In traditional cryptography, the standard way of examining the security of a scheme is to analyze it in a black-box manner, capturing no side channel attacks which exploit various forms of unintended information leakages and do threaten the practical security of the scheme. One way to protect against such attacks aforementioned is to extend the traditional models so as to capture them. Early mo...

We continue our discussion of Verifiable Secret Sharing, giving two instantiations of the general schema from the last lecture. First, using Commit(x) = g: Feldman VSS, which leaks nothing but g and is perfect binding. Second, using Perdersen’s commitment Commit(x; r) = gh: Pedersen VSS. Next, we turn to the problem of adaptive security. We describe an adaptively secure Feldman VSS using trapdo...

Side-channel attacks are a major threat for cryptographic mechanisms; yet, they are not considered in the computational model that is used by cryptographers for proving the security of their schemes. As a result, there are several efficient attacks against standardized implementations of provably secure schemes. Leakage resilient cryptography aims to extend provable security so that it can acco...

Leakage-resilient cryptography is about security in the presence of leakage from side-channels. In this paper, we present several issues of the RCB block cipher mode. Agrawal et al [2] proposed recently RCB as a leakage-resilient authenticated encryption (AE) scheme. Our main result is that RCB fails to provide authenticity, even in the absence of leakage.

To simplify the certificate management procedures, Shamir introduced the concept of identity-based cryptography (IBC). However, the key escrow problem is inherent in IBC. To get rid of it, Al-Riyami and Paterson introduced in 2003 the notion of certificateless cryptography (CLC). However, if a cryptosystem is not perfectly implemented, adversaries would be able to obtain part of the system's se...

The goal of leakage-resilient cryptography is to construct cryptographic algorithms that are secure even if the adversary obtains side-channel information from the real world implementation of these algorithms. Most of the prior works on leakage-resilient cryptography consider leakage models where the adversary has access to the leakage oracle before the challenge-ciphertext is generated (befor...

We initiate a general study of schemes resilient to both tampering and leakage attacks. Tampering attacks are powerful cryptanalytic attacks where an adversary can change the secret state and observes the effect of such changes at the output. Our contributions are outlined below: 1. We propose a general construction showing that any cryptographic primitive where the secret key can be chosen as ...

In recent years, there has been a major effort to design cryptographic schemes that remain secure even if part of the secret key is leaked. This is due to a recent proliferation of side channel attacks which, through various physical means, can recover part of the secret key. We explore the possibility of achieving security even with continual leakage, i.e., even if some information is leaked e...