Limits of a conjecture on a leakage-resilient cryptosystem
نویسندگان
چکیده
Recently it was conjectured that an ElGamal-based public-key encryption scheme with stateful decryption resists lunch-time chosen ciphertext and leakage attacks in the only computation leaks information model. We give a non-trivial upper bound on the amount of leakage tolerated by this conjecture. More precisely, we prove that the conjecture does not hold if more than a ( 3 8 + o (1) ) fraction of the bits are leaked at every decryption step, by showing a lunch-time attack that recovers the full secret key. The attack uses a new variant of the Hidden Number Problem, that we call Hidden Shares Hidden Number Problem, which is of independent interest.
منابع مشابه
Modelling After-the-fact Leakage for Key Exchange (full Version)
Security models for two-party authenticated key exchange (AKE) protocols have developed over timeto prove the security of AKE protocols even when the adversary learns certain secret values. In this work,we address more granular leakage: partial leakage of long-term secrets of protocol principals, even after thesession key is established. We introduce a generic key exchange secur...
متن کاملBlack-box constructions of signature schemes in the bounded leakage setting
To simplify the certificate management procedures, Shamir introduced the concept of identity-based cryptography (IBC). However, the key escrow problem is inherent in IBC. To get rid of it, Al-Riyami and Paterson introduced in 2003 the notion of certificateless cryptography (CLC). However, if a cryptosystem is not perfectly implemented, adversaries would be able to obtain part of the system's se...
متن کاملSignature Schemes with Bounded Leakage Resilience
A leakage-resilient cryptosystem remains secure even if arbitrary, but bounded, information about the secret key (and possibly other internal state information) is leaked to an adversary. Denote the length of the secret key by n. We show: – A full-fledged signature scheme tolerating leakage of ( 1− n− ) · n bits of information about the secret key (for any constant < 1), based on general assump...
متن کاملLeakage Resilience against Concurrent Cache Attacks
In this paper we show how to engineer proofs of security for software implementations of leakage-resilient cryptosystems on execution platforms with concurrency and caches. The proofs we derive are based on binary executables of the cryptosystem and on simple but realistic models of microprocessors.
متن کاملCertificate-Based Encryption Resilient to Key Leakage
Certificate-based encryption (CBE) is an important class of public key encryption but the existing schemes are secure only under the premise that the decryption key (or private key) and master private key are absolutely secret. In fact, a lot of side channel attacks and cold boot attacks can leak secret information of a cryptographic system. In this case, the security of the cryptographic syste...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Inf. Process. Lett.
دوره 114 شماره
صفحات -
تاریخ انتشار 2014