ...iate variables using randomization (see [30] for a list of relevant papers). The problem with hardware-based solutions is that protection against all possible types of leakage is very hard to achieve =-=[2]-=-, if not impossible. On the other hand, most algorithm-specific methods proposed so far are only heuristic and do not offer any formal security proof (we mention some exceptions in Sect.1.1). Moreover... |

291 | On the Importance of Checking Cryptographic Protocols for Faults
- Boneh, DeMillo, et al.
(Show Context)
Citation Context ...o observe leakage from the computation. In active attacks, which are not the subject of this paper, one considers adversaries which intentionally introduce errors in the computation of a cryptodevice =-=[5, 4]-=-.Provable Security & Side-Channel Attacks? Clearly, this situation cannot be satisfying from a cryptographic point of view. What are our beautiful provably secure cryptosystems good for, when ultimat... |

219 | Differential Fault Analysis of Secret Key Cryptosystems - Biham, Shamir |

198 |
Zur Theorie der Gesellschaftsspiele” . Mathematische Annalen 100, 295–320; translated as “On the theory of games of strategy
- Neumann
- 1928
(Show Context)
Citation Context ...ery circuit D ∈ Ds there exists a distribution Y with H∞(Y ) ≥ k and δD (X,Y ) ≤ ǫ. H∗Metric ǫ,s is defined analogousely using D ∗ s instead Ds. Barak et al. [3] use the von Neumann’s min-max theorem =-=[29]-=- to prove the equivalence of H ∗HILL and H ∗Metric . Lemma 2 [ Thm.5.2 from [3]] Let X be a distribution over {0,1} n . For every ǫ,ǫHILL > 0 and k, if H∗Metric ǫ,s (X) ≥ k then H∗HILL ǫ+ǫHILL,ˆs (X) ... |

151 | The primes contain arbitrarily long arithmetic progressions, preprint: http://xxx.arxiv.org/math
- Green, Tao
(Show Context)
Citation Context ... a more general form) has independently been discovered by [34, 16]. Section 5 of [35] gives an overview over this and related topics, in particular the connection to recent results in number theorem =-=[17]-=-. Our construction can be instantiated with any pseudorandom-generator, and the amount of leakage λ that we can tolerate in each step depends on the strength of the underlying PRG, it is at least loga... |

137 |
Electromagnetic analysis (EMA): Measures and counter-measures for smart cards
- Quisquater, Samyde
- 2001
(Show Context)
Citation Context ...e. In the last decade many attacks against cryptosystems (still assumed to by sound as mathematical objects) have been found exploiting side-channels like running-time [24], electromagnetic radiation =-=[32, 15]-=-, power consumption [25] and many more (see e.g. [33, 30]). 1 A typical countermeasure against this type of attacks is to design hardware that minimizes the leakage of secret data (e.g. by shielding a... |

108 | Lest we remember: cold-boot attacks on encryption keys
- Halderman, Schoen, et al.
- 2009
(Show Context)
Citation Context ...ttack the amount of leakage the adversary sees is bounded, for example because the adversary can only make a single measurement. An important attacks which falls into this class are cold-boot attacks =-=[18]-=-. There is a substantial body of work (some very recent) giving constructions of cryptosystems which are provably secure against very general bounded side-channels. On the other hand, there was almost... |

92 | Electromagnetic analysis: Concrete results
- Gandolfi, Mourtel, et al.
- 2001
(Show Context)
Citation Context ...e. In the last decade many attacks against cryptosystems (still assumed to by sound as mathematical objects) have been found exploiting side-channels like running-time [24], electromagnetic radiation =-=[32, 15]-=-, power consumption [25] and many more (see e.g. [33, 30]). 1 A typical countermeasure against this type of attacks is to design hardware that minimizes the leakage of secret data (e.g. by shielding a... |

80 | Side channel cryptanalysis of product ciphers
- Kelsey, Schneier, et al.
- 1998
(Show Context)
Citation Context ...s quite a large class of real-life attacks. In particular many attacks based on measuring the power consumption result in logarithmicsize leakages, e.g. in a so-called Hamming weight attack (see e.g. =-=[23]-=-) the adversary just learns the number of wires carrying the bit 1. Of course this value is of logarithmic length in the size of the circuit, and hence also in kprg. In the case λ ∈ Θ(kprg) (i.e. if p... |

74 | Private circuits: Securing hardware against probing attacks
- Ishai, Sahai, et al.
- 2003
(Show Context)
Citation Context ...here was almost no progress on provable security against continuous leakage predating the conference version of this paper [13]. Notable exceptions are the works on “private-circuits” by Ishai et al. =-=[21]-=- and the and the influential framework of “physically observable cryptography” by Micali and Reyzin [27]. We’ll discuss this and other related work in more detail in Section 1.1. For know, let us just... |

64 | A universal statistical test for random bit generators
- Maurer
- 1991
(Show Context)
Citation Context ...fine the set of leakage functions by restricting the length of function’s output is taken from the bounded-retrieval model [11, 9, 8, 9, 12, 1] which in turn was inspired by the bounded-storage model =-=[26]-=-. 4 Finally let us mention that some constructions of ciphers secure against general leakages were also proposed in the literature, however, their security proofs rely on very strong assumptions like ... |

58 | Deterministic extractors for bit-fixing sources and exposureresilient cryptography
- Kamp, Zuckerman
- 2003
(Show Context)
Citation Context ...side-channel attacks are ad-hoc solutions trying to prevent some particular attack or heuristics coming without security proofs, we mention some notable exceptions below. Exposure-resilient functions =-=[6, 10, 22]-=- are functions whose output remains secure, even if an adversary can learn the value of some input bits, this model has been extensively investigated and very strong results have been obtained. Ishai ... |

48 |
Physically observable cryptography (extended abstract
- Micali, Reyzin
- 2004
(Show Context)
Citation Context ...sion of this paper [13]. Notable exceptions are the works on “private-circuits” by Ishai et al. [21] and the and the influential framework of “physically observable cryptography” by Micali and Reyzin =-=[27]-=-. We’ll discuss this and other related work in more detail in Section 1.1. For know, let us just mention that all works on provable security against continuous side-channel attacks either only protect... |

29 | Intrusion-resilience via the bounded-storage model
- Dziembowski
- 2006
(Show Context)
Citation Context ...ent that some computations can be done perfectly leakage free. The idea to define the set of leakage functions by restricting the length of function’s output is taken from the bounded-retrieval model =-=[11, 9, 8, 9, 12, 1]-=- which in turn was inspired by the bounded-storage model [26]. 4 Finally let us mention that some constructions of ciphers secure against general leakages were also proposed in the literature, however... |

28 | Private circuits II: Keeping secrets in tamperable circuits
- Ishai, Prabhakaran, et al.
- 2006
(Show Context)
Citation Context ...nctions whose output remains secure, even if an adversary can learn the value of some input bits, this model has been extensively investigated and very strong results have been obtained. Ishai et al. =-=[21, 20]-=- consider the more general case of making circuits provably secure [21] and even tamper resistant [20] against adversaries who can read/tamper the value of a bounded number of arbitrary wires in the c... |

26 |
Yevgeniy Dodis, Shai Halevi, Eyal Kushilevitz, and Amit Sahai. Exposure-resilient functions and all-or-nothing transforms
- Canetti
- 2000
(Show Context)
Citation Context ...side-channel attacks are ad-hoc solutions trying to prevent some particular attack or heuristics coming without security proofs, we mention some notable exceptions below. Exposure-resilient functions =-=[6, 10, 22]-=- are functions whose output remains secure, even if an adversary can learn the value of some input bits, this model has been extensively investigated and very strong results have been obtained. Ishai ... |

22 |
Dense subsets of pseudorandom sets
- Reingold, Trevisan, et al.
(Show Context)
Citation Context ...ble from some distribution with high min-entropy) even if a bounded amount of arbitrary information about the seed is leaked. This result (in a more general form) has independently been discovered by =-=[34, 16]-=-. Section 5 of [35] gives an overview over this and related topics, in particular the connection to recent results in number theorem [17]. Our construction can be instantiated with any pseudorandom-ge... |

20 |
A block cipher based pseudo random number generator secure against side-channel key recovery
- Petit, Standaert, et al.
- 2008
(Show Context)
Citation Context ...ion that some constructions of ciphers secure against general leakages were also proposed in the literature, however, their security proofs rely on very strong assumptions like the ideal-cipher model =-=[31]-=-, or one-way permutations which do not leak any information at all [28]. 1.2. Probability-theoretic preliminaries We denote with Un the random variable with distribution uniform over {0,1} n . With X ... |

19 |
Intrusion-resilient secret sharing
- Dziembowski, Pietrzak
- 2007
(Show Context)
Citation Context ...nitions are given is Sect. 2.1. Our Construction. The starting point of our construction is the concept of alternating extraction previously used in the intrusion-resilient secret-sharing scheme from =-=[12]-=-. We move this concept to the computational setting by proving a lemma that states that the output of any PRG has high HILL pseudoentropy (i.e. is indistinguishable from some distribution with high mi... |

17 |
Shabsi Walfish. Perfectly secure password protocols in the bounded retrieval model
- Crescenzo, Lipton
- 2006
(Show Context)
Citation Context ...ent that some computations can be done perfectly leakage free. The idea to define the set of leakage functions by restricting the length of function’s output is taken from the bounded-retrieval model =-=[11, 9, 8, 9, 12, 1]-=- which in turn was inspired by the bounded-storage model [26]. 4 Finally let us mention that some constructions of ciphers secure against general leakages were also proposed in the literature, however... |

16 |
Ronen Shaltiel, and Avi Wigderson. Computational analogues of entropy
- Barak
- 2003
(Show Context)
Citation Context ...ion to be secure against nonuniform adversaries. The only step in the security proof where it matters that we are in a non-uniform setting, is in Section 6, where we use a theorem due to Barak et al. =-=[3]-=- which shows that two notions of pseudoentropy (called HILL and metric-type) are equivalent for circuits. In [3] this equivalence is also proved in a uniform setting, and one could use this to get a s... |

7 |
approximate structure, transference, and the Hahn– Banach Theorem
- Decompositions
(Show Context)
Citation Context ...ble from some distribution with high min-entropy) even if a bounded amount of arbitrary information about the seed is leaked. This result (in a more general form) has independently been discovered by =-=[34, 16]-=-. Section 5 of [35] gives an overview over this and related topics, in particular the connection to recent results in number theorem [17]. Our construction can be instantiated with any pseudorandom-ge... |

5 |
Leakage resilient public-key cryptography in the bounded retrieval model
- Alwen, Dodis, et al.
- 2009
(Show Context)
Citation Context ...ent that some computations can be done perfectly leakage free. The idea to define the set of leakage functions by restricting the length of function’s output is taken from the bounded-retrieval model =-=[11, 9, 8, 9, 12, 1]-=- which in turn was inspired by the bounded-storage model [26]. 4 Finally let us mention that some constructions of ciphers secure against general leakages were also proposed in the literature, however... |

4 | How to protect yourself without perfect shredding
- Canetti, Eiger, et al.
- 2008
(Show Context)
Citation Context ...where the adversary can read-off the values of a few individual wires. Moreover Ishai et al. require special gates that can generate random bits, we do not assume any special hardware. Canetti et al. =-=[7]-=- consider the possibility of secure computation in a setting where perfect deletion of most of the memory is not possible. Although the goal is different, their model is conceptually very similar to o... |

4 |
and Shabsi Walfish. Intrusion-resilient key exchange in the bounded retrieval model
- Cash, Ding, et al.
- 2007
(Show Context)
Citation Context |

4 | column: additive combinatorics and theoretical computer science, SIGACT News 40 (2009), no. 2, 50–66. 1 Instituto de Matemática e Estatística, Universidade de São Paulo, Rua do Matão 1010, 05508–090 São Paulo, Brazil (Y. Kohayakawa) E-mail address: yoshi@
- Trevisan, Guest
(Show Context)
Citation Context ...ion with high min-entropy) even if a bounded amount of arbitrary information about the seed is leaked. This result (in a more general form) has independently been discovered by [34, 16]. Section 5 of =-=[35]-=- gives an overview over this and related topics, in particular the connection to recent results in number theorem [17]. Our construction can be instantiated with any pseudorandom-generator, and the am... |

1 | Leakage-resilient cryptography in the standard model. Cryptology ePrint Archive, Report 2008/240
- Dziembowski, Pietrzak
- 2008
(Show Context)
Citation Context ...e state an information theoretic result which is very similar to the main main technical lemma used in the security proof of the intrusion-resilient secretsharing scheme from [12], a proof appears in =-=[14]-=-. 6 See Lemma 2 as to what ˆs exactly is.A K0 = Knxt 0 ‖K ′ 0 B Q τ1 f1 eval ext f1(τ1) i.e. given τℓ and the view of Q after the computation of Kℓ, the next key Kℓ+1 = ext(Kℓ,τℓ) to be output by SC ... |