Cryptography against continuous memory attacks

Yevgeniy Dodis, Kristiyan Haralambiev, Adriana López-Alt, Daniel Wichs

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We say that a cryptographic scheme is Continuous Leakage-Resilient (CLR), if it allows users to refresh their secret keys, using only fresh local randomness, such that: • The scheme remains functional after any number of key refreshes, although the public key never changes. Thus, the "outside world" is neither affected by these key refreshes, nor needs to know about their frequency. • The scheme remains secure even if the adversary can continuously leak arbitrary information about the current secret-key, as long as the amount of leaked information is bounded in between any two successive key refreshes. There is no bound on the total amount of information that can be leaked during the lifetime of the system. In this work, we construct a variety of practical CLR schemes, including CLR one-way relations, CLR signatures, CLR identification schemes, and CLR authenticated key agreement protocols. For each of the above, we give general constructions, and then show how to instantiate them efficiently using a well established assumption on bilinear groups, called the K-Linear assumption (for any constant K greater than or equal to 1). Our constructions are highly modular, and we develop many interesting techniques and building-blocks along the way, including: leakage-indistinguishable re-randomizable relations, homomorphic NIZKs, and leakage-of-ciphertext non-malleable encryption schemes.

Original languageEnglish (US)
Title of host publicationProceedings - 2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS 2010
Pages511-520
Number of pages10
DOIs
StatePublished - 2010
Event2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS 2010 - Las Vegas, NV, United States
Duration: Oct 23 2010Oct 26 2010

Other

Other2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS 2010
CountryUnited States
CityLas Vegas, NV
Period10/23/1010/26/10

Fingerprint

Cryptography
Data storage equipment

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Dodis, Y., Haralambiev, K., López-Alt, A., & Wichs, D. (2010). Cryptography against continuous memory attacks. In Proceedings - 2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS 2010 (pp. 511-520). [5671302] https://doi.org/10.1109/FOCS.2010.56

Cryptography against continuous memory attacks. / Dodis, Yevgeniy; Haralambiev, Kristiyan; López-Alt, Adriana; Wichs, Daniel.

Proceedings - 2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS 2010. 2010. p. 511-520 5671302.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dodis, Y, Haralambiev, K, López-Alt, A & Wichs, D 2010, Cryptography against continuous memory attacks. in Proceedings - 2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS 2010., 5671302, pp. 511-520, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS 2010, Las Vegas, NV, United States, 10/23/10. https://doi.org/10.1109/FOCS.2010.56
Dodis Y, Haralambiev K, López-Alt A, Wichs D. Cryptography against continuous memory attacks. In Proceedings - 2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS 2010. 2010. p. 511-520. 5671302 https://doi.org/10.1109/FOCS.2010.56
Dodis, Yevgeniy ; Haralambiev, Kristiyan ; López-Alt, Adriana ; Wichs, Daniel. / Cryptography against continuous memory attacks. Proceedings - 2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS 2010. 2010. pp. 511-520
@inproceedings{f25128202fc94606920996a3f1f396de,
title = "Cryptography against continuous memory attacks",
abstract = "We say that a cryptographic scheme is Continuous Leakage-Resilient (CLR), if it allows users to refresh their secret keys, using only fresh local randomness, such that: • The scheme remains functional after any number of key refreshes, although the public key never changes. Thus, the {"}outside world{"} is neither affected by these key refreshes, nor needs to know about their frequency. • The scheme remains secure even if the adversary can continuously leak arbitrary information about the current secret-key, as long as the amount of leaked information is bounded in between any two successive key refreshes. There is no bound on the total amount of information that can be leaked during the lifetime of the system. In this work, we construct a variety of practical CLR schemes, including CLR one-way relations, CLR signatures, CLR identification schemes, and CLR authenticated key agreement protocols. For each of the above, we give general constructions, and then show how to instantiate them efficiently using a well established assumption on bilinear groups, called the K-Linear assumption (for any constant K greater than or equal to 1). Our constructions are highly modular, and we develop many interesting techniques and building-blocks along the way, including: leakage-indistinguishable re-randomizable relations, homomorphic NIZKs, and leakage-of-ciphertext non-malleable encryption schemes.",
author = "Yevgeniy Dodis and Kristiyan Haralambiev and Adriana L{\'o}pez-Alt and Daniel Wichs",
year = "2010",
doi = "10.1109/FOCS.2010.56",
language = "English (US)",
isbn = "9780769542447",
pages = "511--520",
booktitle = "Proceedings - 2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS 2010",

}

TY - GEN

T1 - Cryptography against continuous memory attacks

AU - Dodis, Yevgeniy

AU - Haralambiev, Kristiyan

AU - López-Alt, Adriana

AU - Wichs, Daniel

PY - 2010

Y1 - 2010

N2 - We say that a cryptographic scheme is Continuous Leakage-Resilient (CLR), if it allows users to refresh their secret keys, using only fresh local randomness, such that: • The scheme remains functional after any number of key refreshes, although the public key never changes. Thus, the "outside world" is neither affected by these key refreshes, nor needs to know about their frequency. • The scheme remains secure even if the adversary can continuously leak arbitrary information about the current secret-key, as long as the amount of leaked information is bounded in between any two successive key refreshes. There is no bound on the total amount of information that can be leaked during the lifetime of the system. In this work, we construct a variety of practical CLR schemes, including CLR one-way relations, CLR signatures, CLR identification schemes, and CLR authenticated key agreement protocols. For each of the above, we give general constructions, and then show how to instantiate them efficiently using a well established assumption on bilinear groups, called the K-Linear assumption (for any constant K greater than or equal to 1). Our constructions are highly modular, and we develop many interesting techniques and building-blocks along the way, including: leakage-indistinguishable re-randomizable relations, homomorphic NIZKs, and leakage-of-ciphertext non-malleable encryption schemes.

AB - We say that a cryptographic scheme is Continuous Leakage-Resilient (CLR), if it allows users to refresh their secret keys, using only fresh local randomness, such that: • The scheme remains functional after any number of key refreshes, although the public key never changes. Thus, the "outside world" is neither affected by these key refreshes, nor needs to know about their frequency. • The scheme remains secure even if the adversary can continuously leak arbitrary information about the current secret-key, as long as the amount of leaked information is bounded in between any two successive key refreshes. There is no bound on the total amount of information that can be leaked during the lifetime of the system. In this work, we construct a variety of practical CLR schemes, including CLR one-way relations, CLR signatures, CLR identification schemes, and CLR authenticated key agreement protocols. For each of the above, we give general constructions, and then show how to instantiate them efficiently using a well established assumption on bilinear groups, called the K-Linear assumption (for any constant K greater than or equal to 1). Our constructions are highly modular, and we develop many interesting techniques and building-blocks along the way, including: leakage-indistinguishable re-randomizable relations, homomorphic NIZKs, and leakage-of-ciphertext non-malleable encryption schemes.

UR - http://www.scopus.com/inward/record.url?scp=78751485079&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78751485079&partnerID=8YFLogxK

U2 - 10.1109/FOCS.2010.56

DO - 10.1109/FOCS.2010.56

M3 - Conference contribution

SN - 9780769542447

SP - 511

EP - 520

BT - Proceedings - 2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS 2010

ER -