Lattice Attacks on Digital Signature Schemes
Designs, Codes and Cryptography
Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
The Modular Inversion Hidden Number Problem
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Hidden number problem with hidden multipliers, timed-release crypto, and noisy exponentiation
Mathematics of Computation
Leakage-Resilient Cryptography
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
Cryptography against Continuous Memory Attacks
FOCS '10 Proceedings of the 2010 IEEE 51st Annual Symposium on Foundations of Computer Science
Public-key encryption schemes with auxiliary inputs
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Hierarchical identity based encryption with constant size ciphertext
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
A public key cryptosystem and a signature scheme based on discrete logarithms
IEEE Transactions on Information Theory
| Hi-index | 0.89 |
Recently it was conjectured that an ElGamal-based public-key encryption scheme with stateful decryption resists lunch-time chosen ciphertext and leakage attacks in the only computation leaks information model. We give a non-trivial upper bound on the amount of leakage tolerated by this conjecture. More precisely, we prove that the conjecture does not hold if more than a (38+o(1)) fraction of the bits are leaked at every decryption step, by showing a lunch-time attack that recovers the full secret key. The attack uses a new variant of the Hidden Number Problem, that we call Hidden Shares - Hidden Number Problem, which is of independent interest.