Models of Computation: Exploring the Power of Computing
Models of Computation: Exploring the Power of Computing
Towards Sound Approaches to Counteract Power-Analysis Attacks
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards
E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
Intrusion-Resilient Secret Sharing
FOCS '07 Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Leakage-Resilient Cryptography
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
A Leakage-Resilient Mode of Operation
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Public-Key Cryptosystems Resilient to Key Leakage
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Remote timing attacks are practical
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Signature Schemes with Bounded Leakage Resilience
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Intrusion-resilient key exchange in the bounded retrieval model
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Practical leakage-resilient pseudorandom generators
Proceedings of the 17th ACM conference on Computer and communications security
Protecting cryptographic keys against continual leakage
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Securing computation against continuous leakage
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
One-time computable self-erasing functions
TCC'11 Proceedings of the 8th conference on Theory of cryptography
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Public-key encryption schemes with auxiliary inputs
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Protecting circuits from leakage: the computationally-bounded and noisy cases
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Intrusion-Resilience via the bounded-storage model
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Perfectly secure password protocols in the bounded retrieval model
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Hi-index | 0.00 |
Much recent work in cryptography attempts to build secure schemes in the presence of side-channel leakage or leakage caused by malicious software, like computer viruses. In this setting, the adversary may obtain some additional information (beyond the control of the scheme designer) about the internal secret state of a cryptographic scheme. Here, we consider key-evolution schemes that allow a user to evolve a secret-key K1 via a deterministic function f, to get updated keysK2 = f(K1), K3 = f(K2), . . .. Such a scheme is leakage-resilient if an adversary that can leak on the first i steps of the evolution process does not get any useful information about any future keys. For such schemes, one must assume some restriction on the complexity of the leakage to prevent pre-computation attacks, where the leakage on a key Ki simply pre-computes a future key Ki+t and leaks even a single bit on it. Much of the prior work on this problem, and the restrictions made therein, can be divided into two types. Theoretical work offers rigor and provable security, but at the cost of having to make strong restrictions on the type of leakage and designing complicated schemes to make standard reduction-based proof techniques go through (an example of such an assumption is the "only computation leaks" axiom). On the other hand, practical work focuses on simple and efficient schemes, often at the cost of only achieving an intuitive notion of security without formal well-specified guarantees. In this paper, we complement the two tracks via a middle-of-the-road approach. On one hand, we rely on the random-oracle model. On the other hand, we show that even in the random-oracle model, designing secure leakage-resilient schemes is susceptible to pitfalls. For example, just assuming that leakage "cannot evaluate the random oracle" can be misleading. Instead, we define a new model in which we assume that the "leakage" can be any arbitrary space bounded computation that can make random oracle calls itself. We connect the spacecomplexity of a computation in the random-oracle modeling to the pebbling complexity on graphs. Using this connection, we derive meaningful guarantees for relatively simple key-evolution constructions. Our scheme is secure also against a large and natural class of active attacks, where an attacker can leak as well as tamper with the internals of a device. This is especially important if the key evolution is performed on a PC that can be attacked by a virus, a setting considered by prior work in the bounded retrieval model (BRM)). This paper provides the first scheme were the adversary in the BRM can also modify the data stored on the machine.