Leakage Quantification of Cryptographic Operations

  • Michael Wibmer
  • Debmalya Biswas
  • Florian Kerschbaum
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6426)

Abstract

Perfectly secure protocols are often too inefficient performance wise to be used in a practical setting. On the other hand, an insecure (but faster) protocol might be deemed secure for a particular setting. Recent research has thus focused on precise leakage quantification of a security protocol. In this context, we first give precise leakage quantification of a basic cryptographic primitive, that of multiplicative hiding. We then show how the approach can be extended to compute worst case leakage bounds of arbitrary compositions of cryptographic operations. The composition results make our bounds applicable to a wide range of general security protocols.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ryan, P.Y.A., McLean, J., Millen, J., Gilgor, V.: Noninterference, who needs it? In: Proceedings of the IEEE Computer Security Foundations Workshop, pp. 237–238 (2001)Google Scholar
  2. 2.
    SecureSCM project, http://www.securescm.org/
  3. 3.
    Shamir, A.: How to share a Secret. Communications of the ACM 22(11), 612–613 (1979)MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computations. In: Proceedings of the Annual Symposium on Theory of Computing (STOC), pp. 1–10 (1988)Google Scholar
  5. 5.
    Braun, C., Chatzikokolakis, K., Palamidessi, C.: Quantitative notions of leakage for one-try attacks. In: Proceedings of the Conference on Mathematical Foundations of Programming Semantics (MFPS), pp. 75–91 (2009)Google Scholar
  6. 6.
    Kerschbaum, F., Biswas, D., de Hoogh, S.: Performance comparison of secure comparison protocols. In: Proceedings of the International Workshop on Business Processes Security (BPS), pp. 133–136 (2009)Google Scholar
  7. 7.
    Nishide, T., Ohta, K.: Multiparty computation for interval, equality, and comparison without bit-decomposition protocol. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 343–360. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Smith, G.: Adversaries and information leaks (Tutorial). In: Barthe, G., Fournet, C. (eds.) TGC 2007 and FODO 2008. LNCS, vol. 4912, pp. 383–400. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Kiltz, E., Leander, G., Malone-Lee, J.: Secure Computation of the Mean and Related Statistics. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 283–302. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Toft, T.: Solving Linear Programs Using Multiparty Computation. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 90–107. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Malacaria, P.: Assessing security threats of looping constructs. In: Proceedings of the Annual ACM SIGPLAN-SIGACT symposium on Principles of Programming Languages (POPL), pp. 225–235 (2007)Google Scholar
  12. 12.
    Shannon, C.E.: Communication theory of secrecy systems. Bell System Technical Journal 27, 379–423 (1948)MathSciNetCrossRefMATHGoogle Scholar
  13. 13.
    Boreale, M.: Quantifying information leakage in process calculi. Information and Computation 207(6), 699–725 (2009)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Pliam, J.O.: On the incomparability of entropy and marginal guesswork in Brute-force attacks. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 67–79. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  15. 15.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity protocols as noisy channels. In: Montanari, U., Sannella, D., Bruni, R. (eds.) TGC 2006. LNCS, vol. 4661, pp. 281–300. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Probability of error in information-hiding protocols. In: Proceedings of the IEEE Computer Security Foundations Symposium (CSF), pp. 341–354 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Michael Wibmer
    • 1
  • Debmalya Biswas
    • 2
  • Florian Kerschbaum
    • 2
  1. 1.Interdisciplinary Center for Scientific ComputingHeidelberg UniversityHeidelbergGermany
  2. 2.SAP ResearchKarlsruheGermany

Personalised recommendations