Physically Observable Cryptography

Micali, Silvio; Reyzin, Leonid

doi:10.1007/978-3-540-24638-1_16

Cited by 343 publications

(308 citation statements)

References 24 publications

Supporting

Mentioning

305

Contrasting

Unclassified

Order By: Relevance

“…In their seminal work, Micali and Reyzin [MR04] initiated the formal modeling of side-channel attacks under the axiom that "only computation leaks information", where each invocation of a cryptographic primitive leaks a function of only the bits accessed during that invocation. Several primitives have been constructed in this setting including stream ciphers [DP08,Pie09] and signatures [FKPR10].…”

Section: Related Workmentioning

confidence: 99%

Public-Key Encryption in the Bounded-Retrieval Model

Alwen

Dodis

Naor

et al. 2010

Advances in Cryptology – EUROCRYPT 2010

157

202

View full text Add to dashboard Cite

Abstract.We construct the first public-key encryption scheme in the Bounded-Retrieval Model (BRM), providing security against various forms of adversarial "key leakage" attacks. In this model, the adversary is allowed to learn arbitrary information about the decryption key, subject only to the constraint that the overall amount of "leakage" is bounded by at most bits. The goal of the BRM is to design cryptographic schemes that can flexibly tolerate arbitrarily leakage bounds (few bits or many Gigabytes), by only increasing the size of secret key proportionally, but keeping all the other parameters -including the size of the public key, ciphertext, encryption/decryption time, and the number of secret-key bits accessed during decryption -small and independent of . As our main technical tool, we introduce the concept of an IdentityBased Hash Proof System (IB-HPS), which generalizes the notion of hash proof systems of Cramer and Shoup [CS02] to the identity-based setting. We give three different constructions of this primitive based on: (1) bilinear groups, (2) lattices, and (3) quadratic residuosity. As a result of independent interest, we show that an IB-HPS almost immediately yields an Identity-Based Encryption (IBE) scheme which is secure against (small) partial leakage of the target identity's decryption key. As our main result, we use IB-HPS to construct public-key encryption (and IBE) schemes in the Bounded-Retrieval Model.

show abstract

Section: Related Workmentioning

confidence: 99%

Public-Key Encryption in the Bounded-Retrieval Model

Alwen

Dodis

Naor

et al. 2010

Advances in Cryptology – EUROCRYPT 2010

157

202

View full text Add to dashboard Cite

show abstract

“…In particular, our construction uses results of Goldwasser and Rothblum [24,22], which show how to convert circuits into ones that are secure in only computation leaks model of Micali and Reyzin [29] (or even in the stronger OCL + model described above).…”

Section: Related Workmentioning

confidence: 99%

“…The outline of our solution is as follows: Starting from any hardware-assisted obfuscation solution that uses a completely trusted device (e.g., [19,25]), we first transform that device into a system that resists leakage in the Micali-Reyzin model of "only computation leaks" (OCL) [29] (or actually in a slightly augmented OCL model). In principle, this can be done using OCL-compilers from the literature [27,24,22] (but see discussion in Section 1.4 about properties of these compilers).…”

Section: Introductionmentioning

confidence: 99%

Program Obfuscation with Leaky Hardware

Bitansky

Canetti

Goldwasser

et al. 2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We consider general program obfuscation mechanisms using "somewhat trusted" hardware devices, with the goal of minimizing the usage of the hardware, its complexity, and the required trust. Specifically, our solution has the following properties:(i) The obfuscation remains secure even if all the hardware devices in use are leaky. That is, the adversary can obtain the result of evaluating any function on the local state of the device, as long as this function has short output. In addition the adversary also controls the communication between the devices.(ii) The number of hardware devices used in an obfuscation and the amount of work they perform are polynomial in the security parameter independently of the obfuscated function's complexity.(iii) A (universal) set of hardware components, owned by the user, is initialized only once and from that point on can be used with multiple "software-based" obfuscations sent by different vendors.

show abstract

“…In addition to constructions of randomized PKE mentioned above, leakage-resilient schemes for several tasks in a variety of leakage models are now known, e.g., digital signatures [LW10,BSW11,LLW11], identity-based encryption [BKKV10,CDRW10,LRW11], interactive proofs [GJS11,Pan14,AGP14], secure computation [FRR + 10, BGJK12,GR12], and so on. We remark that the study of leakage-resilient cryptography was initiated in [DP08,MR04,ISW03] as an attempt to provide an algorithmic defense against side-channel attacks [Koc96,AK97,QS01,OST06]. Renauld, Standaert, Veyrat-Charvillon, Kamel, and Flandre [RSV + 11] highlight several difficulties in formalizing an appropriate model of leakage for real-world side-channel attacks, and argue that often an algorithmic defense is not possible since the key might have been completely compromised.…”

Section: Introductionmentioning

confidence: 99%

Deterministic Public-Key Encryption Under Continual Leakage

Koppula

Pandey

Rouselakis

et al. 2016

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Deterministic public-key encryption, introduced by Bellare, Boldyreva, and O'Neill (CRYPTO 2007), is an important technique for searchable encryption; it allows quick, logarithmic-time, search over encrypted data items. The technique is most effective in scenarios where frequent search queries are performed over a huge database of unpredictable data items. We initiate the study of deterministic public-key encryption (D-PKE) in the presence of leakage. We formulate appropriate security notions for leakage-resilient D-PKE, and present constructions that achieve them in the standard model. We work in the continual leakage model, where the secret-key is updated at regular intervals and an attacker can learn arbitrary but bounded leakage on the secret key during each time interval. We, however, do not consider leakage during the updates. Our main construction is based on the (standard) linear assumption in bilinear groups, tolerating up to 0.5 − o(1) fraction of arbitrary leakage. The leakage rate can be improved to 1 − o(1) by relying on the SXDH assumption.At a technical level, we propose and construct a "continual leakage resilient" version of the all-but-one lossy trapdoor functions, introduced by Peikert and Waters (STOC 2008). Our formulation and construction of leakage-resilient lossy-TDFs is of independent general interest for leakage-resilient cryptography.

show abstract

Physically Observable Cryptography

Cited by 343 publications

References 24 publications

Public-Key Encryption in the Bounded-Retrieval Model

Public-Key Encryption in the Bounded-Retrieval Model

Program Obfuscation with Leaky Hardware

Deterministic Public-Key Encryption Under Continual Leakage

Contact Info

Product

Resources

About