How to Protect Yourself without Perfect Shredding
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
A Leakage-Resilient Mode of Operation
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Non-malleable extractors and symmetric key cryptography from weak secrets
Proceedings of the forty-first annual ACM symposium on Theory of computing
On cryptography with auxiliary input
Proceedings of the forty-first annual ACM symposium on Theory of computing
Practical leakage-resilient identity-based encryption from simple assumptions
Proceedings of the 17th ACM conference on Computer and communications security
Survey: leakage resilience and the bounded retrieval model
ICITS'09 Proceedings of the 4th international conference on Information theoretic security
A lower bound on the key length of information-theoretic forward-secure storage schemes
ICITS'09 Proceedings of the 4th international conference on Information theoretic security
Leakage-resilient pseudorandom functions and side-channel attacks on Feistel networks
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Parallel repetition for leakage resilience amplification revisited
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Achieving leakage resilience through dual system encryption
TCC'11 Proceedings of the 8th conference on Theory of cryptography
After-the-fact leakage in public-key encryption
TCC'11 Proceedings of the 8th conference on Theory of cryptography
One-time computable self-erasing functions
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Proceedings of the forty-third annual ACM symposium on Theory of computing
Key-evolution schemes resilient to space-bounded leakage
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Chosen-ciphertext attack secure public key encryption with auxiliary inputs
Security and Communication Networks
Hi-index | 0.00 |
We introduce a new primitive called Intrusion-Resilient Secret Sharing (IRSS), whose security proof exploits the fact that there exist functions which can be efficiently computed interactively using low communication complexity in k, but not in k - 1 rounds. IRSS is a means of sharing a secret message amongst a set of players which comes with a very strong security guarantee. The shares in an IRSS are made artificially large so that it is hard to retrieve them completely, and the reconstruction procedure is interactive requiring the players to exchange k short messages. The adversaries considered can attack the scheme in rounds, where in each round the adversary chooses some player to corrupt and some function, and retrieves the output of that function applied to the share of the corrupted player. This model captures for example computers connected to a network which can occasionally be infected by malicious software like viruses, which can compute any function on the infected machine, but cannot sent out a huge amount of data. Using methods from the Bounded-Retrieval Model, we construct an IRSS scheme which is secure against any computationally unbounded adversary as long as the total amount of information retrieved by the adversary is somewhat less than the length of the shares, and the adversary makes at most k-1 corruption rounds (as described above, where k rounds are necessary for reconstruction). We extend our basic scheme in several ways in order to allow the shares sent by the dealer to be short (the players then blow them up locally) and to handle even stronger adversaries who can learn some of the shares completely. As mentioned, there is an obvious connection between IRSS schemes and the fact that there exist functions with an exponential gap in their communication complexity for k and k - 1 rounds. Our scheme implies such a separation which is in several aspects stronger than the previously known ones.