In the classical model of traitor tracing, one assumes that a traitor contributes its entire secret key to build a pirate decoder. However, new practical scenarios of pirate has been considered, namely Pirate Evolution Attacks at Crypto 2007 and Pirates 2.0 at Eurocrypt 2009, in which pirate decoders could be built from sub-keys of users. The key notion in Pirates 2.0 is the anonymity level of ...

We give an efficient deterministic algorithm that extracts Ω(n2γ) almost-random bits from sources where n 1 2 +γ of the n bits are uniformly random and the rest are fixed in advance. This improves upon previous constructions, which required that at least n/2 of the bits be random in order to extract many bits. Our construction also has applications in exposure-resilient cryptography, giving exp...

Leakage-resilient cryptography aims at formally proving the security of cryptographic implementations against large classes of sidechannel adversaries. One important challenge for such an approach to be relevant is to adequately connect the formal models used in the proofs with the practice of side-channel attacks. It raises the fundamental problem of finding reasonable restrictions of the leak...

This paper presents a rigorous step towards design-for-assurance by introducing a new class of logically reconfigurable design resilient to design reverse engineering. Based on the non-volatile spin transfer torque (STT) magnetic technology, we introduce a basic set of non-volatile reconfigurable Look-Up-Table (LUT) logic components (NV-STT-based LUTs). STT-based LUT with significantly differen...

Today, we will conclude our discussion of threshold schemes, describing some results from Dodis & Katz (2005). We define proactive security and share refreshing, giving examples for discrete-log based cryptosystems. We describe generic threshhold signature and encryption schemes. We explore Multiple-CCA (MCCA) security and failure of sequential or parallel encryption to acheive it. We give one ...

In this paper we address the problem of large space consumption for protocols in the Bounded Retrieval Model (BRM), which require users to store large secret keys subject to adversarial leakage. We propose a method to derive keys for such protocols on-the-fly from weakly random private data (like text documents or photos, users keep on their disks anyway for noncryptographic purposes) in such a...

In this lecture, we give a high-level tour of DL-Based Threshold Cryptography. We begin with distributed generation of discrete log keys. We describe two protocols: (1) parallel Feldman and its (limited) security properties – good for adaptive Pedersen VSS, but not when the simulator needs to force the outcome (due to rushing), and (2) parallel Pedersen followed by the first protocol. Next, we ...

We present a new approach to construct several leakage-resilient cryptographic primitives, including leakage-resilient public-key encryption (PKE) schemes, authenticated key exchange (AKE) protocols and low-latency key exchange (LLKE) protocols. To this end, we introduce a new primitive called leakage-resilient non-interactive key exchange (LR-NIKE) protocol. We introduce a generic security mod...

Physical cryptographic devices inadvertently leak information through numerous side-channels. Such leakage is exploited by socalled side-channel attacks, which often allow for a complete security breache. A recent trend in cryptography is to propose formal models to incorporate leakage into the model and to construct schemes that are provably secure within them. We design a general compiler tha...

Security models for two-party authenticated key exchange (AKE) protocols have developed overtime to capture the security of AKE protocols even when the adversary learns certain secret values.Increased granularity of security can be modelled by considering partial leakage of secrets in themanner of models for leakage-resilient cryptography, designed to capture side-channel attacks. I...