International Association
for Cryptologic Research

In traditional cryptography, the standard way of examining the security of a scheme is to analyze it in a black box manner which does not capture the side channel attacks. Such attacks can exploit various forms of unintended information leakage and threaten the practical security. One way to protect against such attacks is to extend the traditional models to capture them. Early models rely on the assumption that only computation leaks information, and can not capture memory attacks such as cold boot attacks. Thus, Akavia et al. (TCC \'09) formalize the model of key-leakage attacks to cover them. However, as we will mention below, most keyleakage attacks in reality may be weak key-leakage attacks which can be viewed as a non-adaptive version of the key-leakage attacks. And the existing construction of cryptographic schemes in models that can capture adaptive key-leakage attacks has some drawbacks. We mainly consider the models that cover weak key-leakage attacks and the corresponding constructions in them.

In this paper, we extend the transformation paradigm presented by Naor and Segev that can transform from any chosen-plaintext secure public key encryption (PKE) scheme into a chosenplaintext weak key-leakage secure PKE scheme. Our extensions are mainly in two manners. On one hand, we extend the paradigm into chosen-ciphertext attack scenarios and prove that the properties of the paradigm still hold when we consider chosen-ciphertext attacks. We also give an instantiation based on DDH assumption in this setting for concrete. On the other hand, we extend the paradigm to cover more powerful side channel attacks. We do this by relaxing the restrictions on leakage functions. We further consider attacks that require the secret key still has enough min-entropy after leaking and prove the original paradigm is still applicable in this case with chosen-ciphertext attacks. We also consider attacks that require the secret key is computationally infeasible to recover given the leakage information and formalize the informal discusses by Naor and Segev in (Crypto\' 09) on how to adapt the original paradigm in this new models.