Leakage resilient one-way functions: The auxiliary-input setting

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

Most cryptographic schemes are designed in a model where perfect secrecy of the secret key is assumed. In most physical implementations, however, some form of information leakage is inherent and unavoidable. To deal with this, a flurry of works showed how to construct basic cryptographic primitives that are resilient to various forms of leakage. Dodis et al. (FOCS '10) formalized and constructed leakage resilient one-way functions. These are one-way functions f such that given a random image f(x) and leakage g(x) it is still hard to invert f(x). Based on any one-way function, Dodis et al. constructed such a one-way function that is leakage resilient assuming that an attacker can leak any lossy function g of the input. In this work we consider the problem of constructing leakage resilient one-way functions that are secure with respect to arbitrary computationally hiding leakage (a.k.a. auxiliary-input). We consider both types of leakage – selective and adaptive – and prove various possibility and impossibility results. On the negative side, we show that if the leakage is an adaptively-chosen arbitrary one-way function, then it is impossible to construct leakage resilient one-way functions. The latter is proved both in the random oracle model (without any further assumptions) and in the standard model based on a strong vector-variant of DDH. On the positive side, we observe that when the leakage is chosen ahead of time, there are leakage resilient one-way functions based on a variety of assumption.

Original languageEnglish
Pages (from-to)6-18
Number of pages13
JournalTheoretical Computer Science
Volume746
DOIs
StatePublished - 25 Oct 2018
Externally publishedYes

Bibliographical note

Publisher Copyright:
© 2018 Elsevier B.V.

Keywords

  • Auxiliary input
  • Computational leakage resilience
  • One-way functions

Fingerprint

Dive into the research topics of 'Leakage resilient one-way functions: The auxiliary-input setting'. Together they form a unique fingerprint.

Cite this