## Cryptology ePrint Archive: Report 2017/451

Efficient Compilers for After-the-Fact Leakage: from CPA to CCA-2 secure PKE to AKE

Suvradip Chakraborty and Goutam Paul and C. Pandu Rangan

Abstract: The goal of leakage-resilient cryptography is to construct cryptographic algorithms that are secure even if the adversary obtains side-channel information from the real world implementation of these algorithms. Most of the prior works on leakage-resilient cryptography consider leakage models where the adversary has access to the leakage oracle before the challenge-ciphertext is generated (before-the-fact leakage). In this model, there are generic compilers that transform any leakage-resilient CPA-secure public key encryption (PKE) scheme to its CCA-2 variant using Naor-Yung type of transformations. In this work, we give an efficient generic compiler for transforming a leakage-resilient CPA-secure PKE to leakage-resilient CCA-2 secure PKE in presence of after-the-fact split-state (bounded) memory leakage model, where the adversary has access to the leakage oracle even after the challenge phase. The salient feature of our transformation is that the leakage rate (defined as the ratio of the amount of leakage to the size of secret key) of the transformed after-the-fact CCA-2 secure PKE is same as the leakage rate of the underlying after-the-fact CPA-secure PKE, which is $1-o(1)$. We then present another generic compiler for transforming an after-the-fact leakage-resilient CCA-2 secure PKE to a leakage-resilient authenticated key exchange (AKE) protocol in the bounded after-the-fact leakage-resilient eCK (BAFL-eCK) model proposed by Alawatugoda et al. (ASIACCS'14). To the best of our knowledge, this gives the first compiler that transform any leakage-resilient CCA-2 secure PKE to an AKE protocol in the leakage variant of the eCK model.

Category / Keywords: After-the-Fact leakage, bounded memory leakage, split-state, Authenticated Key Exchange, leakage-resilient exponentiation

Original Publication (with major differences): ACISP 2017

Date: received 19 May 2017, last revised 22 May 2017

Contact author: goutam k paul at gmail com

Available format(s): PDF | BibTeX Citation

Note: This is full version of the paper with the same title that has been accepted for presentation in the 22nd Australasian Conference on Information Security and Privacy (ACISP), to be held in Auckland, New Zealand, during 3-5 July 2017.

Short URL: ia.cr/2017/451

[ Cryptology ePrint archive ]