Paper 2013/677

Bounded Tamper Resilience: How to go beyond the Algebraic Barrier

Ivan Damgaard, Sebastian Faust, Pratyay Mukherjee, and Daniele Venturi

Abstract

Related key attacks (RKAs) are powerful cryptanalytic attacks where an adversary can change the secret key and observe the effect of such changes at the output. The state of the art in RKA security protects against an a-priori unbounded number of certain algebraic induced key relations, e.g., affine functions or polynomials of bounded degree. In this work, we show that it is possible to go beyond the algebraic barrier and achieve security against arbitrary key relations, by restricting the number of tampering queries the adversary is allowed to ask for. The latter restriction is necessary in case of arbitrary key relations, as otherwise a generic attack of Gennaro et al. (TCC 2004) shows how to recover the key of almost any cryptographic primitive. We describe our contributions in more detail below. 1) We show that standard ID and signature schemes constructed from a large class of $\Sigma$-protocols (including the Okamoto scheme, for instance) are secure even if the adversary can arbitrarily tamper with the prover’s state a bounded number of times and obtain some bounded amount of leakage. Interestingly, for the Okamoto scheme we can allow also independent tampering with the public parameters. 2) We show a bounded tamper and leakage resilient CCA secure public key cryptosystem based on the DDH assumption. We first define a weaker CPA-like security notion that we can instantiate based on DDH, and then we give a general compiler that yields CCA-security with tamper and leakage resilience. This requires a public tamper-proof common reference string. 3) Finally, we explain how to boost bounded tampering and leakage resilience (as in 1. and 2. above) to continuous tampering and leakage resilience, in the so-called floppy model where each user has a personal hardware token (containing leak- and tamper-free information) which can be used to refresh the secret key. We believe that bounded tampering is a meaningful and interesting alternative to avoid known impossibility results and can provide important insights into the security of existing standard cryptographic schemes.

Note: Fixed minor inconsistencies. Bibliography updated.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2013
Keywords
related key securitybounded tamper resiliencepublic key encryptionidentification schemes
Contact author(s)
danone83 @ gmail com
History
2015-02-18: last of 3 revisions
2013-10-24: received
See all versions
Short URL
https://ia.cr/2013/677
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/677,
      author = {Ivan Damgaard and Sebastian Faust and Pratyay Mukherjee and Daniele Venturi},
      title = {Bounded Tamper Resilience: How to go beyond the Algebraic Barrier},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/677},
      year = {2013},
      url = {https://eprint.iacr.org/2013/677}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.