Advertisement

Unprovability of Leakage-Resilient Cryptography Beyond the Information-Theoretic Limit

Conference paper
  • 242 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12238)

Abstract

In recent years, leakage-resilient cryptography—the design of cryptographic protocols resilient to bounded leakage of honest players’ secrets—has received significant attention. A major limitation of known provably-secure constructions (based on polynomial hardness assumptions) is that they require the secrets to have sufficient actual (i.e., information-theoretic), as opposed to comptutational, min-entropy even after the leakage.

In this work, we present barriers to provably-secure constructions beyond the “information-theoretic barrier”: Assume the existence of collision-resistant hash functions. Then, no \(\mathcal{NP}\) search problem with \((2^{n^{\epsilon }})\)-bounded number of witnesses can be proven (even worst-case) hard in the presence of \(O(n^{\epsilon })\) bits of computationally-efficient leakage of the witness, using a black-box reduction to any O(1)-round assumption. In particular, this implies that \(O(n^{\epsilon })\)-leakage resilient injective one-way functions, and more generally, one-way functions with at most \(2^{n^{\epsilon }}\) pre-images, cannot be based on any “standard” complexity assumption using a black-box reduction.

Notes

Acknowledgments

We are very grateful to the SCN anonymous reviewers for their helpful comments.

References

  1. 1.
    Aggarwal, D., Maurer, U.: The leakage-resilience limit of a computational problem is equal to its unpredictability entropy. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 686–701. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_37CrossRefGoogle Scholar
  2. 2.
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00457-5_28CrossRefzbMATHGoogle Scholar
  3. 3.
    Alwen, J., Dodis, Y., Wichs, D.: Survey: leakage resilience and the bounded retrieval model. In: Kurosawa, K. (ed.) ICITS 2009. LNCS, vol. 5973, pp. 1–18. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14496-7_1CrossRefGoogle Scholar
  4. 4.
    Babai, L., Fortnow, L., Levin, L.A., Szegedy, M.: Checking computations in polylogarithmic time. In: Proceedings of the 23rd Annual ACM Symposium on Theory of Computing, New Orleans, Louisiana, USA, May 5–8, 1991, pp. 21–31. ACM (1991)Google Scholar
  5. 5.
    Barak, B., Goldreich, O., Goldwasser, S., Lindell, Y.: Resettably-sound zero-knowledge and its applications. In: FOCS 2002, pp. 116–125 (2001)Google Scholar
  6. 6.
    Barak, B., Haitner, I., Hofheinz, D., Ishai, Y.: Bounded key-dependent message security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 423–444. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_22CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Venkatesan, R.: Breaking RSA may not be equivalent to factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 59–71. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0054117CrossRefGoogle Scholar
  8. 8.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48658-5_19CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., Oliveira, R., Pietrzak, K.: On the generic insecurity of the full domain hash. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 449–466. Springer, Heidelberg (2005).  https://doi.org/10.1007/11535218_27CrossRefGoogle Scholar
  12. 12.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: 49th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2008, Philadelphia, PA, USA, October 25–28, 2008, pp. 293–302 (2008)Google Scholar
  13. 13.
    Feige, U., Fiat, A., Shamir, A.: Zero knowledge proofs of identity. In: STOC, pp. 210–217 (1987)Google Scholar
  14. 14.
    Feige, U., Goldwasser, S., Lovász, L., Safra, S., Szegedy, M.: Interactive proofs and the hardness of approximating cliques. J. ACM 43(2), 268–292 (1996)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Goldreich, O.: Foundations of Cryptography – Basic Tools. Cambridge University Press (2001)Google Scholar
  16. 16.
    Goldreich, O., Krawczyk, H.: On the composition of zero-knowledge proof systems. SIAM J. Comput. 25(1), 169–192 (1996)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: STOC 1987: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM, New York (1987)Google Scholar
  18. 18.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Haitner, I., Holenstein, T.: On the (im)possibility of key dependent encryption. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 202–219. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00457-5_13CrossRefzbMATHGoogle Scholar
  20. 20.
    Halevi, S., Myers, S., Rackoff, C.: On seed-incompressible functions. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 19–36. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78524-8_2CrossRefGoogle Scholar
  21. 21.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_27CrossRefGoogle Scholar
  22. 22.
    Katz, J., Vaikuntanathan, V.: Signature schemes with bounded leakage resilience. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 703–720. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-10366-7_41CrossRefGoogle Scholar
  23. 23.
    Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: STOC 2002, pp. 723–732 (1992)Google Scholar
  24. 24.
    Komargodski, I.: Leakage resilient one-way functions: the auxiliary-input setting. Theor. Comput. Sci. 746, 6–18 (2018)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Marcedone, A., Pass, R., Shelat, A.: Bounded KDM security from iO and OWF. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 571–586. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-44618-9_30CrossRefzbMATHGoogle Scholar
  26. 26.
    Maurer, U.M.: Factoring with an oracle. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 429–436. Springer, Heidelberg (1993).  https://doi.org/10.1007/3-540-47555-9_35CrossRefGoogle Scholar
  27. 27.
    Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24638-1_16CrossRefzbMATHGoogle Scholar
  28. 28.
    Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_6CrossRefGoogle Scholar
  29. 29.
    Nielsen, J.B., Venturi, D., Zottarel, A.: On the connection between leakage tolerance and adaptive security. IACR Cryptology ePrint Archive, 2014:517 (2014)Google Scholar
  30. 30.
    Ostrovsky, R., Persiano, G., Visconti, I.: Impossibility of black-box simulation against leakage attacks. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 130–149. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48000-7_7CrossRefGoogle Scholar
  31. 31.
    Pass, R.: Limits of provable security from standard assumptions. In: STOC, pp. 109–118 (2011)Google Scholar
  32. 32.
    Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: STOC 1990, pp. 387–394 (1990)Google Scholar
  33. 33.
    Rothblum, G.N., Vadhan, S.P.: Are PCPS inherent in efficient arguments? Comput. Complex. 19(2), 265–304 (2010)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Wichs, D.: Barriers in cryptography with weak, correlated and leaky sources. In: Innovations in Theoretical Computer Science, ITCS 2013, Berkeley, CA, USA, January 9–12, 2013, pp. 111–126 (2013)Google Scholar
  35. 35.
    Yao, A.C.-C.: How to generate and exchange secrets. In: Proceedings of the 27th Annual Symposium on Foundations of Computer Science (FOCS), pp. 162–167. IEEE Computer Society (1986)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Cornell TechNew YorkUSA

Personalised recommendations