Are Your Keys Protected? Time Will Tell

Yoav Ben Dov, Liron David, Moni Naor, Elad Tzalik

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Side channel attacks, and in particular timing attacks, are a fundamental obstacle to obtaining secure implementation of algorithms and cryptographic protocols, and have been widely researched for decades. While cryptographic definitions for the security of cryptographic systems have been well established for decades, none of these accepted definitions take into account the running time information leaked from executing the system. In this work, we give the foundation of new cryptographic definitions for cryptographic systems that take into account information about their leaked running time, focusing mainly on keyed functions such as signature and encryption schemes. Specifically, (1) We define several cryptographic properties to express the claim that the timing information does not help an adversary to extract sensitive information, e.g. the key or the queries made. We highlight the definition of key-obliviousness, which means that an adversary cannot tell whether it received the timing of the queries with the actual key or the timing of the same queries with a random key. (2) We present a construction of key-oblivious pseudorandom permutations on a small or medium-sized domain. This construction is not “fixed-time, ” and at the same time is secure against any number of queries even in case the adversary knows the running time exactly. Our construction, which we call Janus Sometimes Recurse, is a variant of the “Sometimes Recurse” shuffle by Morris and Rogaway. (3) We suggest a new security notion for keyed functions, called noticeable security, and prove that cryptographic schemes that have noticeable security remain secure even when the exact timings are leaked, provided the implementation is key-oblivious. We show that our notion applies to cryptographic signatures, private key encryption and PRPs.

Original languageEnglish
Title of host publication5th Conference on Information-Theoretic Cryptography, ITC 2024
EditorsDivesh Aggarwal
Number of pages28
ISBN (Electronic)9783959773331
DOIs
StatePublished - Aug 2024
Event5th Conference on Information-Theoretic Cryptography, ITC 2024 - Stanford, United States
Duration: 14 Aug 202416 Aug 2024

Publication series

NameLeibniz International Proceedings in Informatics, LIPIcs
Volume304

Conference

Conference5th Conference on Information-Theoretic Cryptography, ITC 2024
Country/TerritoryUnited States
CityStanford
Period14/08/2416/08/24

Keywords

  • Key oblivious
  • Keyed functions
  • Noticeable security
  • Side channel attacks
  • Timing attacks

All Science Journal Classification (ASJC) codes

  • Software

Cite this