Room P3.10, Mathematics Building

João Ribeiro

João Ribeiro, Carnegie Mellon University
The mother of all leakages: How to simulate noisy leakages via bounded leakage (almost) for free.

The ubiquity of real-world side-channel attacks has led to the rise of leakage-resilient cryptography — cryptographic schemes which remain secure even when some side information is leaked from supposedly secret system components, such as private keys. Most works in leakage-resilient cryptography consider the Bounded Leakage Model, where one assumes that the side information leaked is bounded in length. However, leakage length is not a reliable estimate of leakage quality. For example, temperature or computation time measurements may require many more bits to be described than the private key under attack, but this does not necessarily mean that they fully reveal the key. Motivated by this, some works have considered the more general Noisy Leakage Model instead, where it is only required that the leakage is a sufficiently "noisy" version of the secret information, for various measures of "noise".

Given that bounded leakage is a (very special) sub-case of noisy leakage, in this talk we will be interested in the following question:

What does bounded leakage-resilience tell us about noisy leakage-resilience?

Surprisingly, we show that for common models of noisy leakage it is possible to simulate one query of noisy leakage using one query of bounded leakage with small error in the information-theoretic setting. In particular, this implies that cryptographic schemes secure against bounded leakage are also secure against noisy leakage with almost no loss in security. To complement the above, we show that our reductions are nearly-optimal.

Based on joint work with Gianluca Brian, Antonio Faonio, Maciej Obremski, Mark Simkin, Maciej Skórski, and Daniele Venturi. Available at https://eprint.iacr.org/2020/1246.