Advertisement
Published in:
2013 | OriginalPaper | Chapter
Bounded Tamper Resilience: How to Go beyond the Algebraic Barrier
Authors : Ivan Damgård, Sebastian Faust, Pratyay Mukherjee, Daniele Venturi
Published in: Advances in Cryptology - ASIACRYPT 2013
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
Related key attacks (RKAs) are powerful cryptanalytic attacks where an adversary can change the secret key and observe the effect of such changes at the output. The state of the art in RKA security protects against an a-priori unbounded number of certain algebraic induced key relations, e.g., affine functions or polynomials of bounded degree. In this work, we show that it is possible to go beyond the algebraic barrier and achieve security against
arbitrary
key relations, by restricting the number of tampering queries the adversary is allowed to ask for. The latter restriction is necessary in case of arbitrary key relations, as otherwise a generic attack of Gennaro
et al.
(TCC 2004) shows how to recover the key of almost any cryptographic primitive. We describe our contributions in more detail below.
1
We show that standard ID and signature schemes constructed from a large class of Σ-protocols (including the Okamoto scheme, for instance) are secure even if the adversary can
arbitrarily
tamper with the prover’s state a
bounded
number of times and obtain some bounded amount of leakage. Interestingly, for the Okamoto scheme we can allow also independent tampering with the public parameters.
2
We show a
bounded
tamper and leakage resilient CCA secure public key cryptosystem based on the DDH assumption. We first define a weaker CPA-like security notion that we can instantiate based on DDH, and then we give a general compiler that yields CCA-security with tamper and leakage resilience. This requires a public tamper-proof common reference string.
3
Finally, we explain how to boost bounded tampering and leakage resilience (as in 1. and 2. above) to
continuous
tampering and leakage resilience, in the so-called
floppy model
where each user has a personal hardware token (containing leak- and tamper-free information) which can be used to refresh the secret key.
We believe that bounded tampering is a meaningful and interesting alternative to avoid known impossibility results and can provide important insights into the security of existing standard cryptographic schemes.