On hardening leakage resilience of random extractors for instantiations of leakage-resilient cryptographic primitives

摘要

Random extractors are proven to be important building blocks in constructing leakage-resilient cryptographic primitives. Nevertheless, recent efforts have shown that they are likely more leaky than other elementary components (e.g. block ciphers) in unprotected implementations of these primitives, in the context of side-channel attacks. In this context, to the adversary, the extractors themselves could become the point of interest. Therefore, this paper extends the problem of how leakage resilience of random extractors could be in the case of protected instantiations. Specifically, we investigate the feasibility of applying classical countermeasures to ameliorate leakage resilience of cryptographic components and/or primitives against side-channel attacks. Then we show how to evaluate the physical leakage resilience of these instantiations both theoretically and practically. The countermeasures considered are masking, shuffling, and the combination of both. Taking the leakage-resilient stream cipher presented at FOCS 2008 as a case of study, we not only examine the leakage resilience of the underlying extractor, but also discuss how leakages from the extractor and from the underlying pseudo-random generator respectively impact the leakage resilience of the stream cipher as a whole. On the one hand, our theoretical and experimental results, which are consistent, do justify some existing observations. On the other hand, which is more important, our results reveal some new observations that do contrast with these known ones, which explicitly indicates that previous observations are (mostly likely) incomplete. We argue that our work is of both obvious theoretical interest and important practical significance, and may help foster the further research on the design and implementation of random extractors in leakage-resilient cryptography.