Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks

  title={Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks},
  author={Yevgeniy Dodis and Krzysztof Pietrzak},
A cryptographic primitive is leakage-resilient, if it remains secure even if an adversary can learn a bounded amount of arbitrary information about the computation with every invocation. As a consequence, the physical implementation of a leakage-resilient primitive is secure against every side-channel as long as the amount of information leaked per invocation is bounded. In this paper we prove positive and negative results about the feasibility of constructing leakage-resilient pseudorandom… 

Practical Leakage-Resilient Symmetric Cryptography

It is shown that indeed for simpler constructions leakage-resilience can be obtained when the authors aim for relaxed security notions where the leakage-functions and/or the inputs to the primitive are chosen non-adaptively.

Leakage Resilient One-Way Functions: The Auxiliary-Input Setting

This work considers the problem of constructing leakage resilient one-way functions that are secure with respect to arbitrary computationally hiding leakage a.k.a auxiliary-input and shows that when the leakage is chosen ahead of time, there are leakage resilientOne- way functions based on a variety of assumption.

Leakage-Resilient Symmetric Cryptography Under Empirically Verifiable Assumptions

This paper argues that the previous “bounded leakage” requirements used in leakage-resilient cryptography are hard to fulfill by hardware engineers, and introduces a new, more realistic and empirically verifiable assumption of simulatable leakage, under which security proofs in the standard model can be obtained.

Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs

It is put forward that the AES is not perfectly suited for integration in a leakage-resilient design, and more sophisticated tools based on lattice reduction turn out to be powerful in the physical cryptanalysis of these primitives.

Multiparty computation secure against continual memory leakage

We construct a multiparty computation (MPC) protocol that is secure even if a malicious adversary, in addition to corrupting 1-ε fraction of all parties for an arbitrarily small constant ε >0, can

Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

This paper proposes and analyzes new constructions of leakage-resilient MAC and encryption schemes, which allow fixing security and efficiency drawbacks of previous proposals in this direction.

Masking against Side-Channel Attacks: A Formal Security Proof

It is proved that the information gained by observing the leakage from one execution can be made negligible (in the masking order) and a formal security proof for masked implementations of block ciphers is provided.

Unknown-Input Attacks in the Parallel Setting: Improving the Security of the CHES 2012 Leakage-Resilient PRF

It turns out that such noise renders the problem of side-channel key recovery intractable under very little and easily satisfiable assumptions, which means that the construction stays secure even in a noise-free setting and independent of the number of traces and the used power model.

Leakage-Resilient Symmetric Encryption via Re-keying

Here, it is proved that using a leakage-resilient re-keying scheme on top of a secure encryption scheme in the standard model, leads to a leaking-resILient encryption scheme.

Practical Leakage-Resilient Pseudorandom Objects with Minimum Public Randomness

This paper shows that tweaked designs with minimum randomness requirements can be proven leakage-resilient in minicrypt, and improves the practical relevance of two important leakage- Resilient pseudorandom objects.



Leakage-Resilient Cryptography

A stream-cipher S is constructed whose implementation is secure even if a bounded amount of arbitrary (adversarially chosen) information on the internal state of S is leaked during computation, and a lemma is proved that the output of any PRG has high HILLpseudoentropy even if arbitrary information about the seed is leaked.

A Leakage-Resilient Mode of Operation

It is shown that unlike "normal" PRFs, wPRFs are seed-incompressible, in the sense that the output of a wPRF is pseudorandom even if a bounded amount of information about the key is leaked.

Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model

This work builds an efficient three-round AKA in the Random-Oracle Model, which is resilient to key-leakage attacks that can occur prior-to and after a protocol execution, and allows for repeated "invisible updates" of the secret key, allowing for an unlimited amount of leakage overall.

Cryptography Resilient to Continual Memory Leakage

The main contributions of this work are showing how to securely update a secret key while information is leaked (in the more general model) and giving a public key encryption schemes that are resilient to continual leakage.

Leakage-Resilient Signatures

The notion of “leakage-resilient signatures” is put forward, which strengthens the standard security notion by giving the adversary the additional power to learn a bounded amount of arbitrary information about the secret state that was accessed during every signature generation.

Cryptography against Continuous Memory Attacks

This work constructs a variety of practical CLR schemes, including CLR one-way relations, CLR signatures, CLR identification schemes, and CLR authenticated key agreement protocols, and shows how to instantiate them efficiently using a well established assumption on bilinear groups, called the K-Linear assumption.

Merkle-Damgård Revisited: How to Construct a Hash Function

It is shown that the current design principle behind hash functions such as SHA-1 and MD5 — the (strengthened) Merkle-Damgard transformation — does not satisfy a new security notion for hash-functions, stronger than collision-resistance.

Signature Schemes with Bounded Leakage Resilience

This work shows a full-fledged signature scheme tolerating leakage of n *** n *** bits of information about the secret key (for any constant *** > 0), based on general assumptions.

Intrusion-Resilient Secret Sharing

There is an obvious connection between IRSS schemes and the fact that there exist functions with an exponential gap in their communication complexity for k and k-1 rounds, and the scheme implies such a separation which is in several aspects stronger than the previously known ones.

Circular and Leakage Resilient Public-Key Encryption Under Subgroup Indistinguishability (or: Quadratic Residuosity Strikes Back)

The main results of this work are new public-key encryption schemes that, under the quadratic residuosity (QR) assumption (or Paillier's decisional composite residuosity (DCR) assumption), achieve