Learn More
Consider an abstract storage device Σ(G) that can hold a single element x from a xed, publicly known nite group G. Storage is private in the sense that an adversary does not have read access to Σ(G) at all. However, Σ(G) is non-robust in the sense that the adversary can modify its contents by adding some offset ∆ ∈ G. Due to the privacy of the storage(More)
Proofs of Retrievability (PoR), introduced by Juels and Kaliski [JK07], allow the client to store a file F on an untrusted server, and later run an efficient audit protocol in which the server proves that it (still) possesses the client’s data. Constructions of PoR schemes attempt to minimize the client and server storage, the communication complexity of an(More)
<lb>We study the design of cryptographic primitives resistant to a large class of side-channel attacks, called<lb>“memory attacks”, where an attacker can repeatedly and adaptively learn information about the secret key,<lb>subject only to the constraint that the overall amount of such information is bounded by some parameter<lb>`. Although the study of such(More)
We study the design of cryptographic primitives resilient to key-leakage attacks, where an attacker can repeatedly and adaptively learn information about the secret key, subject only to the constraint that the overall amount of such information is bounded by some parameter l. We construct a variety of leakage-resilient public-key systems including the first(More)
Oblivious RAM (ORAM) allows a client to access her data on a remote server while hiding the access pattern (which locations she is accessing) from the server. Beyond its immediate utility in allowing private computation over a client’s outsourced data, ORAM also allows mutually distrustful parties to run secure-computations over their joint data with(More)
Proofs of retrievability allow a client to store her data on a remote server (e.g., “in the cloud”) and periodically execute an efficient audit protocol to check that all of the data are being maintained correctly and can be recovered from the server. For efficiency, the computation and communication of the server and client during an audit protocol should(More)
We define and construct a new primitive called a fully homomorphic message authenticator. With such scheme, anybody can perform arbitrary computations over authenticated data and produce a short tag that authenticates the result of the computation (without knowing the secret key). This tag can be verified using the secret key to ensure that the claimed(More)
We construct the first public-key encryption scheme in the Bounded-Retrieval Model (BRM), providing security against various forms of adversarial “key leakage” attacks. In this model, the adversary is allowed to learn arbitrary information about the decryption key, subject only to the constraint that the overall amount of “leakage” is bounded by at most `(More)
We say that a cryptographic scheme is Continuous Leakage-Resilient (CLR), if it allows users to refresh their secret keys, using only fresh local randomness, such that: 1. The scheme remains functional after any number of key refreshes, although the public key never changes. Thus, the &#x0201C;outside world'' is neither affected by these key refreshes, nor(More)