Article

Survey: leakage resilience and the bounded retrieval model

Authors:

Yevgeniy Dodis,

Daniel WichsAuthors Info & Claims

ICITS'09: Proceedings of the 4th international conference on Information theoretic security

Pages 1 - 18

Published: 03 December 2009 Publication History

Abstract

This survey paper studies recent advances in the field of Leakage-Resilient Cryptography. This booming area is concerned with the design of cryptographic primitives resistant to arbitrary side-channel attacks, where an attacker can repeatedly and adaptively learn information about the secret key, subject only to the constraint that the overall amount of such information is bounded by some parameter l. We start by surveying recent results in the so called Relative Leakage Model, where all the parameters of the system are allowed to depend on l, and the goal is to make l large relative to the length of the secret key. We conclude by showing how to extend the relative leakage results to the Bounded Retrieval Model (aka "Absolute Leakage Model"), where only the secret key length is allowed to be slightly larger than l, but all other system parameters (e.g., publickey, communication, etc.) are independent of the absolute value of l. Throughout the presentation we will emphasize the information-theoretic techniques used in leakage-resilient cryptography.

References

[1]

Abdalla, M., An, J.H., Bellare, M., Namprempre, C.: From identification to signatures via the fiat-shamir transform: Minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 418-433. Springer, Heidelberg (2002).

Digital Library

[2]

Alwen, J., Dodis, Y., Naor, M., Segev, G., Walfish, S., Wichs, D.: Public-key encryption in the bounded-retrival model (2009), http://eprint.iacr.org/2009/512

[3]

Aumann, Y., Ding, Y.Z., Rabin, M.O.: Everlasting security in the bounded storage model. IEEE Transactions on Information Theory 48(6), 1668-1680 (2002).

Digital Library

[4]

Alwen, J., Dodis, Y., Wichs, D.: Leakage-resilient public-key cryptography in the bounded-retrieval model. In: Halevi, S. (ed.) Advances in Cryptology - CRYPTO 2009. LNCS, vol. 5677, pp. 36-54. Springer, Heidelberg (2009).

Digital Library

[5]

Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444. Springer, Heidelberg (2009).

Digital Library

[6]

Aumann, Y., Rabin, M.O.: Information theoretically secure communication in the limited storage space model. Wiener {Wie99}, pp. 65-79 (1999).

Digital Library

[7]

Bennett, C.H., Brassard, G., Crépeau, C., Maurer, U.M.: Generalized privacy amplification. IEEE Transactions on Information Theory 41(6), 1915-1923 (1995).

[8]

Bennett, C.H., Brassard, G., Robert, J.-M.: Privacy amplification by public discussion. SIAM J. Comput. 17(2), 210-229 (1988).

Digital Library

[9]

Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults (extended abstract). In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37-51. Springer, Heidelberg (1997).

Digital Library

[10]

Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In: ACM Conference on Computer and Communications Security, pp. 244-250 (1993).

Digital Library

[11]

Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156-171. Springer, Heidelberg (2000).

Digital Library

[12]

Boneh, D. (ed.): CRYPTO 2003. LNCS, vol. 2729. Springer, Heidelberg (2003).

[13]

Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139-155. Springer, Heidelberg (2000).

Digital Library

[14]

Brickell, E.F. (ed.): CRYPTO 1992. LNCS, vol. 740. Springer, Heidelberg (1993).

[15]

Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Jr. {Jr.97}, pp. 513-525 (1997).

Digital Library

[16]

Cash, D., Ding, Y.Z., Dodis, Y., Lee, W., Lipton, R.J., Walfish, S.: Intrusion-resilient key exchange in the bounded retrieval model. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 479-498. Springer, Heidelberg (2007).

Digital Library

[17]

Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A.: Exposure-resilient functions and all-or-nothing transforms. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 453-469. Springer, Heidelberg (2000).

Digital Library

[18]

Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174-187. Springer, Heidelberg (1994).

Digital Library

[19]

Di Crescenzo, G., Lipton, R.J., Walfish, S.: Perfectly secure password protocols in the bounded retrieval model. In: Halevi, Rabin (eds.) {HR06}, pp. 225-244 (2006).

Digital Library

[20]

Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45-64. Springer, Heidelberg (2002).

Digital Library

[21]

Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167-226 (2004).

Digital Library

[22]

Dodis, Y., Goldwasser, S., Kalai, Y., Peikert, C., Vaikuntanathan, V.: Public-key encryption schemes with auxiliary inputs (2009).

[23]

Dodis, Y., Kalai, Y.T., Lovett, S.: On cryptography with auxiliary input. In: STOC, pp. 621-630 (2009).

Digital Library

[24]

Dodis, Y., Katz, J., Reyzin, L., Smith, A.: Robust fuzzy extractors and authenticated key agreement from close secrets. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 232-250. Springer, Heidelberg (2006).

Digital Library

[25]

Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97-139 (2008).

Digital Library

[26]

Dziembowski, S., Pietrzak, K.: Intrusion-resilient secret sharing. In: FOCS, pp. 227- 237. IEEE Computer Society, Los Alamitos (2007).

Digital Library

[27]

Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS, pp. 293- 302. IEEE Computer Society, Los Alamitos (2008).

Digital Library

[28]

Dodis, Y., Sahai, A., Smith, A.: On perfect and adaptive security in exposure-resilient cryptography. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 301-324. Springer, Heidelberg (2001).

Digital Library

[29]

Dodis, Y., Wichs, D.: Non-malleable extractors and symmetric key cryptography from weak secrets. In: STOC (2009), Full version, http://eprint.iacr.org/2008/503

[30]

Dziembowski, S.: Intrusion-resilience via the bounded-storage model. In: Halevi, Rabin (eds.) {HR06}, pp. 207-224 (2006).

Digital Library

[31]

Faust, S., Kiltz, E., Pietrzak, K., Rothblum, G.: Leakage-resilient signatures (2009), http://eprint.iacr.org/2009/282

[32]

Faust, S., Reyzin, L., Tromer, E.: Protecting circuits from computationally-bounded leakage. Cryptology ePrint Archive, Report 2009/379 (2009), http://eprint.iacr.org/

[33]

Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186-194. Springer, Heidelberg (1987).

Digital Library

[34]

Feige, U., Shamir, A.: Zero Knowledge Proofs of Knowledge in Two Rounds. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 526-544. Springer, Heidelberg (1990).

Digital Library

[35]

Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. J. Cryptology 19(3), 241-340 (2006).

Digital Library

[36]

Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç .K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251-261. Springer, Heidelberg (2001).

Digital Library

[37]

Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity for all languages in np have zero-knowledge proof systems. J. ACM 38(3), 691-729 (1991).

Digital Library

[38]

Halevi, S., Rabin, T. (eds.): TCC 2006. LNCS, vol. 3876, pp. 1-20. Springer, Heidelberg (2006).

[39]

Alex Halderman, J., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: Cold boot attacks on encryption keys. In: van Oorschot, P.C. (ed.) USENIX Security Symposium, pp. 45-60. USENIX Association (2008).

Digital Library

[40]

Ishai, Y., Prabhakaran, M., Sahai, A., Wagner, D.: Private circuits ii: Keeping secrets in tamperable circuits. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 308-327. Springer, Heidelberg (2006).

Digital Library

[41]

Ishai, Y., Sahai, A., Wagner, D.: Private circuits: Securing hardware against probing attacks. In: Boneh {Bon03}, pp. 463-481 (2003).

[42]

Kaliski Jr., B.S. (ed.): CRYPTO 1997. LNCS, vol. 1294, pp. 1-15. Springer, Heidelberg (1997).

[43]

Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener {Wie99}, pp. 388-397 (1999).

Digital Library

[44]

Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104-113. Springer, Heidelberg (1996).

Digital Library

[45]

Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475-494. Springer, Heidelberg (2001).

Digital Library

[46]

Kiltz, E., Pietrzak, K., Stam, M., Yung, M.: A new randomness extraction paradigm for hybrid encryption. In: Ghilardi, S. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 590-609. Springer, Heidelberg (2009).

Digital Library

[47]

Kanukurthi, B., Reyzin, L.: Key agreement from close secrets over unsecured channels. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479. Springer, Heidelberg (2009), Full version, http://eprint.iacr.org/2008/494

Digital Library

[48]

Katz, J., Vaikuntanathan, V.: Signature schemes with bounded leakage resilience. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912. Springer, Heidelberg (2009), http://www.mit.edu/ vinodv/papers/asiacrypt09/ KV-Sigs.pdf

Digital Library

[49]

Lamport, L.: Constructing digital signatures from a one-way function. Technical report, SRI International (October 1979).

[50]

Lu, C.-J.: Hyper-encryption against space-bounded adversaries from on-line strong extractors. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 257-271. Springer, Heidelberg (2002).

Digital Library

[51]

Maurer, U.M.: Conditionally-perfect secrecy and a provably-secure randomized cipher. J. Cryptology 5(1), 53-66 (1992).

Digital Library

[52]

Maurer, U.M.: Protocols for secret key agreement by public discussion based on common information. In: Brickell {Bri93}, pp. 461-470 (1993).

Digital Library

[53]

Micali, S., Reyzin, L.: Physically observable cryptography (extended abstract). In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278-296. Springer, Heidelberg (2004).

[54]

Maurer, U.M., Wolf, S.: Privacy amplification secure against active adversaries. In: Jr. {Jr.97}, pp. 307-321 (1997).

Digital Library

[55]

Naor, M., Segev, G.: Public-key cryptosystems resilient to key leakage. In: Halevi, S. (ed.) Advances in Cryptology - CRYPTO 2009. LNCS, vol. 5677, pp. 18-35. Springer, Heidelberg (2009), http://eprint.iacr.org/2009/105

Digital Library

[56]

Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: STOC, pp. 33-43. ACM, New York (1989).

Digital Library

[57]

Nisan, N., Zuckerman, D.: Randomness is linear in space. J. Comput. Syst. Sci. 52(1), 43-52 (1996).

Digital Library

[58]

Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell{Bri93}, pp. 31-53 (1993).

Digital Library

[59]

Pietrzak, K.: A leakage-resilient mode of operation. In: Eurocrypt 2009, Cologne, Germany, pp. 462-482 (2009).

Digital Library

[60]

Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (ema): Measures and counter-measures for smart cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200-210. Springer, Heidelberg (2001).

Digital Library

[61]

Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) STOC, pp. 84-93. ACM, New York (2005).

Digital Library

[62]

Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: STOC, pp. 387-394. ACM, New York (1990).

Digital Library

[63]

Renner, R., Wolf, S.: Unconditional authenticity and privacy from an arbitrarily weak secret. In: Boneh{Bon03}, pp. 78-95 (2003).

[64]

Vadhan, S.P.: Constructing locally computable extractors and cryptosystems in the bounded-storage model. J. Cryptology 17(1), 43-77 (2004).

Digital Library

[65]

Wiener, M. (ed.): CRYPTO 1999. LNCS, vol. 1666. Springer, Heidelberg (1999).

Cited By

(2017)NaorYung paradigm with shared randomness and applicationsTheoretical Computer Science10.1016/j.tcs.2017.06.019692:C(90-113)Online publication date: 5-Sep-2017
https://dl.acm.org/doi/10.1016/j.tcs.2017.06.019
Kurosawa KPhong L(2017)Anonymous and leakage resilient IBE and IPEDesigns, Codes and Cryptography10.1007/s10623-016-0303-785:2(273-298)Online publication date: 1-Nov-2017
https://dl.acm.org/doi/10.1007/s10623-016-0303-7
Bitansky NCanetti RChiesa AGoldwasser SLin HRubinstein ATromer E(2017)The Hunting of the SNARKJournal of Cryptology10.1007/s00145-016-9241-930:4(989-1066)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s00145-016-9241-9
Show More Cited By

Recommendations

A survey of certificateless encryption schemes and security models

This paper surveys the literature on certificateless encryption schemes. In particular, we examine the large number of security models that have been proposed to prove the security of certificateless encryption schemes and propose a new nomenclature for ...
A Survey on Homomorphic Encryption Schemes: Theory and Implementation

Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. The users or service providers with the key have exclusive rights on the ...
A survey on implementations of homomorphic encryption schemes
Abstract
With the increased need for data confidentiality in various applications of our daily life, homomorphic encryption (HE) has emerged as a promising cryptographic topic. HE enables to perform computations directly on encrypted data (ciphertexts) ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

ICITS'09: Proceedings of the 4th international conference on Information theoretic security

December 2009

248 pages

ISBN:3642144950

Editor:
Kaoru Kurosawa
Department of Computer and Information Sciences, Ibaraki University, Hitachi, Ibaraki, Japan

In-Cooperation

Technical Group on Information Security
IACR: International Association for Cryptologic Research
IEICE

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 03 December 2009

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

(2017)NaorYung paradigm with shared randomness and applicationsTheoretical Computer Science10.1016/j.tcs.2017.06.019692:C(90-113)Online publication date: 5-Sep-2017
https://dl.acm.org/doi/10.1016/j.tcs.2017.06.019
Kurosawa KPhong L(2017)Anonymous and leakage resilient IBE and IPEDesigns, Codes and Cryptography10.1007/s10623-016-0303-785:2(273-298)Online publication date: 1-Nov-2017
https://dl.acm.org/doi/10.1007/s10623-016-0303-7
Bitansky NCanetti RChiesa AGoldwasser SLin HRubinstein ATromer E(2017)The Hunting of the SNARKJournal of Cryptology10.1007/s00145-016-9241-930:4(989-1066)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s00145-016-9241-9
Abe MFuchsbauer GGroth JHaralambiev KOhkubo M(2016)Structure-Preserving Signatures and Commitments to Group ElementsJournal of Cryptology10.1007/s00145-014-9196-729:2(363-421)Online publication date: 1-Apr-2016
https://dl.acm.org/doi/10.1007/s00145-014-9196-7
Komargodski I(2016)Leakage Resilient One-Way FunctionsProceedings, Part I, of the 14th International Conference on Theory of Cryptography - Volume 998510.1007/978-3-662-53641-4_6(139-158)Online publication date: 31-Oct-2016
https://dl.acm.org/doi/10.1007/978-3-662-53641-4_6
Bellare MKane DRogaway P(2016)Big-Key Symmetric EncryptionProceedings, Part I, of the 36th Annual International Cryptology Conference on Advances in Cryptology --- CRYPTO 2016 - Volume 981410.1007/978-3-662-53018-4_14(373-402)Online publication date: 14-Aug-2016
https://dl.acm.org/doi/10.1007/978-3-662-53018-4_14
Biagioni SMasny DVenturi D(2016)Naor-Yung Paradigm with Shared Randomness and ApplicationsProceedings of the 10th International Conference on Security and Cryptography for Networks - Volume 984110.1007/978-3-319-44618-9_4(62-80)Online publication date: 31-Aug-2016
https://dl.acm.org/doi/10.1007/978-3-319-44618-9_4
Zhang TLi H(2015)Fully Leakage-Resilient Non-malleable Identification Schemes in the Bounded-Retrieval ModelProceedings of the 10th International Workshop on Advances in Information and Computer Security - Volume 924110.1007/978-3-319-22425-1_10(153-172)Online publication date: 26-Aug-2015
https://dl.acm.org/doi/10.1007/978-3-319-22425-1_10
Almeida JBarbosa MBarthe GDupressoir FSadeghi AGligor VYung M(2013)Certified computer-aided cryptographyProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516652(1217-1230)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516652
Wichs DKleinberg R(2013)Barriers in cryptography with weak, correlated and leaky sourcesProceedings of the 4th conference on Innovations in Theoretical Computer Science10.1145/2422436.2422451(111-126)Online publication date: 9-Jan-2013
https://dl.acm.org/doi/10.1145/2422436.2422451
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten