With the proliferation of physical attacks that may compromise even the theoretically strongest cryptographic schemes, the need for affordable physical protection of cryptographic devices becomes more visible by each day. In this context, Physically Unclonable Functions (PUFs), a promising new technology, provide a low cost technique to realize tamper-resilient storage for secret keys in integr...

We provide a selective survey on software protection, including approaches to software tamper resistance, obfuscation, software diversity, and white-box cryptography. We review the early literature in the area plus recent activities related to trusted platforms, and discuss challenges and future directions.

In this report, we are concerned with models to analyze the security of cryptographic algorithms against side-channel attacks. Our objectives are threefold. In a first part of the paper, we aim to survey a number of well known intuitions related to physical security and to connect them with more formal results in this area. For this purpose, we study the definition of leakage function introduce...

Understanding and modeling leakage in the context of cryptographic systems (connecting physical protection of keys and cryptographic operation) is an emerging area with many missing issues and hard to understand aspects. In this work we initiate the study of leakage out of cryptographic devices when the operation is inherently replicated in multiple locations. This setting (allowing the adversa...

Leakage resilient cryptography attempts to incorporate sidechannel leakage into the black-box security model and designs cryptographic schemes that are provably secure within it. Informally, a scheme is leakage-resilient if it remains secure even if an adversary learns a bounded amount of arbitrary information about the schemes internal state. Unfortunately, most leakage resilient schemes are u...

In traditional cryptography, the standard way of examining the security of a scheme is to analyze it in a black-box manner, capturing no side channel attacks which exploit various forms of unintended information leakages and do threaten the practical security of the scheme. One way to protect against such attacks aforementioned is to extend the traditional models so as to capture them. Early mo...

We continue our discussion of Verifiable Secret Sharing, giving two instantiations of the general schema from the last lecture. First, using Commit(x) = g: Feldman VSS, which leaks nothing but g and is perfect binding. Second, using Perdersen’s commitment Commit(x; r) = gh: Pedersen VSS. Next, we turn to the problem of adaptive security. We describe an adaptively secure Feldman VSS using trapdo...

Side-channel attacks are a major threat for cryptographic mechanisms; yet, they are not considered in the computational model that is used by cryptographers for proving the security of their schemes. As a result, there are several efficient attacks against standardized implementations of provably secure schemes. Leakage resilient cryptography aims to extend provable security so that it can acco...

Leakage-resilient cryptography is about security in the presence of leakage from side-channels. In this paper, we present several issues of the RCB block cipher mode. Agrawal et al [2] proposed recently RCB as a leakage-resilient authenticated encryption (AE) scheme. Our main result is that RCB fails to provide authenticity, even in the absence of leakage.