Abstract

A weak pseudorandom function (wPRF) is a cryptographic primitive similar to – but weaker than – a pseudorandom function: for wPRFs one only requires that the output is pseudorandom when queried on random inputs. We show that unlike “normal” PRFs, wPRFs are seed-incompressible, in the sense that the output of a wPRF is pseudorandom even if a bounded amount of information about the key is leaked.

As an application of this result we construct a simple mode of operation which – when instantiated with any wPRF – gives a leakage-resilient stream-cipher. The implementation of such a cipher is secure against every side-channel attack, as long as the amount of information leaked per round is bounded, but overall can be arbitrary large. The construction is simpler than the previous one (Dziembowski-Pietrzak FOCS’08) as it only uses a single primitive (a wPRF) in a straight forward manner.

References

  1. 1.
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: TCC (2009)Google Scholar
  2. 2.
    Barak, B., Shaltiel, R., Wigderson, A.: Computational analogues of entropy. In: RANDOM-APPROX, pp. 200–215 (2003)Google Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  5. 5.
    Canetti, R., Eiger, D., Goldwasser, S., Lim, D.-Y.: How to protect yourself without perfect shredding. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 511–523. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Cash, D.M., Ding, Y.Z., Dodis, Y., Lee, W., Lipton, R.J., Walfish, S.: Intrusion-resilient key exchange in the bounded retrieval model. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 479–498. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, p. 292. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  9. 9.
    Courtois, N.T., Bard, G.V., Wagner, D.: Algebraic and slide attacks on keeLoq. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 97–115. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Di Crescenzo, G., Lipton, R.J., Walfish, S.: Perfectly secure password protocols in the bounded retrieval model. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 225–244. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., Sahai, A., Smith, A.: On perfect and adaptive security in exposure-resilient cryptography. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 301–324. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Dodis, Y., Wichs, D.: One-round authenticated key agreement from weak secrets. Cryptology ePrint Archive, Report 2008/503 (2008), http://eprint.iacr.org/
  13. 13.
    Dziembowski, S.: Intrusion-resilience via the bounded-storage model. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 207–224. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Dziembowski, S.: On forward-secure storage (extended abstract). In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 251–270. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Dziembowski, S., Maurer, U.M.: On generating the initial key in the bounded-storage model. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 126–137. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Dziembowski, S., Pietrzak, K.: Intrusion-resilient secret sharing. In: FOCS, pp. 227–237 (2007)Google Scholar
  17. 17.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS (2008)Google Scholar
  18. 18.
    Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the power of power analysis in the real world: A complete break of the keeLoq code hopping scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: CHES, pp. 251–261 (2001)Google Scholar
  20. 20.
    Goldreich, O.: A uniform-complexity treatment of encryption and zero-knowledge. Journal of Cryptology 6(1), 21–53 (1993)MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. In: FOCS, pp. 464–479 (1984)Google Scholar
  22. 22.
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-time programs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 39–56. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: Cold boot attacks on encryption keys. In: USENIX Security Symposium, pp. 45–60 (2008)Google Scholar
  24. 24.
    Halevi, S., Myers, S., Rackoff, C.: On seed-incompressible functions. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 19–36. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  25. 25.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)MathSciNetCrossRefMATHGoogle Scholar
  26. 26.
    Hoeffding, W.: Probability inequalities for sums of bounded random variables. Journal of the American Statistical Association 58(301), 13–30 (1963)MathSciNetCrossRefMATHGoogle Scholar
  27. 27.
    Indesteege, S., Keller, N., Dunkelman, O., Biham, E., Preneel, B.: A practical attack on KeeLoq. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Ishai, Y., Prabhakaran, M., Sahai, A., Wagner, D.: Private circuits II: Keeping secrets in tamperable circuits. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 308–327. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  29. 29.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: Securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  30. 30.
    Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 97–110. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  31. 31.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  32. 32.
    Kocher, P.C.: Design and validation strategies for obtaining assurance in countermeasures to power analysis and related attacks. In: Proceedings of the NIST Physical Security Workshop (2005)Google Scholar
  33. 33.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  34. 34.
    Maurer, U.M.: A provably-secure strongly-randomized cipher. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 361–373. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  35. 35.
    Micali, S., Reyzin, L.: Physically observable cryptography (extended abstract). In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  36. 36.
    Petit, C., Standaert, F.-X., Pereira, O., Malkin, T., Yung, M.: A block cipher based pseudo random number generator secure against side-channel key recovery. In: ASIACCS, pp. 56–65 (2008)Google Scholar
  37. 37.
    Pietrzak, K.: Full version of this paper, http://homepages.cwi.nl/~pietrzak/publications.html
  38. 38.
    Pietrzak, K., Sjödin, J.: Range extension for weak pRFs; the good, the bad, and the ugly. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 517–533. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  39. 39.
    Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (ema): Measures and counter-measures for smart cards. In: E-smart, pp. 200–210 (2001)Google Scholar
  40. 40.
    Reingold, O., Trevisan, L., Tulsiani, M., Vadhan, S.P.: Dense subsets of pseudorandom sets. In: FOCS, pp. 76–85 (2008)Google Scholar
  41. 41.
    Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  42. 42.
    Vadhan, S.P.: Constructing locally computable extractors and cryptosystems in the bounded-storage model. Journal of Cryptology 17(1), 43–77 (2004)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Krzysztof Pietrzak
    • 1
  1. 1.CWI AmsterdamThe Netherlands

Personalised recommendations