Paper 2010/196

Cryptography Against Continuous Memory Attacks

Yevgeniy Dodis, Kristiyan Haralambiev, Adriana Lopez-Alt, and Daniel Wichs

Abstract

We say that a cryptographic scheme is Continous Leakage-Resilient (CLR), if it allows users to refresh their secret keys, using only fresh local randomness, such that: 1. The scheme remains functional after any number of key refreshes, although the public key never changes. Thus, the “outside world” is neither affected by these key refreshes, nor needs to know about their frequency. 2. The scheme remains secure even if the adversary can continuously leak arbitrary information about the current secret-key of the system, as long as the amount of leaked information is bounded in between any two successive key refreshes. There is no bound on the total amount of information that can be leaked during the lifetime of the system. In this work, we construct a variety of practical CLR schemes, including CLR one-way relations, CLR signatures, CLR identification schemes, and CLR authenticated key agreement protocols. For each of the above, we give general constructions, and then show how to instantiate them efficiently using a well established assumption on bilinear groups, called the K-Linear assumption (for any constant K >= 1). Our constructions are highly modular, and we develop many interesting techniques and building-blocks along the way, including: leakage-indistinguishable re-randomizable relations, homomorphic NIZKs, and leakage-of-ciphertext non-malleable encryption schemes. Prior to our work, no “truly CLR” schemes were known, as previous leakage-resilient schemes suffer from one or more of the following drawbacks: (a) restrictions are placed on the type of allowed leakage, such as the axiom that “only computation leaks information”; (b) the overall amount of key leakage is bounded a-priori for the lifetime of the system and there is no method for refreshing keys ; (c) the efficiency of the scheme degrades proportionally with the number of refreshes; (d) the key updates require an additional leak-free “master secret key” to be stored securely; (e) the scheme is only proven secure under a strong non-standard assumption.

Note: Full version of FOCS 2010 Paper. Added 10/01/10: Analyze "leakage-of-refreshing".

Metadata
Available format(s)
PDF PS
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
leakage-resilient cryptographysignaturesbounded-retrieval model
Contact author(s)
wichs @ cs nyu edu
History
2010-10-01: last of 2 revisions
2010-04-09: received
See all versions
Short URL
https://ia.cr/2010/196
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/196,
      author = {Yevgeniy Dodis and Kristiyan Haralambiev and Adriana Lopez-Alt and Daniel Wichs},
      title = {Cryptography Against Continuous Memory Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2010/196},
      year = {2010},
      note = {\url{https://eprint.iacr.org/2010/196}},
      url = {https://eprint.iacr.org/2010/196}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.