Oblivious-Transfer Amplification
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Leakage-Resilient Cryptography
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
A Leakage-Resilient Mode of Operation
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
On cryptography with auxiliary input
Proceedings of the forty-first annual ACM symposium on Theory of computing
Public-Key Cryptosystems Resilient to Key Leakage
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Signature Schemes with Bounded Leakage Resilience
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A tight high-order entropic quantum uncertainty relation with applications
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Circular and leakage resilient public-key encryption under subgroup indistinguishability
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
On the Insecurity of Parallel Repetition for Leakage Resilience
FOCS '10 Proceedings of the 2010 IEEE 51st Annual Symposium on Foundations of Computer Science
Parallel repetition for leakage resilience amplification revisited
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Signatures resilient to continual leakage on memory and computation
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Fully leakage-resilient signatures
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Leakage-resilient zero knowledge
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Public-key encryption schemes with auxiliary inputs
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Public-Key encryption in the bounded-retrieval model
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
| Hi-index | 0.00 |
A leakage resilient encryption scheme is one which stays secure even against an attacker that obtains a bounded amount of side information on the secret key (say λ bits of "leakage"). A fundamental question is whether parallel repetition amplifies leakage resilience. Namely, if we secret share our message, and encrypt the shares under two independent keys, will the resulting scheme be resilient to 2λ bits of leakage? Surprisingly, Lewko and Waters (FOCS 2010) showed that this is false. They gave an example of a public-key encryption scheme that is (CPA) resilient to λ bits of leakage, and yet its 2-repetition is not resilient to even (1+ε)λ bits of leakage. In their counter-example, the repeated schemes share secretly generated public parameters. In this work, we show that under a reasonable strengthening of the definition of leakage resilience (one that captures known proof techniques for achieving non-trivial leakage resilience), parallel repetition does in fact amplify leakage (for CPA security). In particular, if fresh public parameters are used for each copy of the Lewko-Waters scheme, then their negative result does not hold, and leakage is amplified by parallel repetition. More generally, given t schemes that are resilient to λ1, …, λt bits of leakage, respectfully, we show that their direct product is resilient to ∑(λi−1) bits. We present our amplification theorem in a general framework that applies other cryptographic primitives as well.