Final Report Summary - PSPC (Provable Security for Physical Cryptography)
Until the middle of the last century, cryptography was more of an art than a science. The designers of cryptosystems were guided only by their experience and intuition. Not surprisingly, almost all proposed schemes turned out to be insecure. In contrast, modern cryptography is based on provable security, where one defines a precise and meaningful mathematical model of what constitutes a secure cryptosystem, and then proves that a scheme is secure in this model. Unfortunately, in the last decade it became evident that even modern security definitions do not capture real world adversaries. The reason is that an adversary attacking the physical implementation of a cryptosystem (say a smart-card) can measure physical information that is leaked from the smart-card during execution (e.g. the running time or the power consumption), but standard security definitions do not capture such leakage. Attacks exploiting such physical leakage are called “side-channel attacks”, and they are a very real threat. In fact, most current cryptanalytic attacks against light weight cryptodevices like smart-cards or RFID chips are side-channel attacks.
Traditionally, research on side-channel security is done by practitioners and is fundamentally different from the provable-security approach followed by modern cryptography. The proposed countermeasures are usually ad-hoc, protecting only against particular attacks (as opposed to any resource bounded adversary), and backed only by heuristic security arguments (as opposed to proofs).
In this ERC project entitled “provable security for physical cryptography” we worked towards expanding the field of provable security to also include side-channel and tampering attacks, thus moving research on countermeasures against physical attacks from the realm of engineering and security research to modern cryptography. The starting point was the concept of Leakage-Resilient cryptography which we introduced in 2009. When we started this project, the field of provable security against physical attack was still in its infancy, posing many exciting theoretical and practical questions. In this project, significant progress was made on applied and theoretical aspects of provable side-channel security. Moreover this research lead to unexpected progress in different domains. We resolved several foundational issues and constructed new efficient leakage and tamper resilient schemes. The tools and techniques developed during this project have found surprising applications in other domains. For example, our work on tamper-proof code-based cryptography lead to constructions of highly efficient authentication schemes which were awarded the Eurocrypt best paper award in 2011 and the German IT security prize in 2012.
The ERC grant allowed the PI to build a highly productive research group at IST Austria, currently consisting of 3 PhD students and 3 postdocs.
Traditionally, research on side-channel security is done by practitioners and is fundamentally different from the provable-security approach followed by modern cryptography. The proposed countermeasures are usually ad-hoc, protecting only against particular attacks (as opposed to any resource bounded adversary), and backed only by heuristic security arguments (as opposed to proofs).
In this ERC project entitled “provable security for physical cryptography” we worked towards expanding the field of provable security to also include side-channel and tampering attacks, thus moving research on countermeasures against physical attacks from the realm of engineering and security research to modern cryptography. The starting point was the concept of Leakage-Resilient cryptography which we introduced in 2009. When we started this project, the field of provable security against physical attack was still in its infancy, posing many exciting theoretical and practical questions. In this project, significant progress was made on applied and theoretical aspects of provable side-channel security. Moreover this research lead to unexpected progress in different domains. We resolved several foundational issues and constructed new efficient leakage and tamper resilient schemes. The tools and techniques developed during this project have found surprising applications in other domains. For example, our work on tamper-proof code-based cryptography lead to constructions of highly efficient authentication schemes which were awarded the Eurocrypt best paper award in 2011 and the German IT security prize in 2012.
The ERC grant allowed the PI to build a highly productive research group at IST Austria, currently consisting of 3 PhD students and 3 postdocs.