• PDF / 345,603 Bytes
• 20 Pages / 439.37 x 666.142 pts Page_size
• 14 Downloads / 303 Views

DOWNLOAD

REPORT

2

School of Computer Science and Technology, Shandong University, Jinan 250101, China [email protected], [email protected] State Key Laboratory of Information Security (SKLOIS), Institute of Information Engineering (IIE), Chinese Academy of Sciences (CAS), Beijing, China {zhouyongbin,r-zhang}@iie.ac.cn

Abstract. To tackle with physical attacks to real world cryptosystems, leakage resilient cryptography was developed. In this setting, the adversary is allowed to have access to the internal state of a cryptographic system, thus violates the black-box reduction used in cryptography. Especially when considering continual memory leakage (CML), i.e., there is no predetermined bound on the leakage of the internal information, the task is extremely tough. In this paper, we solve this problem by introducing a new primitive called updatable hash proof system (UHPS). A UHPS can be viewed as a special Hash proof system (HPS), which served as a fundamental tool in constructing public key encryption (PKE) schemes in both leakage-free and leaky settings. A remarkable property of UHPS is that by simply substituting the HPS component with a UHPS component in a PKE scheme, one obtains a new PKE scheme secure in the CML setting. Moreover, the resulting PKE scheme enjoys the same advantage of the original HPS-based PKE, for instance, still “compatible” with known transforms [8, 20, 24, 32]. We then give instantiations of UHPS from widely-accepted assumptions, including the symmetric external Diffie-Hellman assumption and the d-linear assumption. Interestingly, we notice that when instantiated with concrete assumptions, the resulting chosen-ciphertext secure PKE scheme is by far the most efficient.

1

Introduction

Side-channel attacks are fatal for a real-world cryptosystem. Notably, such attacks can violate the black-box “provable” security of schemes [3,5,17,21,22, 30,34]. For instance, the only known working attack for AES is via side-channel attacks [30]. Moreover, it is also possible to launch such an attack remotely, e.g., the timing attacks could break OpenSSL run on a network server [5]. R. Yang — This work was mainly done when doing the internship at SKLOIS, IIE, CAS. c Springer International Publishing Switzerland 2015  G. Pernul et al. (Eds.): ESORICS 2015, Part I, LNCS 9326, pp. 266–285, 2015. DOI: 10.1007/978-3-319-24174-6 14

Updatable Hash Proof System and Its Applications

267

Even worse, via the cold-boot attack, one can read the secret keys stored in the memory directly [17]. As for a countermeasure, engineers are always required to implement the scheme in an environment approximate to the theoretical assumptions, e.g., using extra protection circuits, adding random circles to CPU occupations, or adding metal shields against electromagnetic radiation. But in a word, there is no guarantee whether they have actually realized the design goal. Leakage Resilient Cryptography. On the other hand, theorists intended to investigate this problem in a more rigorous way, so the leakage resilient cryptography came up. Micali and R

Recommend Documents

Distributed Hash Table Theory, Platforms and Applications

192 44 1MB

Updatable Blockchains

187 81 39MB

Tamper-proof Operating System

171 85 47MB

Introduction to WAMS and Its Applications for Future Power System

180 72 25MB

HASH-2

170 25 92MB

Key-and-Argument-Updatable QA-NIZKs

167 1 16MB

Geometry and its Applications

200 65 3MB

Dialetheism and its Applications

222 72 2MB

Comparative judgement, proof summaries and proof comprehension

200 76 2MB

Hash Tables and Associative Arrays

186 24 295KB

Hash-tree PCA: accelerating PCA with hash-based grouping

159 58 1MB

Studying Mathematics and its Applications

159 56 1MB