Cryptographic Resilience to Continual Information Leakage

Candidate: Daniel Wichs

Advisor: Yevgeniy Dodis

We study the question of achieving cryptographic security on
devices that leak information about their internal secret state to an
external attacker.This study is motivated by the prevalence of
side-channel attacks, where
the physical characteristics of a computation (e.g. timing,
power-consumption,
temperature, radiation, acoustics, etc.) can be measured, and may
reveal useful
information about the internal state of a device. Since some such
leakage is
inevitably present in almost any physical implementation, we believe
that this
problem cannot just be addressed by physical countermeasures alone.
Instead, it
should already be taken into account when designing the mathematical
specification of cryptographic primitives and included in the formal
study of their security.

In this thesis, we propose a new formal framework for modeling the
leakage
available to an attacker. This framework, called the continual leakage
model, assumes that an attacker can continually learn arbitrary
information about the internal
secret state of a cryptographic scheme at any point in time, subject
only to the
constraint that the rate of leakage is bounded. More precisely, our
model assumes some abstract notion of time periods. In each such
period, the
attacker can choose to learn arbitrary functions of the current secret
state of the
scheme, as long as the number of output bits leaked is not too large.
In our solutions,
cryptographic schemes will continually update their internal secret
state at the end
of each time period. This will ensure that leakage observed in di
erent time
periods cannot be meaningfully combined to break the security of the
cryptosystem. Although these
updates modify the secret state of the cryptosystem, the desired
functionality of the scheme is preserved, and the users can remain
oblivious to these updates. We
construct signatures, encryption, and secret sharing/storage schemes
in this model.