Simultaneous Hardcore Bits and Cryptography against Memory Attacks

  • Adi Akavia
  • Shafi Goldwasser
  • Vinod Vaikuntanathan
Conference paper

DOI: 10.1007/978-3-642-00457-5_28

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5444)
Cite this paper as:
Akavia A., Goldwasser S., Vaikuntanathan V. (2009) Simultaneous Hardcore Bits and Cryptography against Memory Attacks. In: Reingold O. (eds) Theory of Cryptography. TCC 2009. Lecture Notes in Computer Science, vol 5444. Springer, Berlin, Heidelberg


This paper considers two questions in cryptography.

Cryptography Secure Against Memory Attacks. A particularly devastating side-channel attack against cryptosystems, termed the “memory attack”, was proposed recently. In this attack, a significant fraction of the bits of a secret key of a cryptographic algorithm can be measured by an adversary if the secret key is ever stored in a part of memory which can be accessed even after power has been turned off for a short amount of time. Such an attack has been shown to completely compromise the security of various cryptosystems in use, including the RSA cryptosystem and AES.

We show that the public-key encryption scheme of Regev (STOC 2005), and the identity-based encryption scheme of Gentry, Peikert and Vaikuntanathan (STOC 2008) are remarkably robust against memory attacks where the adversary can measure a large fraction of the bits of the secret-key, or more generally, can compute an arbitrary function of the secret-key of bounded output length. This is done without increasing the size of the secret-key, and without introducing any complication of the natural encryption and decryption routines.

Simultaneous Hardcore Bits. We say that a block of bits of x are simultaneously hard-core for a one-way function f(x), if given f(x) they cannot be distinguished from a random string of the same length. Although any candidate one-way function can be shown to hide one hardcore bit and even a logarithmic number of simultaneously hardcore bits, there are few examples of one-way or trapdoor functions for which a linear number of the input bits have been proved simultaneously hardcore; the ones that are known relate the simultaneous security to the difficulty of factoring integers.

We show that for a lattice-based (injective) trapdoor function which is a variant of function proposed earlier by Gentry, Peikert and Vaikuntanathan, an N − o(N) number of input bits are simultaneously hardcore, where N is the total length of the input.

These two results rely on similar proof techniques.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Adi Akavia
    • 1
  • Shafi Goldwasser
    • 2
  • Vinod Vaikuntanathan
    • 3
  1. 1.IAS and DIMACS 
  2. 2.MIT and Weizmann Insitute 
  3. 3.MIT and IBM Research 

Personalised recommendations