Physically Observable Cryptography

  • Silvio Micali
  • Leonid Reyzin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2951)


Complexity-theoretic cryptography considers only abstract notions of computation, and hence cannot protect against attacks that exploit the information leakage (via electromagnetic fields, power consumption, etc.) inherent in the physical execution of any cryptographic algorithm. Such “physical observation attacks” bypass the impressive barrier of mathematical security erected so far, and successfully break mathematically impregnable systems. The great practicality and the inherent availability of physical attacks threaten the very relevance of complexity-theoretic security.

To respond to the present crisis, we put forward physically observable cryptography: a powerful, comprehensive, and precise model for defining and delivering cryptographic security against an adversary that has access to information leaked from the physical execution of cryptographic algorithms. Our general model allows for a variety of adversaries. In this paper, however, we focus on the strongest possible adversary, so as to capture what is cryptographically possible in the worst possible, physically observable setting. In particular, we

consider an adversary that has full (and indeed adaptive) access to any leaked information;

show that some of the basic theorems and intuitions of traditional cryptography no longer hold in a physically observable setting; and

construct pseudorandom generators that are provably secure against all physical-observation attacks.

Our model makes it easy to meaningfully restrict the power of our general physically observing adversary. Such restrictions may enable schemes that are more efficient or rely on weaker assumptions, while retaining security against meaningful physical observations attacks.


Smart Card Turing Machine Physically Observable Pseudorandom Generator Physical Computer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Proceedings of the Twenty First Annual ACM Symposium on Theory of Computing, Seattle, Washington, May 15-17 (1989)Google Scholar
  2. 2.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Cryptographic Hardware and Embedded Systems Conference (CHES 2002) (2002)Google Scholar
  3. 3.
    Alexi, W., Chor, B., Goldreich, O., Schnorr, C.: RSA and Rabin functions: Certain parts are as hard as the whole. SIAM J. Computing 17(2), 194–209 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Anderson, R., Kuhn, M.: Tamper resistance — a cautionary note. In: The Second USENIX Workshop on Electronic Commerce (November 1996)Google Scholar
  5. 5.
    Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: Fifth International Security Protocol Workshop (April 1997)Google Scholar
  6. 6.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)Google Scholar
  7. 7.
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM Journal on Computing 13(4), 850–863 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Boneh, D., DeMillo, R., Lipton, R.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  9. 9.
    Chari, S., Jutla, C., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power analysis attacks. In: Wiener [29], pp. 398–412Google Scholar
  10. 10.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  11. 11.
    Even, S., Goldreich, O., Micali, S.: On-line/off-line digital signatures. Journal of Cryptology 9(1), 35–67 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Gennaro, R., Lysyanskaya, A., Malkin, T., Micali, S., Rabin, T.: Tamper Proof Security: Theoretical Foundations for Security Against Hardware Tampering. In: Proceedings of the Theory of Cryptography Conference (2004)Google Scholar
  13. 13.
    Goldreich, O., Levin, L.: A hard-core predicate for all one-way functions. In: ACM [1], pp. 25–32Google Scholar
  14. 14.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001)zbMATHCrossRefGoogle Scholar
  15. 15.
    Goldreich, O., Micali, S.: (unpublished)Google Scholar
  16. 16.
    Goldreich, O., Goldwasser, S., Micali, S.: How to Construct Random Functions. Journal of the ACM 33(4), 792–807 (1986)CrossRefMathSciNetGoogle Scholar
  17. 17.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: Construction of pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: Securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Jaffe, J., Kocher, P., Jun, B.: United states patent 6,510,518: Balanced cryptographic computational method and apparatus for leak minimizational in smartcards and other cryptosystems, January 21 (2003)Google Scholar
  20. 20.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener [29], pp. 388–397Google Scholar
  21. 21.
    Lamport, L.: Constructing digital signatures from a one way function. Technical Report CSL-98, SRI International (October 1979)Google Scholar
  22. 22.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  23. 23.
    Moore, S.W., Anderson, R.J., Cunningham, P., Mullins, R., Taylor, G.: Improving smartcard security using self-timed circuits. In: Asynch 2002, IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  24. 24.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: ACM [1], pp. 33–43Google Scholar
  25. 25.
    FIPS publication 46: Data encryption standard (1977), Available from:
  26. 26.
    Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: Proceedings of the Twenty Second Annual ACM Symposium on Theory of Computing, Baltimore, Maryland, May 14–16, pp. 387–394 (1990)Google Scholar
  28. 28.
    Skorobogatov, S., Anderson, R.: Optical fault induction attacks. In: Cryptographic Hardware and Embedded Systems Conference (CHES 2002) (2002)Google Scholar
  29. 29.
    Wiener, M. (ed.): CRYPTO 1999. LNCS, vol. 1666. Springer, Heidelberg (1999)zbMATHGoogle Scholar
  30. 30.
    Yao, A.C.: Theory and applications of trapdoor functions. In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, November 3-5, pp. 80–91. IEEE, Los Alamitos (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Silvio Micali
    • 1
  • Leonid Reyzin
    • 2
  1. 1.MIT CSAILCambridgeUSA
  2. 2.Boston University Computer ScienceBostonUSA

Personalised recommendations