Cryptography in The Presence of Continuous Side-Channel Attacks

SPEAKER:
Yevgeniy Vahlis

TITLE:
Cryptography in The Presence of Continuous Side-Channel Attacks

AUTHORS:
Ali Juma, Charles Rackoff and Yevgeniy Vahlis


ABSTRACT:
Recent trends in computing increasingly rely on delegating computation both to
centralized cloud computing environments, and to mobile computers such as smart
cards and mobile phones. This creates new security risks and consequently new
challenges for cryptography.

One such challenge stems from the fact that physical computational devices leak
information to the outside world through a variety of side-channels-- physical
characteristics of the device such as power consumption, electromagnetic
radiation, and timing. An attacker that has physical possession of the device,
or is within a short distance, may use this information to learn about the
internal state of the device and about the computation that is currently being
performed. Such side-channel attacks have often been shown to break the
security of widely used cryptographic schemes without violating any of the
mathematical assumptions that underly the security of the scheme.

In this talk I will present a general compiler that immunizes any cryptographic
functionality against long-term leakage through side-channels. Our construction
uses a single leak-free hardware component and any fully homomorphic encryption
scheme with randomizable ciphertexts. The hardware component samples from a
publicly known distribution which does not depend on the functionality that we
wish to protect or its internal state. We prove the security of our
construction against an adversary that obtains leakage each time the
cryptographic functionality is used. The information leaked can be any suitably
length-bounded polynomial time computable function of the active part of memory
during computation. The total amount of leakage that the construction can
withstand is unbounded.

Our construction constitutes a first feasibility result, showing that
resilience against polynomial time leakage is possible without performing any
leak-free computation on the state of the protected primitive. However, many
directions remain open. I will describe several such directions, and mention
recent progress.

Joint work with Ali Juma and Charles Rackoff. 


LINKS:
The bulk of the results can also be found here at http://eprint.iacr.org/2010/205