Leakage resilient one-way functions: The auxiliary-input setting

Ilan Komargodski

doi:10.1007/978-3-662-53641-4_6

Leakage resilient one-way functions: The auxiliary-input setting

Ilan Komargodski^*

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

7 Scopus citations

Abstract

Most cryptographic schemes are designed in a model where perfect secrecy of the secret key is assumed. In most physical implementations, however, some form of information leakage is inherent and unavoidable. To deal with this, a flurry of works showed how to construct basic cryptographic primitives that are resilient to various forms of leakage. Dodis et al. (FOCS ’10) formalized and constructed leakage resilient one-way functions. These are one-way functions f such that given a random image f(x) and leakage g(x) it is still hard to invert f(x). Based on any one-way function, Dodis et al. constructed such a one-way function that is leakage resilient assuming that an attacker can leak any lossy function g of the input. In this work we consider the problem of constructing leakage resilient one-way functions that are secure with respect to arbitrary computationally hiding leakage (a.k.a auxiliary-input). We consider both types of leakage — selective and adaptive — and prove various possibility and impossibility results. On the negative side, we show that if the leakage is an adaptivelychosen arbitrary one-way function, then it is impossible to construct leakage resilient one-way functions. The latter is proved both in the random oracle model (without any further assumptions) and in the standard model based on a strong vector-variant of DDH. On the positive side, we observe that when the leakage is chosen ahead of time, there are leakage resilient one-way functions based on a variety of assumption.

Original language	English
Title of host publication	Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings
Editors	Adam Smith, Martin Hirt
Publisher	Springer Verlag
Pages	139-158
Number of pages	20
ISBN (Print)	9783662536407
DOIs	https://doi.org/10.1007/978-3-662-53641-4_6
State	Published - 2016
Externally published	Yes
Event	14th International Conference on Theory of Cryptography, TCC 2016-B - Beijing, China Duration: 31 Oct 2016 → 3 Nov 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9985 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th International Conference on Theory of Cryptography, TCC 2016-B
Country/Territory	China
City	Beijing
Period	31/10/16 → 3/11/16

Bibliographical note

Publisher Copyright:
© International Association for Cryptologic Research 2016.

Access to Document

10.1007/978-3-662-53641-4_6

Cite this

Komargodski, I. (2016). Leakage resilient one-way functions: The auxiliary-input setting. In A. Smith, & M. Hirt (Eds.), Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings (pp. 139-158). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9985 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-662-53641-4_6

Komargodski, Ilan. / Leakage resilient one-way functions : The auxiliary-input setting. Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings. editor / Adam Smith ; Martin Hirt. Springer Verlag, 2016. pp. 139-158 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{988512697900483281374edf77efa543,

title = "Leakage resilient one-way functions: The auxiliary-input setting",

abstract = "Most cryptographic schemes are designed in a model where perfect secrecy of the secret key is assumed. In most physical implementations, however, some form of information leakage is inherent and unavoidable. To deal with this, a flurry of works showed how to construct basic cryptographic primitives that are resilient to various forms of leakage. Dodis et al. (FOCS {\textquoteright}10) formalized and constructed leakage resilient one-way functions. These are one-way functions f such that given a random image f(x) and leakage g(x) it is still hard to invert f(x). Based on any one-way function, Dodis et al. constructed such a one-way function that is leakage resilient assuming that an attacker can leak any lossy function g of the input. In this work we consider the problem of constructing leakage resilient one-way functions that are secure with respect to arbitrary computationally hiding leakage (a.k.a auxiliary-input). We consider both types of leakage — selective and adaptive — and prove various possibility and impossibility results. On the negative side, we show that if the leakage is an adaptivelychosen arbitrary one-way function, then it is impossible to construct leakage resilient one-way functions. The latter is proved both in the random oracle model (without any further assumptions) and in the standard model based on a strong vector-variant of DDH. On the positive side, we observe that when the leakage is chosen ahead of time, there are leakage resilient one-way functions based on a variety of assumption.",

author = "Ilan Komargodski",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2016.; 14th International Conference on Theory of Cryptography, TCC 2016-B ; Conference date: 31-10-2016 Through 03-11-2016",

year = "2016",

doi = "10.1007/978-3-662-53641-4_6",

language = "אנגלית",

isbn = "9783662536407",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "139--158",

editor = "Adam Smith and Martin Hirt",

booktitle = "Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings",

address = "גרמניה",

}

Komargodski, I 2016, Leakage resilient one-way functions: The auxiliary-input setting. in A Smith & M Hirt (eds), Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9985 LNCS, Springer Verlag, pp. 139-158, 14th International Conference on Theory of Cryptography, TCC 2016-B, Beijing, China, 31/10/16. https://doi.org/10.1007/978-3-662-53641-4_6

Leakage resilient one-way functions: The auxiliary-input setting. / Komargodski, Ilan.
Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings. ed. / Adam Smith; Martin Hirt. Springer Verlag, 2016. p. 139-158 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9985 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Leakage resilient one-way functions

T2 - 14th International Conference on Theory of Cryptography, TCC 2016-B

AU - Komargodski, Ilan

PY - 2016

Y1 - 2016

N2 - Most cryptographic schemes are designed in a model where perfect secrecy of the secret key is assumed. In most physical implementations, however, some form of information leakage is inherent and unavoidable. To deal with this, a flurry of works showed how to construct basic cryptographic primitives that are resilient to various forms of leakage. Dodis et al. (FOCS ’10) formalized and constructed leakage resilient one-way functions. These are one-way functions f such that given a random image f(x) and leakage g(x) it is still hard to invert f(x). Based on any one-way function, Dodis et al. constructed such a one-way function that is leakage resilient assuming that an attacker can leak any lossy function g of the input. In this work we consider the problem of constructing leakage resilient one-way functions that are secure with respect to arbitrary computationally hiding leakage (a.k.a auxiliary-input). We consider both types of leakage — selective and adaptive — and prove various possibility and impossibility results. On the negative side, we show that if the leakage is an adaptivelychosen arbitrary one-way function, then it is impossible to construct leakage resilient one-way functions. The latter is proved both in the random oracle model (without any further assumptions) and in the standard model based on a strong vector-variant of DDH. On the positive side, we observe that when the leakage is chosen ahead of time, there are leakage resilient one-way functions based on a variety of assumption.

AB - Most cryptographic schemes are designed in a model where perfect secrecy of the secret key is assumed. In most physical implementations, however, some form of information leakage is inherent and unavoidable. To deal with this, a flurry of works showed how to construct basic cryptographic primitives that are resilient to various forms of leakage. Dodis et al. (FOCS ’10) formalized and constructed leakage resilient one-way functions. These are one-way functions f such that given a random image f(x) and leakage g(x) it is still hard to invert f(x). Based on any one-way function, Dodis et al. constructed such a one-way function that is leakage resilient assuming that an attacker can leak any lossy function g of the input. In this work we consider the problem of constructing leakage resilient one-way functions that are secure with respect to arbitrary computationally hiding leakage (a.k.a auxiliary-input). We consider both types of leakage — selective and adaptive — and prove various possibility and impossibility results. On the negative side, we show that if the leakage is an adaptivelychosen arbitrary one-way function, then it is impossible to construct leakage resilient one-way functions. The latter is proved both in the random oracle model (without any further assumptions) and in the standard model based on a strong vector-variant of DDH. On the positive side, we observe that when the leakage is chosen ahead of time, there are leakage resilient one-way functions based on a variety of assumption.

UR - http://www.scopus.com/inward/record.url?scp=84994399725&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-53641-4_6

DO - 10.1007/978-3-662-53641-4_6

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:84994399725

SN - 9783662536407

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 139

EP - 158

BT - Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings

A2 - Smith, Adam

A2 - Hirt, Martin

PB - Springer Verlag

Y2 - 31 October 2016 through 3 November 2016

ER -

Komargodski I. Leakage resilient one-way functions: The auxiliary-input setting. In Smith A, Hirt M, editors, Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings. Springer Verlag. 2016. p. 139-158. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-662-53641-4_6

Leakage resilient one-way functions: The auxiliary-input setting

Abstract

Publication series

Conference

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this