Side-channel attacks represent a very frequent and severe type of attack against implementations of cryptographic protocols. Most countermeasures proposed until recently are ad-hoc, offer only partial remedy and fail to capture the problem in its entirety. In light of this, the last few years the cryptographic community has tried to set the theoretical foundations in order to formally address t...

Information leakage is a major concern in modern day IT-security. In fact, a malicious user is often able to extract information about private values from the computation performed on the devices. In specific settings, such as RFID, where a low computational complexity is required, it is hard to apply standard techniques to achieve resilience against this kind of attacks. In this paper, we pres...

We present a generic method to secure various widely-used cryptosystems against arbitrary side-channel leakage, as long as the leakage adheres three restrictions: rst, it is bounded per observation but in total can be arbitrary large. Second, memory parts leak independently, and, third, the randomness that is used for certain operations comes from a simple (non-uniform) distribution. As a funda...

We consider the question of adaptive security for two related cryptographic primitives: all-or-nothing transforms and exposureresilient functions. Both are concerned with retaining security when an intruder learns some bits of a string which is supposed to be secret: all-or-nothing transforms (AONT) protect their input even given partial knowledge of the output; exposure-resilient functions (ER...

We study the design of cryptographic primitives resilient to key-leakage attacks, where an attacker can repeatedly and adaptively learn information about the secret key, subject only to the constraint that the overall amount of such information is bounded by some parameter l. We construct a variety of leakage-resilient public-key systems including the first known identification schemes (ID), si...

In the classical model of traitor tracing, one assumes that a traitor contributes its entire secret key to build a pirate decoder. However, new practical scenarios of pirate has been considered, namely Pirate Evolution Attacks at Crypto 2007 and Pirates 2.0 at Eurocrypt 2009, in which pirate decoders could be built from sub-keys of users. The key notion in Pirates 2.0 is the anonymity level of ...

We give an efficient deterministic algorithm that extracts Ω(n2γ) almost-random bits from sources where n 1 2 +γ of the n bits are uniformly random and the rest are fixed in advance. This improves upon previous constructions, which required that at least n/2 of the bits be random in order to extract many bits. Our construction also has applications in exposure-resilient cryptography, giving exp...

Leakage-resilient cryptography aims at formally proving the security of cryptographic implementations against large classes of sidechannel adversaries. One important challenge for such an approach to be relevant is to adequately connect the formal models used in the proofs with the practice of side-channel attacks. It raises the fundamental problem of finding reasonable restrictions of the leak...

Today, we will conclude our discussion of threshold schemes, describing some results from Dodis & Katz (2005). We define proactive security and share refreshing, giving examples for discrete-log based cryptosystems. We describe generic threshhold signature and encryption schemes. We explore Multiple-CCA (MCCA) security and failure of sequential or parallel encryption to acheive it. We give one ...

In this paper we address the problem of large space consumption for protocols in the Bounded Retrieval Model (BRM), which require users to store large secret keys subject to adversarial leakage. We propose a method to derive keys for such protocols on-the-fly from weakly random private data (like text documents or photos, users keep on their disks anyway for noncryptographic purposes) in such a...