Key-Evolution Schemes Resilient to Space-Bounded Leakage

Dziembowski, Stefan; Kazana, Tomasz; Wichs, Daniel

doi:10.1007/978-3-642-22792-9_19

Cited by 22 publications

(14 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We adopt the paradigm where the action of pebbling a node in a DAG G is made equivalent to the action of having calculated some labeling on it. This paradigm was introduced in [15] and also recently used in [17,18]. We make use of a Random Oracle (RO) H to build a labeling on G according to the pebbling rules.…”

Section: Theorem 1 (Pebbling Theorem)mentioning

confidence: 99%

“…Dziembowski et al [17] built a leakage resilient key evolution scheme based on the pebbling framework. Their model allows an internal memory-bounded adversary that can control the update operation and leak bounded amounts of information.…”

Section: Introductionmentioning

confidence: 99%

“…Specifically, we will turn to the class of functions derived from the"graph labeling problem" already used in cryptography (see for example [15,17,18]). Important tools in delegation of computation are interactive proof (and argument) systems.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Proofs of Space: When Space Is of the Essence

Ateniese

Bonacina

Faonio

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Proofs of computational effort were devised to control denial of service attacks. Dwork and Naor (CRYPTO '92), for example, proposed to use such proofs to discourage spam. The idea is to couple each email message with a proof of work that demonstrates the sender performed some computational task. A proof of work can be either CPU-bound or memory-bound. In a CPU-bound proof, the prover must compute a CPU-intensive function that is easy to check by the verifier. A memory-bound proof, instead, forces the prover to access the main memory several times, effectively replacing CPU cycles with memory accesses. In this paper we put forward a new concept dubbed proof of space. To compute such a proof, the prover must use a specified amount of space, i.e., we are not interested in the number of accesses to the main memory (as in memory-bound proof of work) but rather on the amount of actual memory the prover must employ to compute the proof. We give a complete and detailed algorithmic description of our model. We develop a comprehensive theoretical analysis which uses combinatorial tools from Complexity Theory (such as pebbling games) which are essential in studying space lower bounds.

show abstract

Section: Theorem 1 (Pebbling Theorem)mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Proofs of Space: When Space Is of the Essence

Ateniese

Bonacina

Faonio

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The goal of the player is to pebble a certain vertex of the graph. This technique was used in cryptography already before [21][22][23]. For an introduction to the graph pebbling see, e.g., [48].…”

Section: Introductionmentioning

confidence: 99%

Proofs of Space

Dziembowski

Faust

Kolmogorov

et al. 2015

Lecture Notes in Computer Science

Self Cite

256

159

View full text Add to dashboard Cite

Abstract. Proofs of work (PoW) have been suggested by Dwork and Naor (Crypto'92) as protection to a shared resource. The basic idea is to ask the service requestor to dedicate some non-trivial amount of computational work to every request. The original applications included prevention of spam and protection against denial of service attacks. More recently, PoWs have been used to prevent double spending in the Bitcoin digital currency system. In this work, we put forward an alternative concept for PoWs -so-called proofs of space (PoS), where a service requestor must dedicate a significant amount of disk space as opposed to computation. We construct secure PoS schemes in the random oracle model (with one additional mild assumption required for the proof to go through), using graphs with high "pebbling complexity" and Merkle hash-trees. We discuss some applications, including follow-up work where a decentralized digital currency scheme called Spacecoin is constructed that uses PoS (instead of wasteful PoW like in Bitcoin) to prevent double spending. The main technical contribution of this work is the construction of (directed, loop-free) graphs on N vertices with in-degree O(log log N ) such that even if one places Θ(N ) pebbles on the nodes of the graph, there's a constant fraction of nodes that needs Θ(N ) steps to be pebbled (where in every step one can put a pebble on a node if all its parents have a pebble).

show abstract

“…The reason is that, in the random oracle model, every party should have access to the random oracle. In particular, this includes the leakage oracle and the adversarially specified leakage function, resulting in an implicit second stage [14]. Hence, whenever side-channel attacks are reflected in a model, adversaries act at least in two stages-and for real-life applications, we cannot discard side-channel attacks.…”

Section: Introductionmentioning

confidence: 99%

Reset Indifferentiability and Its Consequences

Baecher

Brzuska

Mittelbach

2013

Advances in Cryptology - ASIACRYPT 2013

View full text Add to dashboard Cite

Abstract. The equivalence of the random-oracle model and the idealcipher model has been studied in a long series of results. Holenstein, Künzler, and Tessaro (STOC, 2011) have recently completed the picture positively, assuming that, roughly speaking, equivalence is indifferentiability from each other. However, under the stronger notion of reset indifferentiability this picture changes significantly, as Demay et al. (EU-ROCRYPT, 2013) and Luykx et al. (ePrint, 2012) demonstrate.We complement these latter works in several ways. First, we show that any simulator satisfying the reset indifferentiability notion must be stateless and pseudo deterministic. Using this characterization we show that, with respect to reset indifferentiability, two ideal models are either equivalent or incomparable, that is, a model cannot be strictly stronger than the other model. In the case of the random-oracle model and the ideal-cipher model, this implies that the two are incomparable. Finally, we examine weaker notions of reset indifferentiability that, while not being able to allow composition in general, allow composition for a large class of multi-stage games. Here we show that the seemingly much weaker notion of 1-reset indifferentiability proposed by Luykx et al. is equivalent to reset indifferentiability. Hence, the impossibility of coming up with a reset-indifferentiable construction transfers to the setting where only one reset is permitted, thereby re-opening the quest for an achievable and meaningful notion in between the two variants.

show abstract

Key-Evolution Schemes Resilient to Space-Bounded Leakage

Cited by 22 publications

References 33 publications

Proofs of Space: When Space Is of the Essence

Proofs of Space: When Space Is of the Essence

Proofs of Space

Reset Indifferentiability and Its Consequences

Contact Info

Product

Resources

About