## Cryptography Research - Leakage Resilient Cryptography

Usually the security of a cryptosystem is proven for an abstract mathematical algorithm in a formal model of computation. But the reality is that the security must hold for the actual implementation of the algorithm in the real world in which this algorithm is run. A crucial difference about the two scenarios is that in the former we assume that secret keys are indeed secret, and the adversary has no information about them -- our proofs crucially rely on this fact. In reality however the adversary might gain some information about those secrets, by observing the behavior of the algorithm, in ways not captured by our formal computational model.

Indeed while computation has traditionally taken place on private machines under our control, this is no longer the case. Examples come up in the context of digital rights management (where hardware devices are shipped to potentially malicious users), virtualization (where mutually untrusting programs execute on the same hardware platform) and mobile and wireless computing. In these scenarios, the adversary by controlling the environment in which the algorithm is run, can mount a powerful family of attacks called *side-channel attacks*. These refer to leakage of some information about the secret not captured by the mathematical definition of the algorithm, but caused by its real-life implementation.

Side-channel attacks exploit the fact that computing devices leak information to the outside world not just through input-output interaction, but through physical characteristics of computation such as power consumption, timing, and electro-magnetic radiation. Such information leakage betrays information about the secrets within, and has been successfully utilized to break many cryptographic algorithms in common use. These leakages are particularly accessible when the device is at the hands of an adversary, as is often the case for modern devices such as smart-cards, TPM chips, mobile phones and laptops.

Group members have been on the forefront of research in leakage-resilient cryptography which aims to tackle this challenge from an algorithmic angle, and design various cryptographic schemes that resist side-channel attacks.

S.Halevi, H.Lin,

*After-the-fact leakage in public-key cryptography*. Theory of Cryptography, Springer, 2011.

S Chari, V Diluoffo, P Karger, E Palmer, T Rabin, J Rao, P Rohotgi, H Scherzer, M Steiner, D Toll,

*Designing a side channel resistant random number generator.*Smart Card Research and Advanced Application, Springer, 2010.

S Faust, T Rabin, L Reyzin, E Tromer, V Vaikuntanathan,

*Protecting circuits from leakage: The computationally-bounded and noisy cases.*Advances in Cryptology--EUROCRYPT 2010, Springer.

R Gennaro, A Lysyanskaya, T Malkin, S Micali, T Rabin,

*Algorithmic tamper-proof (ATP) security: Theoretical foundations for security against hardware tampering.*Theory of Cryptography, Springer, 2004.