Efficient Public-Key Cryptography in the Presence of Key Leakage

We study the design of cryptographic primitives resistant to a large class of side-channel attacks, called“memory attacks”, where an attacker can repeatedly and adaptively learn information about the secret key,subject only to the constraint that the overall amount of such information is bounded by some parameter`. Although the study of such primitives was initiated only recently by Akavia et al. [3], subsequent workalready produced many such “leakage-resilient” primitives [53, 5, 47], including signature, encryption, iden-tification (ID) and authenticated key agreement (AKA) schemes. Unfortunately, every existing scheme, —for any of the four fundamental primitives above, — fails to satisfy at least one of the following desirableproperties:• Efficiency. While the construction may be generic, it should have some efficient instantiations, basedon standard cryptographic assumptions, and without relying on random oracles.• Strong Security. The construction should satisfy the strongest possible definition of security (even inthe presence of leakage). For example, encryption schemes should be secure against chosen ciphertextattack (CCA), while signatures should be existentially unforgeable.• Leakage Flexibility. It should be possible to set the parameters of the schemes so that the leakagebound ` can come arbitrarily close to the size of the secret key sk. In this work we design the first signature, encryption, ID and AKA schemes which overcome these lim-itations, and satisfy all the properties above. Moreover, all our constructions are generic, in several caseselegantly simplifying and generalizing the prior constructions (which did not have any efficient instantia-tions). We also introduce several tools of independent interest, such as the abstraction (and constructions)of true-simulation extractable NIZK arguments, and a new deniable DH-based AKA protocol based on anyCCA-secure encryption. ∗Computer Science Dept. NYU. Email: [email protected].†Computer Science Dept. NYU. Email: [email protected].‡Computer Science Dept. NYU. Email: [email protected].§Computer Science Dept. NYU. Email: [email protected].