Transcript Cryptography on Non-Trusted Machines

www.dziembowski.net/Slides
Cryptography on Non-Trusted
Machines
Stefan Dziembowski
International Workshop on DYnamic Networks: Algorithms and Security
September 5, 2009, Wroclaw, Poland
Idea
Design cryptographic
protocols that are secure
even
on the machines that are
not fully trusted.
How to construct secure digital systems?
MACHINE
(PC, smartcard, etc.)
very secure
Security based on well-defined
mathematical problems.
CRYPTO
not secure!
The problem
MACHINE
(PC, smartcard, etc.)
CRYPTO
Machines cannot be trusted!
1. Information
leakage
MACHINE
(PC, smartcard, etc.)
2. Malicious
modifications
Relevant scenarios
MACHINES
...
PCs
malicious software
(viruses, trojan horses).
specialized
hardware
side-channel attacks
Examples of side-channel attacks
• timing attack — measuring how much time
various computations take to perform,
• power monitoring attack — measure the power
consumption by the hardware during
computation,
• attacks based on leaked electromagnetic
radiation,
• acoustic cryptanalysis — exploit sound produced
during a computation,
• differential fault analysis – introduce faults in a
computation.
Type of information that can be learnt
• individial bits (probing attacks)
• more general functions (e.g. in the Hamming
attack the adversary learns the sum of secret
bits)
More on the practical attacks: Side Channel
Cryptanalysis Lounge
The standard view
anti-virus software,
intrusion detection,
tamper resistance,…
MACHINE
(PC, smartcard, etc.)
practitioners
definitions, theorems,
security reductions,..
Implementation is
not our business!
CRYPTO
theoreticians
Our model
(standard) black-box access
cryptographic
scheme
additional access
to the internal data
Plan
1. Private Circuits
2. Bounded-Retrieval Model
1. Entity authentication
2. Intrusion-Resilient Secret Sharing
3. Leakage-Resilient Stream Cipher
4. Open Problems
Private Circuits
This part of the lecture is based on
[Ishai, Sahai, Wagner: Private Circuits: Securing
Hardware against Probing Attacks. CRYPTO
2003]
Motivation:
Cryptographic hardware can be subject to
“probing attacks”.
Probing attacks
The adversary can insert needles into the device and
read-off the internal values
We will model the device as a Boolean circuit.
Randomized Boolean circuits
b1
b2
depth
and
rnd
b4
and
and
neg
size: number of gates
conjunciton
gates
and
and
and
and
a1
output gates
neg
and
and
b5
and
and
neg
a0
b3
rnd
a2
a3
a4
a5
rnd
neg
a6
a7
“wires”
random bit
gates
negation
gates
input gates
A t-limited adversary
Assumption: The adversary can read-off up to t wires
circuit
doesn’t need to be
computationally-bounded
An idea
for simplicity assume
that it is deterministic
circuit C
transformation T:
circuit
C’ = T(C)
1. C and C’ should compute the same function.
2. A circuit T(C) should be as secure as C even if the
adversary can read-off t wires.
Problem
We want to require that
“no adversary can get any information about the input a”.
C
input a
Problem: the adversary can always read a directly
Solution
I and O
should not
depend on C
output b
output
decoder O
circuit C
input encoder I
input a
the adversary
cannot read the
wires from I and O
The model
Suppose the adversary reads-off some t wires
C
input a
output x
of the adversary
The adversary outputs some value x.
The security definition
For every C’ and a
x
x
for every adversary
that attacks C’
there exists a simulator
that
has no access to C’
C’
I
and the distribution of
the output is the same
simulator
a
The construction
We are now going to construct
(T,I,O)
We first present the main idea (that contains some
errors)
Then we repair it.
Main tool: secret sharing
m-out-of-n secret sharing
dealer’s secret S
S1
S2
S3
(n = 5)
S4
S5
1. Every set of at least m players can reconstruct S.
2. Any set of less than m players has no information
about S.
Secret sharing – more generaly
Every secret sharing protocol consists of
• a sharing procedure,
• a reconstruction procedure, and
matching
• a security condition.
n-out-of-n secret sharing
This lecture: n-out-of-n secret sharing
Example
Suppose S  {0,1}.
The dealer selects uniformly at random
S1,...,Sn  {0,1}
such that
S1+ ... +Sn = S mod 2.
Idea
Encode every bit of the input using a
m-out-of-m secret sharing
for m = t + 1
example: t = 2
random such that
b1+b2+b3 = b mod 2
random such that
a1+a2+a3 = a mod 2
a1
a2
a3
b1
b2
b3
c1
input encoder I
a
decoding - trivial
b
random such that
c1+c2+c3 = c mod 2
c
c2
c3
The transformation
and
and
T
neg
and
a
neg
and
b
and
and
c
a1
a2
a3
b1
b2
b3
c1
c2
c3
How to handle negation?
Just negate the first bit...
example: t = 4
not a
not a1
neg
neg
a
a1
a2
a3
a4
a5
a2
a3
a4
a5
How to handle multiplication?
?
c
c1
and
a
c2
c3
and
b
a1
a2
a3
b1
b2
b3
How to handle multiplication?
Observation:
b   b j mod 2
a   ai mod 2
j
i



ab    ai    b j  mod 2
 i  j 
  ai b j mod 2
i
j
An idea
sharing of a
b1
b2
b3
sharing of b
ci 
a1
a1b1
a1b2
a1b3
a1b4
b4
a b
i
j
j
a2
a2b1
a2b2
a2b3
a2b4
a3
a3b1
a3b2
a3b3
a3b4
a4
a4b1
a4b2
a4b3
a4b4
c1   a1b j
c2   a2b j
c3   a3b j
c4   a4b j
j
j
j
j
 ai
b
j
ai b
j
Problem: If the adversary can see that ci = 1 then she
knows that b = 1
Idea: add randomization...
An improved idea
Randomly flip some entries.
We do it symmetricaly.
a1
a2
a3
a4
a1
a2
a3
a4
b1
a1b1 a2b1 a3b1 a4b1
b1
a1b1 a2b1 a3b1 a4b1
b2
a1b2 a2b2 a3b2 a4b2
b2
a1b2 a2b2 a3b2 a4b2
b3
a1b3 a2b3 a3b3 a4b3
b3
a1b3 a2b3 a3b3 a4b3
b4
a1b4 a2b4 a3b4 a4b4
b4
a1b4 a2b4 a3b4 a4b4
a1b1
a1
a2
a3
a4
b1
a1b1 a2b1 a3b1 a4b1
b2
a1b2 a2b2 a3b2 a4b2
b3
a1b3 a2b3 a3b3 a4b3
b4
a1b4 a2b4 a3b4 a4b4
z12
a1b2
xor
a2b1
xor
z12
a1b3
xor
a3b1
xor
z13
a1b4
xor
a4b1
xor
z14
a2b2
a2b3
xor
a3b2
xor
z23
a2b4
xor
a4b2
xor
z24
xor
z13
z23
a3b3
a3b4
xor
a4b3
xor
z34
z14
z24
z34
a4b4
z12
z13
z23
z14
z24
z34
random
Observation
and
a1
a2
a3
b1
b2
b3
(a1,a2,a3) and (b1,b2,b3) may not be “independent”.
Example:
and
a
and
a
a1
a2
a3
a1
a2
a3
Example
a1
t=2
a2
a3
a1
a1a1 a2a1 a3a1
a2
a1a2 a2a2 a3a2
a3
a1a3 a2a3 a3a3
Suppose that the adversary can observe that a3a1 = 1 and a3a2=1.
Then she knows that a1 = a2 = a3 = 1.
So she knows that a1 + a2 + a3 = 1 mod 2.
What is the reason?
some wires give information about two ai’s
A solution
Set m := 2t + 1.
In other words:
Instead of
(t+1)-out-of-(t+1) secret sharing
use
(2t+1)-out-of-(2t+1) secret sharing
a1
a2
a3
a4
Example: t = 2, m = 5
a5
b1
a1b1 a2b1 a3b1 a4b1 a5b1
b2
a1b2 a2b2 a3b2 a4b2 a5b2
z12
b3
a1b3 a2b3 a3b3 a4b3 a5b3
z13
z23
b4
a1b4 a2b4 a3b4 a4b4 a5b4
z14
z24
z34
b5
a1b5 a2b5 a3b5 a4b5 a5b5
z15
z25
z35
xor
a1b1
a2b1
a3b1
a4b1
a5b1
a1b2
a2b2
a3b2
a4b2
a5b2
a1b3
a2b3
a3b3
a4b3
a5b3
a1b4
a2b4
a3b4
a4b4
a5b4
a1b5
a2b5
a3b5
a4b5
a5b5
c1
c2
c3
c4
c5
xor
z45
The blow-up
The size of the circuit is increased by factor
O(t2)
The depth of the circuit is increased by factor
O(log d)
A subsequent paper
Y. Ishai, M. Prabhakaran, A. Sahai, and D.
Wagner. Private Circuits II: Keeping Secrets in
Tamperable Circuits. EUROCRYPT 2006
They cosider the active attacks, i.e. the
adversary can modify the circuit.
Plan
1. Private Circuits
2. Bounded-Retrieval Model
1. Entity authentication
2. Intrusion-Resilient Secret Sharing
3. Leakage-Resilient Stream Cipher
4. Open Problems
Bounded-Retrieval Model
This part of the lecture is based on
[D. Intrusion-Resilience via the BoundedStorage Model. TCC 2006]
Motivation:
PCs can be attacked by viruses
The problem
Computers can be infected by malware!
installs a virus
retrieves some data
The virus can:
 take control over the machine,
 steal some secrets stored on the machine.
Can we run any crypto on such machines?
Is there any remedy?
If
the virus can download
all the data stored on the machine
then
the situation looks hopeless
(because he can “clone” the machine).
Idea:
Assume that he cannot do it!
Bounded-Retrieval Model
Make secrets so large that the adversary cannot
retrieve them completely.
Practicality?
500 GB ≈ 200$
The general model
no virus
installs a virus
retrieves some data
no virus
installs a virus
retrieves some data
no virus
The total amount of retrieved data is bounded!
Our goal
Try to preserve as much security as possible (assuming
the scenario from the previous slide).
Of course
as long as the virus is controlling the machine nothing
can be done.
Therefore
we care about the periods when the machine is free of
viruses.
Two variants
How does the virus decide what the retrieve?
Variant 1 [D06a,D06b,CDDLLW07,DP07,DP08]
He can compute whatever he wants on the victim’s
machine.
Variant 2 [CLW06,…]
He can only access some individual bits on the victim’s
machine (“slow memory”)
(a bit similar to the “private circuits”)
Can we implement anything in this
model?
Yes! E.g.: entity authentication
the user
the bank
We solve the following problem:
How can the bank verify the authenticity of the user?
Entity authentication – the solution
key R = (R1,…,Rt)
00011010011101001001101011100111011111101001110101010101001001010011110000100111111110001010
Y
Y = {y1,…,ym} – a random
set of indices in R
(Ry1,…,Rym)
f(R,Y) :=
verifies
Security of the authentication protocol
Theorem [D06a]
The adversary that “retrieved” a constant fraction of
R does is not able to impersonate the user.
(This of course holds in the periods when the virus is
not on the machine.)
What needs to be proven?
Essentially:
h that is (sufficiently) “shrinking its input”
A
Z=f(
R
h
h(R)
with an overwhelming probability
Z is hard to guess
uniformly random
,
Y
)
Plan
1. Private Circuits
2. Bounded-Retrieval Model
1. Entity authentication
2. Intrusion-Resilient Secret Sharing
3. Leakage-Resilient Stream Cipher
4. Open Problems
Intrusion-Resilient Secret-Sharing in
the BRM
This part of the lecture is based on
[D. and Pietrzak Intrusion-Resilient Secret
Sharing. FOCS 2007]
a-out-of-a secret sharing
dealer’s secret S
Q0
Q1
Q2
(a = 5)
Q3
Q4
1. All a players can reconstruct S.
2. Any set of less than a-1 players has no information
about S.
Why is secret sharing useful?
Suppose the users store the shares on their PCs.
Q0
Q1
Q2
Q3
Q4
(by e.g. installing a virus)
The adversary that got an access to some proper subset of these machines
learns nothing about S.
Question
What if the adversary can
access all of the
machines?
(but not to all at
the same time)
Assumption: one corruption at a time!
Problem:
Q0
the adversary knows:
Q1
Q2
S0 S1 S2 S3 S4
Q3
reconstructs S
Q4
How to deal with this problem?
• Proactive security
[Ostrovsky and Yung, PODC’91]:
add refreshment rounds.
• Our approach:
use
the Bounded-Retrieval Model.
Intrusion-Resilient Secret Sharing (IRSS) =
Secret Sharing secure in the BRM
short secret S
Q0
Q1
Q2
Q3
the shares are large!
(e.g. 10 GB)
Q4
Does it make sense?
• How to define security?
these questions are related
• What about the reconstruction?
The two-party case
The adversary may “hop” between the parties
Q0
Alice
Q1
h20(Q
(S00))
...
h31(Q
(S11))
Bob
...
W-admissible, V-bounded adversaries
We say that an adversary is W-admissible
if he makes at most 2W corruptions.
We say that an adversary is V-bounded if
he retrieves at most V bits from each
player.
V
h0(Q0)
h2Q0)
h4(Q0)
h1(Q1)
h3(Q1)
h5(Q1)
...
h2W-2(Q0)
h2W-1(Q1)
W
How to define security?
Intuition:
Every W-admissible V-bounded adversary
should learn almost no information about the
shared secret S.
how to formalize
this?
Reconstruction procedure
Requirement: small communication
complexity
Trivial observation:
The reconstruction procedure cannot
take less than 2W - 1 messages.
We require that reconstruction takes
exactly 2W messages.
It should also be efficient!
W
Main idea of the construction
It is enough to share a random secret S.
Idea
We need to construct a two-party function
{0,1}T × {0,1}T → {0,1}N
that
• can be computed by exchanging 2W short messages
• cannot be computed by exchanging 2W - 1 messages
of length V.
In a very strong sense
How to construct such a scheme?
Idea
Use the randomness extractors.
A function
Ext : {0,1}k × {0,1}r → {0,1}m
is an (ε, n)-randomness extractor if for
• a uniformly random K, and
• every R with min-entropy n
we have that
(Ext(R,X),K) is ε – close to uniform.
Why are the extractors useful?
h that is (sufficiently) “shrinking its input”
A
uniformly random
Z = Ext (
R
,
K
h
h(R)
with an overwhelming probability
Z looks almost uniform
note: if h can depend on K then Z can be very far from uniform
)
An observation
Ext : {0,1}N × {0,1}T → {0,1}N is an extractor
K0
R
uniformly
random
V-bounded
adversary
The adversary that wants to learn K1
needs to corrupt Alice before he corrupts Bob!
K1 := Ext(K0,R)
How to force an adversary to “hop”
Ext : {0,1}N × {0,1}T → {0,1}N is an extractor
K0
L
K2 := Ext(K1,,R)
R
V-bounded
adversary
K1 := Ext(K0,,R)
Sharing a secret S
This is calculated
internaly by the
dealer
K0
K0
K1 := Ext(K0,R)
uniformly
random
K2 := Ext(K1,L)
L
...
compute:
K2W = Ext(K2W-1,L)
and C := S  K2W
K3 := Ext(K2,R)
K2W-1 := Ext(K2W-2,R)
R
Reconstruction
K0
K0
K1 := Ext(K0,R)
K2 := Ext(K1,L)
K3 := Ext(K2,R)
output:
C  f(K2W-1,R)
...
L
K2W-1 := Ext(K2W-2,R)
R
The multi-party case
How to extend the two-party case to the multiparty case?
“Hop”
“Loop”
To learn the secret the adversary
needs to make more than W loops
W
Plan
1. Private Circuits
2. Bounded-Retrieval Model
1. Entity authentication
2. Intrusion-Resilient Secret Sharing
3. Leakage-Resilient Stream Cipher
4. Open Problems
Intrusion-Resilient Secret-Sharing in
the BRM
This part of the lecture is based on
[D. and Pietrzak Leakage-Resilient
Cryptography. FOCS 2008]
Idea
We construct a
stream cipher
that is secure against a
very large and well-defined class of
leakages.
Our construction is in the standard model
(i.e. without the random oracles).
stream ciphers ≈ pseudorandom generators
short key X
S
long
stream
K
a computationally
bounded
adversary
should not be able
to distinguish K from
random
?
How do the stream ciphers work in practice?
short key X
S
K1
K2
time
K3
K4
X
stream K is
generated in
rounds
(one block per
round)
...
An equivalent
security definition
the adversary
knows:
should look random:
K1
K1
K2
X
K3
K3
K4
...
K2
Our assumption
We will assume that there is a leakage each time a key Ki is
generated (i.e. leakage occurs in every round).
S
K1
K2
X
K3
...
...
K4
the details follow...
Leakage-resilient stream cipher
- the model
Examples of the “leakage functions”
from the literature:
• Y. Ishai, A. Sahai, and D. Wagner. Private Circuits:
Securing Hardware against Probing Attacks.
The adversary can learn the value of some wires
of a circuit that computes the cryptographic
scheme.

another example (a “Hamming attack”):
The adversary can learn the sum of the secret
bits.
We consider a very general class of leakages
ff
In every ith round the
adversary choses
a poly-time computable
“bounded-output
function”
X
f : {0,1}n → {0,1}m
for m < n
and learns f(X)
We say that the adversary “retrieved m bits”
(in a given round).
How much leakage can we tolerate?
In our construction
the total number of retrieved bits
will be
larger than
the length of the secret key X
(but in every round the number of retrieved bits will
be much less than |X|)
this will be
a parameter
How can we achieve it?
by key evolution!
Key evolution
In each round the secret key X gets refreshed.
Assumptions:
key evolution has to be
deterministic
(no refreshing with external
randomness)
also the refreshing
procedure may cause
leakage
X
K1
X0
K2
X1
K3
X2
K4
X3
How to define security?
Is “indistinguishability” possible?
Problem
If the adversary can “retrieve” just one bit of Ki
then he can distinguish it from random...
Solution
Indistinguishability will concern the “future” keys Ki
Security “without
leakage”
the adversary
knows:
should look random:
K1
X0
K1
K2
X1
K2
K3
X2
K3
K4
Security “with leakage”
the adversary
knows:
should look random:
K1
the adversary
chooses f1
ff
X0
f1(X0)
K1
K2
K2
K3
f2(X1)
the adversary
chooses f3
K3
f3(X2)
ff
X2
the adversary
chooses f2
ff
X1
K4
Key evolution – a problem
Recall that:
1. the key evolution is deterministic
2. the “leakage function fi” can by any poly-time function.
Therefore:
the function fi can always compute the “future” keys
What to do?
We us the principle introduced in:
S. Micali and L. Reyzin.
Physically Observable Cryptography.
TCC 2004
“only computation leaks information”
in other words:
“untouched memory cells do not leak information”
Divide the memory into three parts: L, C and R
round 0
accessed only in
the even rounds
accessed
always
accessed only in
the odd rounds
L
C
R
L0
C0
R0
unmodified
L1
round 1
C1
R1
modified
L2
round 2
modified
unmodified
C2
unmodified
L3
modified
C3
modified
round 3
R2
R3
unmodified
..
.
...
...
...
Our cipher – the outline
the key of the cipher =
“the initial memory contents (L0, C0, R0)”
L0
C0
R0
S
unmodified
L1
C1
R1
S
L2
unmodified
C2
R2
S
unmodified
L3
C3
R3
...
...
...
The output
The output is the contents of the “central” part of the memory.
C→K
(L0, K
C0, R0)
L0
K
C0
R0
S
All the keys
Ki
will be given
“for free” to
the adversary
L1
K
C1
R1
K
C2
R2
S
L2
S
L3
K
C3
R3
The details of the model
(L0, K0, R0)
L0
K0
K0
R0
K1
R1
L2
K2
R2
L3
K3
R3
K2
K3
f3(R2)
K3
S
K1
f2(L1)
K2
S
should look
random:
f1(R0)
K1
S
L1
the adversary
knows:
K4
Leakage-resilient stream cipher
- the construction
How to construct such a cipher?
Observation
Use the looks very similar to the 2-party IRSS...
Can we use it?
YES!
Another look at the 2-party IRSS
K0
L
R
K1= Ext(K0, R)
L
K1
R
K2
R
K2 = Ext(K1, L)
L
K3 = Ext(K2, R)
L
K3
R
...
...
...
A fact from [DP07]
Even if
a constant fraction of L and R leaks
the keys K1,K2,..
look “almost uniform”
Idea: “add key evolution to [DP07]”
What to do?
Use a pseudorandom generator (prg) in the following
way:
Ki
R
Ki+1= Ext(Ki, R)
Ki+1
Ki
Ri
(Ki+1, Yi+1) = Ext(Ki, R)
R
Ki+1
Ri+1 = prg(Yi+1)
Our scheme
L0
K0
R0
1=1)Ext(K
0, R)
0, R0)
(K1,KY
= Ext(K
L10
K1
R1 = prg(Y
R0 1)
K2
R20
1, L11,) L1)
(K2K, 2Y=2)Ext(K
= Ext(K
L2 = prg(Y
L0 2)
2, R)
2, R2)
(K3,K3Y=3)Ext(K
= Ext(K
L30
K3
R3 = prg(Y
R0 3)
...
...
...
Our results (1/2)
assume the existence of pseudorandom generators
then
the cipher constructed on the previous slides is
secure against the adversary that in every round
retrieves:
λ = ω( log(length of the key))
bits
this covers many real-life attacks
(e.g. the “Hamming attack”)
101
Our results (2/2)
assume the existence of pseudorandom generators
secure against exponential-size circuits
then
the cipher constructed on the previous slides is
secure against the adversary that in every round
retrieves:
λ = ϴ(length of the key)
bits
102
Main ingredients of the proof
1. Alternating extraction
2. The following lemma:
prg – pseudorandom generator
f – bounded-output function
S – seed for the prg distributed uniformly
then:
with a high probability
the distribution Pprg(S)|f(S) = x where x := f(S)
is indistinguishable from a distribution having high minentropy
this was proven independently in:
Omer Reingold, Luca Trevisan, Madhur Tulsiani, and Salil Vadhan.
Dense subsets of pseudorandom sets. FOCS 2008
Subsequent work
using the “computation leaks information” paradigm:
•
•
Krzysztof Pietrzak
A Leakage-Resilient Mode of Operation.
EUROCRYPT 2009
Public-key crypto in the generic groups
Kiltz and Pietrzak [Bertinoro 2009]
other:
• Joel Alwen, Yevgeniy Dodis and Daniel Wichs,
Leakage Resilient Public-Key Cryptography in the Bounded Retrieval Model
CRYPTO 2009
• Yevgeniy Dodis, Yael Tauman Kalai and Shachar Lovett,
On Cryptography with Auxiliary Input
STOC 2009
• A. Akavia, S. Goldwasser and V. Vaikuntanathan
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
TCC 2009
• Moni Naor and Gil Segev
Public-Key Cryptosystems Resilient to Key Leakage
Extend (and unify) the existing models
“Private circuits”:
• strong results
• weaker model
anything
in
between?
Bounded-Retrieval
Model:
h(S)
• weaker results
• strong model
Key evolution
S0
S1
S2
…
information
time →
some alternatives to “only computation leaks information” paradigm?
Active attacks?
In the BRM we considered only the passive
attacks.
Can we have some interesting results when the
adversary can modify the circuit?
Bibliography
[ADR02] Y. Aumann, Y. Z. Ding, M. O. Rabin: Everlasting security in the bounded storage model. IEEE
Transactions on Information Theory ‘02
[CDDLLW07] D. Cash, Y. Z. Ding, Y. Dodis, W. Lee, R. J. Lipton, and S. Walfish. Intrusion-Resilient Key Exchange in
the Bounded Retrieval Model. TCC 2007,
[D06a] S. Dziembowski Intrusion-Resilience via the Bounded-Storage Model. TCC 2006,
[D06b] S. Dziembowski On Forward-Secure Storage. CRYPTO '06,
[DLW06] G. Di Crescenzo, R. J. Lipton, and S.Walfish. Perfectly Secure Password Protocols in the Bounded
Retrieval Model. TCC 2006,
[DM04] S. Dziembowski and U. Maurer Optimal Randomizer Efficiency in the Bounded-Storage Model. Journal
of Cryptology, 2004, STOC 2002,
[DP07] S. Dziembowski and K. Pietrzak Intrusion-Resilient Secret Sharing. FOCS 2007,
[DP08] S. Dziembowski and K. Pietrzak Leakage-Resilient Cryptography. FOCS 2008,
[IPSW06] Y. Ishai, M. Prabhakaran, A. Sahai, and D. Wagner. Private Circuits II: Keeping Secrets in Tamperable
Circuits. EUROCRYPT 2006.
[ISW03] Y. Ishai, A. Sahai, and D. Wagner. Private Circuits: Securing Hardware against Probing Attacks. CRYPTO
2003
[L04] C. J. Lu. Encryption against Storage-Bounded Adversaries from On-Line Strong Extractors. J. Cryptology
`04.
[M92] U. Maurer. Conditionally-Perfect Secrecy and a Provably-Secure Randomized Cipher
Journal of Cryptology, 1992
[P09] K. Pietrzak. A Leakage-Resilient Mode of Operation. Eurocrypt 2009, to appear
[V04] S. Vadhan. Constructing Locally Computable Extractors and Cryptosystems in the Bounded-Storage
Model. CRYPTO `03, J. Cryptology `04.
Subsequent papers on this topic
• Adi Akavia, Shafi Goldwasser and Vinod Vaikuntanathan, Simultaneous
Hardcore Bits and Cryptography Against Memory Attacks, TCC 2009
• Joel Alwen, Yevgeniy Dodis and Daniel Wichs,
"Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval
Model",
Advances in Cryptology - CRYPTO, August 2009.
• Yevgeniy Dodis and Daniel Wichs,
"Non-malleable Extractors and Symmetric Key Cryptography from Weak
Secrets",
Symposium on Theory of Computing (STOC), May 2009.
• Yevgeniy Dodis, Yael Tauman Kalai and Shachar Lovett,
"On Cryptography with Auxiliary Input",
Symposium on Theory of Computing (STOC), May 2009.
• J. Katz, V. Vaikuntanathan. Signature schemes with bounded leakage
resilience, ASIACRYPT 2009
• Moni Naor and Gil Segev, Public-Key Cryptosystems Resilient to Key
Leakage, Crypto 2009.
Thank you!