Leakage-resilient Stream Ciphers: an Overview

Side-channel attacks are one of the most dangerous threats against secure devices. By exploiting physical properties of the circuits running cryptographic protocols, that is, by analyzing the power consumption, running time, or electomagnetic radiations of circuits computing on secret data, sidechannel attacks circumvent traditional security proofs and show to be extremely effective in breaking the security properties expected from a wide range of devices. Since the first demonstration of the power of side-channel attacks by Kocher, in 1996, a huge body of work has been developing for securing protocol implementations against these attacks, using circuit-level techniques such as gate masking, differential logic styles, or circuit shielding for instance. More recently researchers started addressing the issue of side-channel attacks at the cryptographic protocol level, trying to design protocols in a way that would substantially reduce the security needs at the implementation level, by making protocols leakage resilient. In this talk, we investigate the problem of building leakage resilient stream-ciphers. Stream ciphers or, at their core, pseudorandom stream generators, probably are the most important object one may want to implement securely, as they are part of essentially any cryptographic construction: we need pseudorandomness to run the common challenge-response authentication protocols that are implemented on most low-power secure devices, but also to build any semantically secure encryption scheme for instance. Building efficient and provably secure leakage resilient stream ciphers shows to be a remarkably challenging task. The first challenge consists in defining a security model that captures side-channel attacks in a realistic way. The most common approach consists in allowing the adversary to receive an auxiliary input about the information stored in the device, under