Leakage-Resilient Cryptography from Minimal Assumptions

We present new constructions of leakage-resilient cryptosystems, which remain provably secure even if the attacker learns some arbitrary partial information about their internal secret key. For any polynomial ℓ, we can instantiate these schemes so as to tolerate up to ℓ bits of leakage. While there has been much prior work constructing such leakage-resilient cryptosystems under concrete number-theoretic and algebraic assumptions, we present the first schemes under general and minimal assumptions. In particular, we construct:

Leakage-resilient

public-key encryption

from any standard public-key encryption.

Leakage-resilient

weak pseudorandom functions

,

symmetric-key encryption

, and

message-authentication codes

from any one-way function.

These are the first constructions of leakage-resilient

symmetric-key

primitives that do not rely on

public-key

assumptions. We also get the first constructions of leakage-resilient public-key encryption from “search assumptions”, such as the hardness of factoring or CDH. Although our schemes can tolerate arbitrarily large

amounts

of leakage, the tolerated

rate

of leakage (defined as the ratio of leakage-amount to key-size) is rather poor in comparison to prior results under specific assumptions.

As a building block of independent interest, we study a notion of

weak

hash-proof systems in the public-key and symmetric-key settings. While these inherit some of the interesting security properties of standard hash-proof systems, we can instantiate them under general assumptions.