The complexity of Boolean functions
The complexity of Boolean functions
Combinatorica - Theory of Computing
Unbiased bits from sources of weak randomness and probabilistic communication complexity
SIAM Journal on Computing - Special issue on cryptography
Conditionally-perfect secrecy and a provably-secure randomized cipher
Journal of Cryptology - Eurocrypt '90
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards
E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
On Perfect and Adaptive Security in Exposure-Resilient Cryptography
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
All-or-Nothing Encryption and the Package Transform
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
Electromagnetic Analysis: Concrete Results
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Extracting randomness from samplable distributions
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
On a New Way to Read Data from Memory
SISW '02 Proceedings of the First International IEEE Security in Storage Workshop
How to Get More Mileage from Randomness Extractors
CCC '06 Proceedings of the 21st Annual IEEE Conference on Computational Complexity
On the Compressibility of NP Instances and Cryptographic Applications
FOCS '06 Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science
Side channel cryptanalysis of product ciphers
Journal of Computer Security
Intrusion-Resilient Secret Sharing
FOCS '07 Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
The bit extraction problem or t-resilient functions
SFCS '85 Proceedings of the 26th Annual Symposium on Foundations of Computer Science
Independent Unbiased Coin Flips From A Correlated Biased Source: A Finite State Markov Chain
SFCS '84 Proceedings of the 25th Annual Symposium onFoundations of Computer Science, 1984
Leakage-Resilient Cryptography
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
Lest we remember: cold-boot attacks on encryption keys
Communications of the ACM - Security in the Browser
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
A Leakage-Resilient Mode of Operation
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
On cryptography with auxiliary input
Proceedings of the forty-first annual ACM symposium on Theory of computing
Public-Key Cryptosystems Resilient to Key Leakage
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Signature Schemes with Bounded Leakage Resilience
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Exposure-resilient functions and all-or-nothing transforms
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Intrusion-resilient key exchange in the bounded retrieval model
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Public-key encryption schemes with auxiliary inputs
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Protecting circuits from leakage: the computationally-bounded and noisy cases
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Intrusion-Resilience via the bounded-storage model
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Perfectly secure password protocols in the bounded retrieval model
TCC'06 Proceedings of the Third conference on Theory of Cryptography
One-time computable self-erasing functions
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Key-evolution schemes resilient to space-bounded leakage
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Leakage-Resilient cryptography from the inner-product extractor
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Leakage-Resilient circuits without computational assumptions
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Inspection resistant memory: architectural support for security from physical examination
Proceedings of the 39th Annual International Symposium on Computer Architecture
Continual leakage-resilient dynamic secret sharing in the split-state model
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
| Hi-index | 0.00 |
We study a problem of secure data storage on hardware that may leak information. We introduce a new primitive, that we call leakage-resilient storage (LRS), which is an (unkeyed) scheme for encoding messages, and can be viewed as a generalization of the All-Or-Nothing Transform (AONT, Rivest 1997). The standard definition of AONT requires that it should be hard to reconstruct a message m if not all the bits of its encoding Encode(m) are known. LRS is defined more generally, with respect to a class Γ of functions. The security definition of LRS requires that it should be hard to reconstruct m even if some values g1(Encode(m)),..., gt(Encode(m)) are known (where g1,..., gt ∈ Γ), as long as the total length of g1(Encode(m)),..., gt(Encode(m)) is smaller than some parameter c. We construct an LRS scheme that is secure with respect to Γ being a set of functions that can depend only on some restricted part of the memory. More precisely: we assume that the memory is divided in 2 parts, and the functions in Γ can be just applied to one of these parts. We also construct a scheme that is secure if the cardinality of Γ is restricted (but still it can be exponential in the length of the encoding). This construction implies security in the case when the set Γ consists of functions that are computable by Boolean circuits of a small size. We also discuss the connection between the problem of constructing leakage-resilient storage and a theory of the compressibility of NP-instances.