We present a generic method to secure various widely-used cryptosystems against arbitrary side-channel leakage, as long as the leakage adheres three restrictions: first, it is bounded per observation but in total can be arbitrary large. Second, memory parts leak independently, and, third, the randomness that is used for certain operations comes from a simple (non-uniform) distribution. As a fundamental building block, we construct a scheme to store a cryptographic secret such that it remains information theoretically hidden, even given arbitrary continuous leakage from the storage. To this end, we use a randomized encoding and develop a method to securely refresh these encodings even in the presence of leakage. We then show that our encoding scheme exhibits an efficient additive homomorphism which can be used to protect important cryptographic tasks such as identification, signing and encryption. More precisely, we propose efficient implementations of the Okamoto identification scheme, and of an ElGamal-based cryptosystem with security against continuous leakage, as long as the leakage adheres the above mentioned restrictions. We prove security of the Okamoto scheme under the DL assumption and CCA2 security of our encryption scheme under the DDH assumption.
Leakage-Resilient Cryptography from the Inner-Product Extractor / Dziembowski, Stefan; Sebastian, Faust. - 7073:(2011), pp. 702-721. (Intervento presentato al convegno 17th International Conference on the Theory and Application of Cryptology and Information Security tenutosi a Seoul, South Korea nel December 4-8, 2011) [10.1007/978-3-642-25385-0_38].
Leakage-Resilient Cryptography from the Inner-Product Extractor
DZIEMBOWSKI, STEFAN;
2011
Abstract
We present a generic method to secure various widely-used cryptosystems against arbitrary side-channel leakage, as long as the leakage adheres three restrictions: first, it is bounded per observation but in total can be arbitrary large. Second, memory parts leak independently, and, third, the randomness that is used for certain operations comes from a simple (non-uniform) distribution. As a fundamental building block, we construct a scheme to store a cryptographic secret such that it remains information theoretically hidden, even given arbitrary continuous leakage from the storage. To this end, we use a randomized encoding and develop a method to securely refresh these encodings even in the presence of leakage. We then show that our encoding scheme exhibits an efficient additive homomorphism which can be used to protect important cryptographic tasks such as identification, signing and encryption. More precisely, we propose efficient implementations of the Okamoto identification scheme, and of an ElGamal-based cryptosystem with security against continuous leakage, as long as the leakage adheres the above mentioned restrictions. We prove security of the Okamoto scheme under the DL assumption and CCA2 security of our encryption scheme under the DDH assumption.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
