Cryptology ePrint Archive: Report 2014/1010

On Continuous After-the-Fact Leakage-Resilient Key Exchange

Mohsen Toorani

Abstract: Side-channel attacks are severe type of attack against implementation of cryptographic primitives. Leakage-resilient cryptography is a new theoretical approach to formally address the problem of side-channel attacks. Recently, the Continuous After-the-Fact Leakage (CAFL) security model has been introduced for two-party authenticated key exchange (AKE) protocols. In the CAFL model, an adversary can adaptively request arbitrary leakage of long-term secrets even after the test session is activated. It supports continuous leakage even when the adversary learns certain ephemeral secrets or session keys. The amount of leakage is limited per query, but there is no bound on the total leakage. A generic leakage-resilient key exchange protocol $\pi$ has also been introduced that is formally proved to be secure in the CAFL model. In this paper, we comment on the CAFL model, and show that it does not capture its claimed security. Furthermore, we present an attack and counterproofs for the security of protocol $\pi$ which invalidates the formal security proofs of protocol $\pi$ in the CAFL model.

Category / Keywords: cryptographic protocols / Leakage-resilient cryptography, Cryptographic protocols, Key exchange, Security models

Date: received 18 Dec 2014, last revised 20 Dec 2014

Contact author: mohsen toorani at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20141226:165915 (All versions of this report)

Short URL: ia.cr/2014/1010

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]