Tamper and Leakage Resilience in the Split-State Model

Abstract: It is notoriously difficult to create hardware that is immune from side channel and tampering attacks. A lot of recent literature, therefore, has instead considered algorithmic defenses from such attacks.In this paper, we show how to algorithmically secure any cryptographic functionality from continual split-state leakage and tampering attacks. A split-state attack on cryptographic hardware is one that targets separate parts of the hardware separately. Our construction does not require the hardware to have acc… Show more

“…That is, the adversary picks two polynomial-time computable functions T 0 and T 1 and replaces the state (X 0 , X 1 ) with the tampered state (T 0 (X 0 ), T 1 (X 1 )). Similar to the earlier work of Liu and Lysyanskaya [24] our construction assumes a public untamperable CRS. Notice that this is a rather mild assumption as the CRS can be hard-wired into the functionality and is independent of any secret data.…”

“…As discussed above one main application of non-malleable codes is to protect cryptographic schemes against tampering with the secret key [17,24]. Consider a reactive functionality G with secret state st that can be executed on input m, e.g., G may be the AES with key st encrypting messages m. Using a non-malleable code earlier work showed how to transform the functionality (G, st ) into a functionality (G Code , X) that is secure against tampering with X.…”

“…Various recent works study the split-state model for non-malleable codes [24,15,1] (see more details on related work in Section 1.2). In the split-state tampering model, the codeword consists of two halves X 0 and X 1 that are stored on two different parts of the memory.…”

“…The first construction of (one-shot) split-state non-malleable codes in the standard model was given by Liu and Lysyanskaya [24]. At a high-level the construction encrypts the input x with a leakage resilient encryption scheme and generates a non-interactive zero-knowledge proof of knowledge showing that (a) the public/secret key of the PKE are valid, and (b) the ciphertext is an encryption of x under the public key.…”

“…In recent years, a growing body of work (see [21,22,17,24,1,2,19] and many more) develop new cryptographic techniques that protect against tampering attacks. Non-malleable codes introduced by Dziembowski, Pietrzak and Wichs [17] are an important approach to achieve this goal.…”

Continuous Non-malleable Codes

“…That is, the adversary picks two polynomial-time computable functions T 0 and T 1 and replaces the state (X 0 , X 1 ) with the tampered state (T 0 (X 0 ), T 1 (X 1 )). Similar to the earlier work of Liu and Lysyanskaya [24] our construction assumes a public untamperable CRS. Notice that this is a rather mild assumption as the CRS can be hard-wired into the functionality and is independent of any secret data.…”

“…As discussed above one main application of non-malleable codes is to protect cryptographic schemes against tampering with the secret key [17,24]. Consider a reactive functionality G with secret state st that can be executed on input m, e.g., G may be the AES with key st encrypting messages m. Using a non-malleable code earlier work showed how to transform the functionality (G, st ) into a functionality (G Code , X) that is secure against tampering with X.…”

“…Various recent works study the split-state model for non-malleable codes [24,15,1] (see more details on related work in Section 1.2). In the split-state tampering model, the codeword consists of two halves X 0 and X 1 that are stored on two different parts of the memory.…”

“…The first construction of (one-shot) split-state non-malleable codes in the standard model was given by Liu and Lysyanskaya [24]. At a high-level the construction encrypts the input x with a leakage resilient encryption scheme and generates a non-interactive zero-knowledge proof of knowledge showing that (a) the public/secret key of the PKE are valid, and (b) the ciphertext is an encryption of x under the public key.…”

“…In recent years, a growing body of work (see [21,22,17,24,1,2,19] and many more) develop new cryptographic techniques that protect against tampering attacks. Non-malleable codes introduced by Dziembowski, Pietrzak and Wichs [17] are an important approach to achieve this goal.…”

Continuous Non-malleable Codes

Continuous NMC Secure Against Permutations and Overwrites, with Applications to CCA Secure Commitments

Public Key Encryption Resilient to Post-challenge Leakage and Tampering Attacks