Blinding is a popular and well-known countermeasure to protect public-key cryptosystems against side-channel attacks. The high level idea is to randomize an exponentiation in order to prevent multiple measurements of the same operation on different data, as such measurements might allow the adversary to learn the secret exponent. Several variants of blinding have been proposed in the literature...

. In Moni Naor, editor, Theory of Cryptography, First Theory of Cryp-tography Conference, TCC 2004, Cambridge, MA, USA, February 19-21, 2004,Proceedings, volume 2951 of Lecture Notes in Computer Science, pages 278–296.Springer, 2004.55. Andrew Moss, Elisabeth Oswald, Dan Page, and Michael Tunstall. Compiler assisted masking. In Prouff and Schaumont [66], pages 58–75.56. Moni...

The strongest standard security notion for digital signature schemes is unforgeability under chosen message attacks. In practice, however, this notion can be insufficient due to “side-channel attacks” which exploit leakage of information about the secret internal state. In this work we put forward the notion of “leakage-resilient signatures,” which strengthens the standard security notion by gi...

Pseudo-random functions (PRFs) introduced by Goldwasser, Goldreich, and Micali (FOCS 1984), are one of the most important building blocks in cryptography. A PRF family is a family of seeded functions {fs}, with the property that no efficient adversary can tell the difference between getting oracle access to a random PRF function fs, and getting oracle access to a truly random function. In this ...

The literature on leakage-resilient cryptography contains various leakage models that provide different levels of security. In this work, we consider the bounded leakage and the continual leakage models. In the bounded leakage model (Akavia et al. – TCC 2009), it is assumed that there is a fixed upper bound L on the number of bits the attacker may leak on the secret key in the entire lifetime o...

Security models for two-party authenticated key exchange (AKE) protocols have developed over timeto prove the security of AKE protocols even when the adversary learns certain secret values. In this work,we address more granular leakage: partial leakage of long-term secrets of protocol principals, even after thesession key is established. We introduce a generic key exchange secur...

In real world, in order to transform an abstract and generic cryptographic scheme into actual physical implementation, one usually undergoes two processes: mathematical realization at algorithmic level and physical realization at implementation level. In the former process, the abstract and generic cryptographic scheme is transformed into an exact and specific mathematical scheme, while in the ...

We construct the first leakage resilient variants of fully homomorphic encryption (FHE) schemes. Our leakage model is bounded adaptive leakage resilience. We first construct a leakageresilient leveled FHE scheme, meaning the scheme is both leakage resilient and homomorphic for all circuits of depth less than some pre-established maximum set at the time of key generation. We do so by applying id...

Leakage resilient cryptography aims to address the issue of inadvertent and unexpected information leakages from physical cryptographic implementations at algorithmic level in a provable manner. In real world, for an abstract mathematical construction to be an actual physical implementation, it usually undergoes two phases: mathematical realization at algorithmic level and physical realization ...