On Hardening Leakage Resilience of Random Extractors for Instantiations of Leakage Resilient Cryptographic Primitives

Random extractors are proven to be important building blocks in constructing leakage resilient cryptographic primitives. Nevertheless, recent efforts showed that they are likely more leaky than other elementary components (e.g. block ciphers) in unprotected implementations of these primitives, in the context of side-channel attacks. In this context, from the adversary\u27s point of view, the extractors themselves could become the point of interest. This paper extends the problem of how leakage resilience of random extractors could be to the case of protected instantiations. Specifically, we investigate the feasibility of applying classical countermeasures to ameliorate leakage resilience of cryptographic components and/or primitives against side-channel attacks, and then show how to evaluate the physical leakage resilience of these instantiations theoretically and practically. The countermeasures we consider are masking, shuffling, and combination of them. Taking one leakage-resilient stream cipher presented at FOCS 2008 as a case of study, we not only examine the leakage resilience of the underlying extractor, but also discuss how leakages from the extractor and from the underlying pseudo-random generator respectively impact the leakage resilience of the stream cipher as a whole. On the one hand, our theoretical and experimental results, which are consistent with each other, do justify some existing observations. On the other hand, and more importantly, our results reveal some new observations that contrast with these knowing ones, which explicitly indicates that previous observations are (mostly likely) incomplete. We argue that our work is of both obvious theoretical interest and important practical significance, and may help foster the further research on the design and implementation of random extractors in leakage-resilient cryptography

On the Impacts of Mathematical Realization over Practical Security of Leakage Resilient Cryptographic Schemes

In real world, in order to transform an abstract and generic cryptographic scheme into actual physical implementation, one usually undergoes two processes: mathematical realization at algorithmic level and physical realization at implementation level. In the former process, the abstract and generic cryptographic scheme is transformed into an exact and specific mathematical scheme, while in the latter process the output of mathematical realization is being transformed into a physical cryptographic module runs as a piece of software, or hardware, or combination of both. In black-box model (i.e. leakage-free setting), a cryptographic scheme can be mathematically realized without affecting its theoretical security as long as the mathematical components meet the required cryptographic properties. However, up to now, no previous work formally show that whether one can mathematically realize a leakage resilient cryptographic scheme in existent ways without affecting its practical security. Our results give a negative answer to this important question by introducing attacks against several kinds of mathematical realization of a practical leakage resilient cryptographic scheme. Our results show that there may exist a big gap between the theoretical tolerance leakage rate and the practical tolerance leakage rate of the same leakage resilient cryptographic scheme if the mathematical components in the mathematical realization are not provably secure in leakage setting. Therefore, on one hand, we suggest that all (practical) leakage resilient cryptographic schemes should at least come with a kind of mathematical realization. Using this kind of mathematical realization, its practical security can be guaranteed. On the other hand, our results inspire cryptographers to design advanced leakage resilient cryptographic schemes whose practical security is independent of the specific details of its mathematical realization

Leakage-Resilient Symmetric Cryptography Under Empirically Verifiable Assumptions

Leakage-resilient cryptography aims at formally proving the security of cryptographic implementations against large classes of side-channel adversaries. One important challenge for such an approach to be relevant is to adequately connect the formal models used in the proofs with the practice of side-channel attacks. It raises the fundamental problem of finding reasonable restrictions of the leakage functions that can be empirically verified by evaluation laboratories. In this paper, we first argue that the previous ``bounded leakage requirements used in leakage-resilient cryptography are hard to fulfill by hardware engineers. We then introduce a new, more realistic and empirically verifiable assumption of simulatable leakage, under which security proofs in the standard model can be obtained. We finally illustrate our claims by analyzing the physical security of an efficient pseudorandom generator (for which security could only be proven under a random oracle based assumption so far). These positive results come at the cost of (algorithm-level) specialization, as our new assumption is specifically defined for block ciphers. Nevertheless, since block ciphers are the main building block of many leakage-resilient cryptographic primitives, our results also open the way towards more realistic constructions and proofs for other pseudorandom objects

Leakage-Resilient Cryptography from Minimal Assumptions

We present new constructions of leakage-resilient cryptosystems, which remain provably secure even if the attacker learns some arbitrary partial information about their internal secret key. For any polynomial $\ell$, we can instantiate these schemes so as to tolerate up to $\ell$ bits of leakage. While there has been much prior work constructing such leakage-resilient cryptosystems under concrete number-theoretic and algebraic assumptions, we present the first schemes under general and minimal assumptions. In particular, we construct: - Leakage-resilient public-key encryption from any standard public-key encryption. - Leakage-resilient weak pseudorandom functions, symmetric-key encryption}, and message-authentication codes from any one-way function. These are the first constructions of leakage-resilient symmetric-key primitives that do not rely on public-key assumptions. We also get the first constructions of leakage-resilient public-key encryption from ``search assumptions\u27\u27, such as the hardness of factoring or CDH. Although our schemes can tolerate arbitrarily large amounts of leakage, the tolerated rate of leakage (defined as the ratio of leakage-amount to key-size) is rather poor in comparison to prior results under specific assumptions. As a building block of independent interest, we study a notion of weak hash-proof systems in the public-key and symmetric-key settings. While these inherit some of the interesting security properties of standard hash-proof systems, we can instantiate them under general assumptions

Leakage-Resilient Cryptography from Minimal Assumptions

We present new constructions of leakage-resilient cryptosystems, which remain provably secure even if the attacker learns some arbitrary partial information about their internal secret key. For any polynomial $\ell$, we can instantiate these schemes so as to tolerate up to $\ell$ bits of leakage. While there has been much prior work constructing such leakage-resilient cryptosystems under concrete number-theoretic and algebraic assumptions, we present the first schemes under general and minimal assumptions. In particular, we construct: - Leakage-resilient public-key encryption from any standard public-key encryption. - Leakage-resilient weak pseudorandom functions, symmetric-key encryption}, and message-authentication codes from any one-way function. These are the first constructions of leakage-resilient symmetric-key primitives that do not rely on public-key assumptions. We also get the first constructions of leakage-resilient public-key encryption from ``search assumptions\u27\u27, such as the hardness of factoring or CDH. Although our schemes can tolerate arbitrarily large amounts of leakage, the tolerated rate of leakage (defined as the ratio of leakage-amount to key-size) is rather poor in comparison to prior results under specific assumptions. As a building block of independent interest, we study a notion of weak hash-proof systems in the public-key and symmetric-key settings. While these inherit some of the interesting security properties of standard hash-proof systems, we can instantiate them under general assumptions

On the Security of Leakage Resilient Public Key Cryptography

Side channel attacks, where an attacker learns some physical information about the state of a device, are one of the ways in which cryptographic schemes are broken in practice. "Provably secure" schemes are subject to these attacks since the traditional models of security do not account for them. The theoretical community has recently proposed leakage resilient cryptography in an effort to account for side channel attacks in the security model. This thesis provides an in-depth look into what security guarantees public key leakage resilient schemes provide in practice

How Leaky is an Extractor

This paper discusses the security of a leakage-resilient stream cipher presented at FOCS 2008, instantiated in a practical setting. Based on a case study, we put forward implementation weaknesses that can be exploited in a key-recovery attack. We first show that in our experimen- tal context (8-bit device, Hamming weight leakages, Gaussian noise), a successful attack against the investigated stream cipher has lower data complexity than a similar attack against an unprotected AES implemen- tation. We then analyze the origin of the observed weaknesses and relate them with the implementation of extractor that is used in the investi- gated stream cipher. We finally discuss the implications of these results for the design of leakage-resilient primitives and provide guidelines to improve the construction of FOCS 2008 and its underlying components