IACR News item: 22 August 2013
PhD Database
Name: Daniel Wichs
Topic: Cryptographic Resilience to Continual Information Leakage
Category: foundations
Description: In this thesis, we study the question of achieving cryptographic security on\r\ndevices that leak information about their internal secret state to an external attacker. This study is motivated by the prevalence of side-channel attacks, where\r\nthe physical characteristics of a computation (e.g. timing, power-consumption,\r\ntemperature, radiation, acoustics, etc.) can be measured, and may reveal useful information about the internal state of a device. Since some such leakage is\r\ninevitably present in almost any physical implementation, we believe that this\r\nproblem cannot just be addressed by physical countermeasures alone. Instead, it\r\nshould already be taken into account when designing the mathematical speci cation of cryptographic primitives and included in the formal study of their security.\r\nIn this thesis, we propose a new formal framework for modeling the leakage\r\navailable to an attacker. This framework, called the continual leakage model, assumes that an attacker can continually learn arbitrary information about the internal secret state of a cryptographic scheme at any point in time, subject only to the\r\nconstraint that the rate of leakage is bounded. More precisely, our model assumes\r\nsome abstract notion of time periods. In each such period, the attacker can choose\r\nto learn arbitrary functions of the current secret state of the scheme, as long as\r\nthe number of output bits leaked is not too large. In our solutions, cryptographic\r\nschemes will continually update their internal secret state at the end of each time\r\nperiod. This will ensure that leakage observed in di erent time periods cannot be\r\nmeaningfully combined to break the security of the cryptosystem. Although these\r\nupdates modify the secret state of the cryptosystem, the desired functionality of\r\nthe scheme is preserved, and the users can remain oblivious to these updates. We\r\nconstruct signatures, encryption, and secret sharing/storage schemes in this model.[...]
Topic: Cryptographic Resilience to Continual Information Leakage
Category: foundations
Description: In this thesis, we study the question of achieving cryptographic security on\r\ndevices that leak information about their internal secret state to an external attacker. This study is motivated by the prevalence of side-channel attacks, where\r\nthe physical characteristics of a computation (e.g. timing, power-consumption,\r\ntemperature, radiation, acoustics, etc.) can be measured, and may reveal useful information about the internal state of a device. Since some such leakage is\r\ninevitably present in almost any physical implementation, we believe that this\r\nproblem cannot just be addressed by physical countermeasures alone. Instead, it\r\nshould already be taken into account when designing the mathematical speci cation of cryptographic primitives and included in the formal study of their security.\r\nIn this thesis, we propose a new formal framework for modeling the leakage\r\navailable to an attacker. This framework, called the continual leakage model, assumes that an attacker can continually learn arbitrary information about the internal secret state of a cryptographic scheme at any point in time, subject only to the\r\nconstraint that the rate of leakage is bounded. More precisely, our model assumes\r\nsome abstract notion of time periods. In each such period, the attacker can choose\r\nto learn arbitrary functions of the current secret state of the scheme, as long as\r\nthe number of output bits leaked is not too large. In our solutions, cryptographic\r\nschemes will continually update their internal secret state at the end of each time\r\nperiod. This will ensure that leakage observed in di erent time periods cannot be\r\nmeaningfully combined to break the security of the cryptosystem. Although these\r\nupdates modify the secret state of the cryptosystem, the desired functionality of\r\nthe scheme is preserved, and the users can remain oblivious to these updates. We\r\nconstruct signatures, encryption, and secret sharing/storage schemes in this model.[...]
Additional news items may be found on the IACR news page.