Public-Key Cryptosystems Resilient to Key Leakage.

IACR Cryptology ePrint Archive 01/2009; 2009:105. DOI: 10.1007/978-3-642-03356-8_2
Source: DBLP

ABSTRACT Most of the work in the analysis of cryptographic schemes is concentrated in abstract ad- versarial models that do not capture side-channel attacks. Such attacks exploit various forms of unintended information leakage, which is inherent to almost all physical implementations. Inspired by recent side-channel attacks, especially the \cold boot attacks" of Halderman et al. (USENIX Security '08), Akavia, Goldwasser and Vaikuntanathan (TCC '09) formalized a realistic framework for modeling the security of encryption schemes against a wide class of side- channel attacks in which adversarially chosen functions of the secret key are leaked. In the setting of public-key encryption, Akavia et al. showed that Regev's lattice-based scheme (STOC '05) is resilient to any leakage of L=polylog(L) bits, where L is the length of the secret key. In this paper we revisit the above-mentioned framework and our main results are as follows: † We present a generic construction of a public-key encryption scheme that is resilient to key leakage from any universal hash proof system. The construction does not rely on additional computational assumptions, and the resulting scheme is as e-cient as the un- derlying hash proof system. Existing constructions of hash proof systems imply that our construction can be based on a variety of number-theoretic assumptions, including the decisional Di-e-Hellman assumption (and its progressively weaker d-Linear variants), the quadratic residuosity assumption, and Paillier's composite residuosity assumption. † We construct a new hash proof system based on the decisional Di-e-Hellman assumption (and its d-Linear variants), and show that the resulting scheme is resilient to any leakage of L(1¡o(1)) bits. In addition, we prove that the recent scheme of Boneh et al. (CRYPTO '08), constructed to be a \circular-secure" encryption scheme, flts our generic approach and is also resilient to any leakage of L(1 ¡ o(1)) bits. † We extend the framework of key leakage to the setting of chosen-ciphertext attacks. On the theoretical side, we prove that the Naor-Yung paradigm is applicable in this setting as well, and obtain as a corollary encryption schemes that are CCA2-secure with any leakage of L(1 ¡ o(1)) bits. On the practical side, we prove that variants of the Cramer- Shoup cryptosystem (along the lines of our generic construction) are CCA1-secure with any leakage of L=4 bits, and CCA2-secure with any leakage of L=6 bits.

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: One-time memories (OTM's) are simple, tamper-resistant cryptographic devices, which can be used to implement sophisticated functionalities such as one-time programs. OTM's cannot exist in a fully-classical world, or in a fully-quantum world, but there is evidence that they can be built using "isolated qubits" -- qubits that can only be accessed using local operations and classical communication (LOCC). Here we present new constructions for OTM's using isolated qubits, which improve on previous work in several respects: they achieve a stronger "single-shot" security guarantee, which is stated in terms of the (smoothed) min-entropy; they are proven secure against general LOCC adversaries; and they are efficiently implementable. These results use Wiesner's idea of conjugate coding, combined with error-correcting codes that approach the capacity of the q-ary symmetric channel, and a high-order entropic uncertainty relation, which was originally developed for cryptography in the bounded quantum storage model.
  • [Show abstract] [Hide abstract]
    ABSTRACT: We propose a leakage-resilient Identity-Based Encryption IBE scheme in the relative leakage mode. The semantic security of the proposed scheme is proved in two ways in the random oracle model under the Decisional Square Bilinear Diffie-Hellman D-Square-BDH assumption. Compared with some existing leakage-resilient IBE schemes, our construction enjoys a shorter parameter length, a lower computation cost and a higher ratio of the key leakage for the same level of security.
    International Journal of Grid and Utility Computing 09/2013; 4(2/3):187-196.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: One-time memories (OTM's) are simple tamper-resistant cryptographic devices, which can be used to implement one-time programs, a very general form of software protection and program obfuscation. Here we investigate the possibility of building OTM's using quantum mechanical devices. It is known that OTM's cannot exist in a fully-quantum world or in a fully-classical world. Instead, we propose a new model based on isolated qubits - qubits that can only be accessed using local operations and classical communication (LOCC). This model combines a quantum resource (single-qubit measurements) with a classical restriction (on communication between qubits), and can be implemented using current technologies, such as nitrogen vacancy centers in diamond. In this model, we construct OTM's that are information-theoretically secure against one-pass LOCC adversaries that use 2-outcome measurements. Our construction resembles Wiesner's old idea of quantum conjugate coding, implemented using random error-correcting codes; our proof of security uses entropy chaining to bound the supremum of a suitable empirical process. In addition, we conjecture that our random codes can be replaced by some class of efficiently-decodable codes, to get computationally-efficient OTM's that are secure against computationally-bounded LOCC adversaries. In addition, we construct data-hiding states, which allow an LOCC sender to encode an (n-O(1))-bit messsage into n qubits, such that at most half of the message can be extracted by a one-pass LOCC receiver, but the whole message can be extracted by a general quantum receiver.
    Proceedings of the 5th conference on Innovations in theoretical computer science; 01/2014

Full-text (2 Sources)

Available from