Physical cryptographic devices inadvertently leak information through numerous side-channels. Such leakage is exploited by so-called side-channel attacks, which often allow for a complete security breache. A recent trend in cryptography is to propose formal models to incorporate leakage into the model and to construct schemes that are provably secure within them. We design a general compiler that transforms any cryptographic scheme, e.g., a block-cipher, into a functionally equivalent scheme which is resilient to any continual leakage provided that the following three requirements are satisfied: (i) in each observation the leakage is bounded, (ii) different parts of the computation leak independently, and (iii) the randomness that is used for certain operations comes from a simple (non-uniform) distribution. In contrast to earlier work on leakage resilient circuit compilers, which relied on computational assumptions, our results are purely information-theoretic. In particular, we do not make use of public key encryption, which was required in all previous works.
Leakage-Resilient Circuits without Computational Assumptions / Dziembowski, Stefan; Sebastian, Faust. - 7194:(2012), pp. 230-247. (Intervento presentato al convegno 9th Theory of Cryptography Conference, TCC 2012 tenutosi a Taormina, Sicily, Italy nel March 19-21, 2012) [10.1007/978-3-642-28914-9_13].
Leakage-Resilient Circuits without Computational Assumptions
DZIEMBOWSKI, STEFAN;
2012
Abstract
Physical cryptographic devices inadvertently leak information through numerous side-channels. Such leakage is exploited by so-called side-channel attacks, which often allow for a complete security breache. A recent trend in cryptography is to propose formal models to incorporate leakage into the model and to construct schemes that are provably secure within them. We design a general compiler that transforms any cryptographic scheme, e.g., a block-cipher, into a functionally equivalent scheme which is resilient to any continual leakage provided that the following three requirements are satisfied: (i) in each observation the leakage is bounded, (ii) different parts of the computation leak independently, and (iii) the randomness that is used for certain operations comes from a simple (non-uniform) distribution. In contrast to earlier work on leakage resilient circuit compilers, which relied on computational assumptions, our results are purely information-theoretic. In particular, we do not make use of public key encryption, which was required in all previous works.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
