Lossy trapdoor functions (LTFs) were first introduced by Peikert and Waters (STOC’08). Since their introduction, lossy trapdoor functions have found numerous applications. They can be used as tools to construct important cryptographic primitives such as injective one-way trapdoor functions, chosen-ciphertext-secure public key encryptions, deterministic encryptions, et al. In this paper, we focu...

A weak pseudorandom function (wPRF) is a pseudorandom functions with a relaxed security requirement, where one only requires the output to be pseudorandom when queried on random (and not adversarially chosen) inputs. We show that unlike standard PRFs, wPRFs are secure against memory attacks, that is they remain secure even if a bounded amount of information about the secret key is leaked to the...

Leakage-resilience and misuse-resistance are two important properties for the deployment of authenticated encryption schemes. They aim at mitigating the impact of implementation flaws due to side-channel leakages and misused randomness. In this paper, we discuss their interactions and incompatibilities. For this purpose, we first show a generic composition mode of a MAC with an encryption schem...

Most of the work in the analysis of cryptographic schemes is concentrated in abstract adversarial models that do not capture sidechannel attacks. Such attacks exploit various forms of unintended information leakage, which is inherent to almost all physical implementations. Inspired by recent side-channel attacks, especially the “cold boot attacks”, Akavia, Goldwasser and Vaikuntanathan (TCC ’09...

Key Generation The challenger computes (pk, sk) ← Gen(1λ) and give pk to A. Test 1: The adversaryA (adaptively) submits decryption queries Ci and getsmi = Dsk(Ci). The adversary also (adaptviely) submits leakage queries fj : {0, 1} ∗ → {0, 1}lj and gets fj(sk). Challenge: The adversary A comes up with two message m0, m1. The challenger chooses a random bit b ← {0, 1} and gives A the value C∗ = ...

Recently there has been a huge emphasis on constructing cryptographic protocols that maintain their security guarantees even in the presence of side channel attacks. Such attacks exploit the physical characteristics of a cryptographic device to learn useful information about the internal state of the device. Designing protocols that deliver meaningful security even in the presence of such leaka...

In this paper, we tackle the open problem of proposing a leakage-resilience encryption model that can capture leakage from both the secret key owner and the encryptor, in the auxiliary input model. Existing models usually do not allow adversaries to query more leakage information after seeing the challenge ciphertext of the security games. On one hand, side-channel attacks on the random factor ...

Traditionally, in attribute-based encryption (ABE), an access structure is constructed from a linear secret sharing scheme (LSSS), a boolean formula or an access tree. In this work, we encode the access structure as their minimal sets, which is equivalent to the existence of a smallest monotonic span program for the characteristic function of the same access structure. We present two leakage-re...