On hardening leakage resilience of random extractors for instantiations of leakage-resilient cryptographic primitives

Random extractors are proven to be important building blocks in constructing leakage resilient cryptographic primitives. Nevertheless, recent efforts showed that they are likely more leaky than other elementary components (e.g. block ciphers) in unprotected implementations of these primitives, in the context of side-channel attacks. In this context, from the adversary’s point of view, the extractors themselves could become the point of interest. This paper extends the problem of how leakage resilience of random extractors could be to the case of protected instantiations. Specifically, we investigate the feasibility of applying classical countermeasures to ameliorate leakage resilience of cryptographic components and/or primitives against side-channel attacks, and then show how to evaluate the physical leakage resilience of these instantiations theoretically and practically. The countermeasures we consider are masking, shuffling, and combination of them. Taking one leakage-resilient stream cipher presented at FOCS 2008 as a case of study, we not only examine the leakage resilience of the underlying extractor, but also discuss how leakages from the extractor and from the underlying pseudo-random generator respectively impact the leakage resilience of ∗Corresponding Author Email addresses: [email protected] (Danyang Chen), [email protected] (Yongbin Zhou ), [email protected] (Yang Han), [email protected] (Rui Xue), [email protected] (Qing He) Preprint submitted to Information Science March 1, 2012 the stream cipher as a whole. On the one hand, our theoretical and experimental results, which are consistent with each other, do justify some existing observations. On the other hand, and more importantly, our results reveal some new observations that contrast with these knowing ones, which explicitly indicates that previous observations are (mostly likely) incomplete. We argue that our work is of both obvious theoretical interest and important practical significance, and may help foster the further research on the design and implementation of random extractors in leakage-resilient cryptography.