Unprovability of Leakage-Resilient Cryptography Beyond the Information-Theoretic Limit

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12238)


In recent years, leakage-resilient cryptography—the design of cryptographic protocols resilient to bounded leakage of honest players’ secrets—has received significant attention. A major limitation of known provably-secure constructions (based on polynomial hardness assumptions) is that they require the secrets to have sufficient actual (i.e., information-theoretic), as opposed to comptutational, min-entropy even after the leakage.

In this work, we present barriers to provably-secure constructions beyond the “information-theoretic barrier”: Assume the existence of collision-resistant hash functions. Then, no \(\mathcal{NP}\) search problem with \((2^{n^{\epsilon }})\)-bounded number of witnesses can be proven (even worst-case) hard in the presence of \(O(n^{\epsilon })\) bits of computationally-efficient leakage of the witness, using a black-box reduction to any O(1)-round assumption. In particular, this implies that \(O(n^{\epsilon })\)-leakage resilient injective one-way functions, and more generally, one-way functions with at most \(2^{n^{\epsilon }}\) pre-images, cannot be based on any “standard” complexity assumption using a black-box reduction.



We are very grateful to the SCN anonymous reviewers for their helpful comments.


  1. 1.
    Aggarwal, D., Maurer, U.: The leakage-resilience limit of a computational problem is equal to its unpredictability entropy. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 686–701. Springer, Heidelberg (2011). Scholar
  2. 2.
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009). Scholar
  3. 3.
    Alwen, J., Dodis, Y., Wichs, D.: Survey: leakage resilience and the bounded retrieval model. In: Kurosawa, K. (ed.) ICITS 2009. LNCS, vol. 5973, pp. 1–18. Springer, Heidelberg (2010). Scholar
  4. 4.
    Babai, L., Fortnow, L., Levin, L.A., Szegedy, M.: Checking computations in polylogarithmic time. In: Proceedings of the 23rd Annual ACM Symposium on Theory of Computing, New Orleans, Louisiana, USA, May 5–8, 1991, pp. 21–31. ACM (1991)Google Scholar
  5. 5.
    Barak, B., Goldreich, O., Goldwasser, S., Lindell, Y.: Resettably-sound zero-knowledge and its applications. In: FOCS 2002, pp. 116–125 (2001)Google Scholar
  6. 6.
    Barak, B., Haitner, I., Hofheinz, D., Ishai, Y.: Bounded key-dependent message security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 423–444. Springer, Heidelberg (2010). Scholar
  7. 7.
    Boneh, D., Venkatesan, R.: Breaking RSA may not be equivalent to factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 59–71. Springer, Heidelberg (1998). Scholar
  8. 8.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994). Scholar
  11. 11.
    Dodis, Y., Oliveira, R., Pietrzak, K.: On the generic insecurity of the full domain hash. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 449–466. Springer, Heidelberg (2005). Scholar
  12. 12.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: 49th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2008, Philadelphia, PA, USA, October 25–28, 2008, pp. 293–302 (2008)Google Scholar
  13. 13.
    Feige, U., Fiat, A., Shamir, A.: Zero knowledge proofs of identity. In: STOC, pp. 210–217 (1987)Google Scholar
  14. 14.
    Feige, U., Goldwasser, S., Lovász, L., Safra, S., Szegedy, M.: Interactive proofs and the hardness of approximating cliques. J. ACM 43(2), 268–292 (1996)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Goldreich, O.: Foundations of Cryptography – Basic Tools. Cambridge University Press (2001)Google Scholar
  16. 16.
    Goldreich, O., Krawczyk, H.: On the composition of zero-knowledge proof systems. SIAM J. Comput. 25(1), 169–192 (1996)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: STOC 1987: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM, New York (1987)Google Scholar
  18. 18.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Haitner, I., Holenstein, T.: On the (im)possibility of key dependent encryption. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 202–219. Springer, Heidelberg (2009). Scholar
  20. 20.
    Halevi, S., Myers, S., Rackoff, C.: On seed-incompressible functions. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 19–36. Springer, Heidelberg (2008). Scholar
  21. 21.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). Scholar
  22. 22.
    Katz, J., Vaikuntanathan, V.: Signature schemes with bounded leakage resilience. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 703–720. Springer, Heidelberg (2009). Scholar
  23. 23.
    Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: STOC 2002, pp. 723–732 (1992)Google Scholar
  24. 24.
    Komargodski, I.: Leakage resilient one-way functions: the auxiliary-input setting. Theor. Comput. Sci. 746, 6–18 (2018)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Marcedone, A., Pass, R., Shelat, A.: Bounded KDM security from iO and OWF. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 571–586. Springer, Cham (2016). Scholar
  26. 26.
    Maurer, U.M.: Factoring with an oracle. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 429–436. Springer, Heidelberg (1993). Scholar
  27. 27.
    Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004). Scholar
  28. 28.
    Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003). Scholar
  29. 29.
    Nielsen, J.B., Venturi, D., Zottarel, A.: On the connection between leakage tolerance and adaptive security. IACR Cryptology ePrint Archive, 2014:517 (2014)Google Scholar
  30. 30.
    Ostrovsky, R., Persiano, G., Visconti, I.: Impossibility of black-box simulation against leakage attacks. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 130–149. Springer, Heidelberg (2015). Scholar
  31. 31.
    Pass, R.: Limits of provable security from standard assumptions. In: STOC, pp. 109–118 (2011)Google Scholar
  32. 32.
    Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: STOC 1990, pp. 387–394 (1990)Google Scholar
  33. 33.
    Rothblum, G.N., Vadhan, S.P.: Are PCPS inherent in efficient arguments? Comput. Complex. 19(2), 265–304 (2010)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Wichs, D.: Barriers in cryptography with weak, correlated and leaky sources. In: Innovations in Theoretical Computer Science, ITCS 2013, Berkeley, CA, USA, January 9–12, 2013, pp. 111–126 (2013)Google Scholar
  35. 35.
    Yao, A.C.-C.: How to generate and exchange secrets. In: Proceedings of the 27th Annual Symposium on Foundations of Computer Science (FOCS), pp. 162–167. IEEE Computer Society (1986)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Cornell TechNew YorkUSA

Personalised recommendations