Search

Your search keyword '"Malkin, Tal"' showing total 25 results
Start Over Author "Malkin, Tal" Publication Type Electronic Resources
25 results on '"Malkin, Tal"'

2. A Random Server Model for Private Information Retrieval (or Information Theoretic PIR Avoiding Database Replication

Author

Gertner, Yael, Goldwasser, Shafi, Malkin, Tal, Gertner, Yael, Goldwasser, Shafi, and Malkin, Tal

Abstract

Private information retrieval (PIR) schemes provide a user with information from a database while keeping his query secret from the database manager. We propose a new model for PIR, utilizing auxiliary random servers providing privacy services for databas

Published
2023

3. Randomness Extraction from Somewhat Dependent Sources

Author

Ball, Marshall, Goldreich, Oded, Malkin, Tal, Ball, Marshall, Goldreich, Oded, and Malkin, Tal

Abstract

We initiate a comprehensive study of the question of randomness extractions from two somewhat dependent sources of defective randomness. Specifically, we present three natural models, which are based on different natural perspectives on the notion of bounded dependency between a pair of distributions. Going from the more restricted model to the less restricted one, our models and main results are as follows. 1) Bounded dependence as bounded coordination: Here we consider pairs of distributions that arise from independent random processes that are applied to the outcome of a single global random source, which may be viewed as a mechanism of coordination (which is adversarial from our perspective). We show that if the min-entropy of each of the two outcomes is larger than the length of the global source, then extraction is possible (and is, in fact, feasible). We stress that the extractor has no access to the global random source nor to the internal randomness that the two processes use, but rather gets only the two dependent outcomes. This model is equivalent to a setting in which the two outcomes are generated by two independent sources, but then each outcome is modified based on limited leakage (equiv., communication) between the two sources. (Here this leakage is measured in terms of the number of bits that were communicated, but in the next model we consider the actual influence of this leakage.) 2) Bounded dependence as bounded cross influence: Here we consider pairs of outcomes that are produced by a pair of sources such that each source has bounded (worst-case) influence on the outcome of the other source. We stress that the extractor has no access to the randomness that the two processes use, but rather gets only the two dependent outcomes. We show that, while (proper) randomness extraction is impossible in this case, randomness condensing is possible and feasible; specifically, the randomness deficiency of condensing is linear in our measure of cross influen

Published
2022
Full Text
View/download PDF

4. Randomness Extraction from Somewhat Dependent Sources

Author

Marshall Ball and Oded Goldreich and Tal Malkin, Ball, Marshall, Goldreich, Oded, Malkin, Tal, Marshall Ball and Oded Goldreich and Tal Malkin, Ball, Marshall, Goldreich, Oded, and Malkin, Tal

Abstract

We initiate a comprehensive study of the question of randomness extractions from two somewhat dependent sources of defective randomness. Specifically, we present three natural models, which are based on different natural perspectives on the notion of bounded dependency between a pair of distributions. Going from the more restricted model to the less restricted one, our models and main results are as follows. 1) Bounded dependence as bounded coordination: Here we consider pairs of distributions that arise from independent random processes that are applied to the outcome of a single global random source, which may be viewed as a mechanism of coordination (which is adversarial from our perspective). We show that if the min-entropy of each of the two outcomes is larger than the length of the global source, then extraction is possible (and is, in fact, feasible). We stress that the extractor has no access to the global random source nor to the internal randomness that the two processes use, but rather gets only the two dependent outcomes. This model is equivalent to a setting in which the two outcomes are generated by two independent sources, but then each outcome is modified based on limited leakage (equiv., communication) between the two sources. (Here this leakage is measured in terms of the number of bits that were communicated, but in the next model we consider the actual influence of this leakage.) 2) Bounded dependence as bounded cross influence: Here we consider pairs of outcomes that are produced by a pair of sources such that each source has bounded (worst-case) influence on the outcome of the other source. We stress that the extractor has no access to the randomness that the two processes use, but rather gets only the two dependent outcomes. We show that, while (proper) randomness extraction is impossible in this case, randomness condensing is possible and feasible; specifically, the randomness deficiency of condensing is linear in our measure of cross influen

Published
2022
Full Text
View/download PDF

6. Communication Complexity with Defective Randomness

Author

Ball, Marshall, Goldreich, Oded, Malkin, Tal, Ball, Marshall, Goldreich, Oded, and Malkin, Tal

Abstract

Starting with the two standard model of randomized communication complexity, we study the communication complexity of functions when the protocol has access to a defective source of randomness. Specifically, we consider both the public-randomness and private-randomness cases, while replacing the commonly postulated perfect randomness with distributions over ? bit strings that have min-entropy at least k ? ?. We present general upper and lower bounds on the communication complexity in these cases, where the bounds are typically linear in ?-k and also depend on the size of the fooling set for the function being computed and on its standard randomized complexity.

Published
2021
Full Text
View/download PDF

7. Communication Complexity with Defective Randomness

Author

Ball, Marshall, Goldreich, Oded, Malkin, Tal, Ball, Marshall, Goldreich, Oded, and Malkin, Tal

Abstract

Starting with the two standard model of randomized communication complexity, we study the communication complexity of functions when the protocol has access to a defective source of randomness. Specifically, we consider both the public-randomness and private-randomness cases, while replacing the commonly postulated perfect randomness with distributions over ? bit strings that have min-entropy at least k ? ?. We present general upper and lower bounds on the communication complexity in these cases, where the bounds are typically linear in ?-k and also depend on the size of the fooling set for the function being computed and on its standard randomized complexity.

Published
2021
Full Text
View/download PDF

10. Limits to Non-Malleability

Author

Marshall Ball and Dana Dachman-Soled and Mukul Kulkarni and Tal Malkin, Ball, Marshall, Dachman-Soled, Dana, Kulkarni, Mukul, Malkin, Tal, Marshall Ball and Dana Dachman-Soled and Mukul Kulkarni and Tal Malkin, Ball, Marshall, Dachman-Soled, Dana, Kulkarni, Mukul, and Malkin, Tal

Abstract

There have been many successes in constructing explicit non-malleable codes for various classes of tampering functions in recent years, and strong existential results are also known. In this work we ask the following question: When can we rule out the existence of a non-malleable code for a tampering class ℱ? First, we start with some classes where positive results are well-known, and show that when these classes are extended in a natural way, non-malleable codes are no longer possible. Specifically, we show that no non-malleable codes exist for any of the following tampering classes: - Functions that change d/2 symbols, where d is the distance of the code; - Functions where each input symbol affects only a single output symbol; - Functions where each of the n output bits is a function of n-log n input bits. Furthermore, we rule out constructions of non-malleable codes for certain classes ℱ via reductions to the assumption that a distributional problem is hard for ℱ, that make black-box use of the tampering functions in the proof. In particular, this yields concrete obstacles for the construction of efficient codes for NC, even assuming average-case variants of P ⊈ NC.

Published
2020
Full Text
View/download PDF

11. Two Party Distribution Testing: Communication and Security

Author

Andoni, Alexandr, Malkin, Tal, Nosatzki, Negev Shekel, Andoni, Alexandr, Malkin, Tal, and Nosatzki, Negev Shekel

Abstract

We study the problem of discrete distribution testing in the two-party setting. For example, in the standard closeness testing problem, Alice and Bob each have t samples from, respectively, distributions a and b over [n], and they need to test whether a=b or a,b are epsilon-far (in the l_1 distance). This is in contrast to the well-studied one-party case, where the tester has unrestricted access to samples of both distributions. Despite being a natural constraint in applications, the two-party setting has previously evaded attention. We address two fundamental aspects of the two-party setting: 1) what is the communication complexity, and 2) can it be accomplished securely, without Alice and Bob learning extra information about each other's input. Besides closeness testing, we also study the independence testing problem, where Alice and Bob have t samples from distributions a and b respectively, which may be correlated; the question is whether a,b are independent or epsilon-far from being independent. Our contribution is three-fold: 1) We show how to gain communication efficiency given more samples, beyond the information-theoretic bound on t. The gain is polynomially better than what one would obtain via adapting one-party algorithms. 2) We prove tightness of our trade-off for the closeness testing, as well as that the independence testing requires tight Omega(sqrt{m}) communication for unbounded number of samples. These lower bounds are of independent interest as, to the best of our knowledge, these are the first 2-party communication lower bounds for testing problems, where the inputs are a set of i.i.d. samples. 3) We define the concept of secure distribution testing, and provide secure versions of the above protocols with an overhead that is only polynomial in the security parameter.

Published
2019
Full Text
View/download PDF

12. Two Party Distribution Testing: Communication and Security

Author

Alexandr Andoni and Tal Malkin and Negev Shekel Nosatzki, Andoni, Alexandr, Malkin, Tal, Nosatzki, Negev Shekel, Alexandr Andoni and Tal Malkin and Negev Shekel Nosatzki, Andoni, Alexandr, Malkin, Tal, and Nosatzki, Negev Shekel

Abstract

We study the problem of discrete distribution testing in the two-party setting. For example, in the standard closeness testing problem, Alice and Bob each have t samples from, respectively, distributions a and b over [n], and they need to test whether a=b or a,b are epsilon-far (in the l_1 distance). This is in contrast to the well-studied one-party case, where the tester has unrestricted access to samples of both distributions. Despite being a natural constraint in applications, the two-party setting has previously evaded attention. We address two fundamental aspects of the two-party setting: 1) what is the communication complexity, and 2) can it be accomplished securely, without Alice and Bob learning extra information about each other’s input. Besides closeness testing, we also study the independence testing problem, where Alice and Bob have t samples from distributions a and b respectively, which may be correlated; the question is whether a,b are independent or epsilon-far from being independent. Our contribution is three-fold: 1) We show how to gain communication efficiency given more samples, beyond the information-theoretic bound on t. The gain is polynomially better than what one would obtain via adapting one-party algorithms. 2) We prove tightness of our trade-off for the closeness testing, as well as that the independence testing requires tight Omega(sqrt{m}) communication for unbounded number of samples. These lower bounds are of independent interest as, to the best of our knowledge, these are the first 2-party communication lower bounds for testing problems, where the inputs are a set of i.i.d. samples. 3) We define the concept of secure distribution testing, and provide secure versions of the above protocols with an overhead that is only polynomial in the security parameter.

Published
2019
Full Text
View/download PDF

13. Lower Bounds for Oblivious Near-Neighbor Search

Author

Larsen, Kasper Green, Malkin, Tal, Weinstein, Omri, Yeo, Kevin, Larsen, Kasper Green, Malkin, Tal, Weinstein, Omri, and Yeo, Kevin

Abstract

We prove an $\Omega(d \lg n/ (\lg\lg n)^2)$ lower bound on the dynamic cell-probe complexity of statistically $\mathit{oblivious}$ approximate-near-neighbor search ($\mathsf{ANN}$) over the $d$-dimensional Hamming cube. For the natural setting of $d = \Theta(\log n)$, our result implies an $\tilde{\Omega}(\lg^2 n)$ lower bound, which is a quadratic improvement over the highest (non-oblivious) cell-probe lower bound for $\mathsf{ANN}$. This is the first super-logarithmic $\mathit{unconditional}$ lower bound for $\mathsf{ANN}$ against general (non black-box) data structures. We also show that any oblivious $\mathit{static}$ data structure for decomposable search problems (like $\mathsf{ANN}$) can be obliviously dynamized with $O(\log n)$ overhead in update and query time, strengthening a classic result of Bentley and Saxe (Algorithmica, 1980)., Comment: 28 pages

Published
2019

14. Two Party Distribution Testing: Communication and Security

Author

Andoni, Alexandr, Malkin, Tal, Nosatzki, Negev Shekel, Andoni, Alexandr, Malkin, Tal, and Nosatzki, Negev Shekel

Abstract

We study the problem of discrete distribution testing in the two-party setting. For example, in the standard closeness testing problem, Alice and Bob each have $t$ samples from, respectively, distributions $a$ and $b$ over $[n]$, and they need to test whether $a=b$ or $a,b$ are $\epsilon$-far for some fixed $\epsilon>0$. This is in contrast to the well-studied one-party case, where the tester has unrestricted access to samples of both distributions, for which optimal bounds are known for a number of variations. Despite being a natural constraint in applications, the two-party setting has evaded attention so far. We address two fundamental aspects: 1) what is the communication complexity, and 2) can it be accomplished securely, without Alice and Bob learning extra information about each other's input. Besides closeness testing, we also study the independence testing problem, where Alice and Bob have $t$ samples from distributions $a$ and $b$ respectively, which may be correlated; the question is whether $a,b$ are independent of $\epsilon$-far from being independent. Our contribution is three-fold: 1) Communication: we show how to gain communication efficiency with more samples, beyond the information-theoretic bound on $t$. The gain is polynomially better than what one obtains by adapting standard algorithms. 2) Lower bounds: we prove tightness of our protocols for the closeness testing, and for the independence testing when the number of samples is unbounded. These lower bounds are of independent interest as these are the first 2-party communication lower bounds for testing problems. 3) Security: we define secure distribution testing and argue that it must leak at least some minimal information. We then provide secure versions of the above protocols with an overhead that is only polynomial in the security parameter.

Published
2018

15. Non-Malleable Codes for Small-Depth Circuits

Author

Ball, Marshall, Dachman-Soled, Dana, Guo, Siyao, Malkin, Tal, Tan, Li-Yang, Ball, Marshall, Dachman-Soled, Dana, Guo, Siyao, Malkin, Tal, and Tan, Li-Yang

Abstract

We construct efficient, unconditional non-malleable codes that are secure against tampering functions computed by small-depth circuits. For constant-depth circuits of polynomial size (i.e. $\mathsf{AC^0}$ tampering functions), our codes have codeword length $n = k^{1+o(1)}$ for a $k$-bit message. This is an exponential improvement of the previous best construction due to Chattopadhyay and Li (STOC 2017), which had codeword length $2^{O(\sqrt{k})}$. Our construction remains efficient for circuit depths as large as $\Theta(\log(n)/\log\log(n))$ (indeed, our codeword length remains $n\leq k^{1+\epsilon})$, and extending our result beyond this would require separating $\mathsf{P}$ from $\mathsf{NC^1}$. We obtain our codes via a new efficient non-malleable reduction from small-depth tampering to split-state tampering. A novel aspect of our work is the incorporation of techniques from unconditional derandomization into the framework of non-malleable reductions. In particular, a key ingredient in our analysis is a recent pseudorandom switching lemma of Trevisan and Xue (CCC 2013), a derandomization of the influential switching lemma from circuit complexity; the randomness-efficiency of this switching lemma translates into the rate-efficiency of our codes via our non-malleable reduction., Comment: 26 pages, 4 figures

Published
2018

16. A formal foundation for secure remote execution of enclaves

Author

Subramanyan, P, Thuraisingham, Bhavani M1, Evans, David, Malkin, Tal, Xu, Dongyan, Subramanyan, P, Sinha, R, Lebedev, I, Devadas, S, Seshia, SA, Subramanyan, P, Thuraisingham, Bhavani M1, Evans, David, Malkin, Tal, Xu, Dongyan, Subramanyan, P, Sinha, R, Lebedev, I, Devadas, S, and Seshia, SA

Abstract

Recent proposals for trusted hardware platforms, such as Intel SGX and the MIT Sanctum processor, offer compelling security features but lack formal guarantees. We introduce a verification methodology based on a trusted abstract platform (TAP), a formalization of idealized enclave platforms along with a parameterized adversary. We also formalize the notion of secure remote execution and present machine-checked proofs showing that the TAP satisfies the three key security properties that entail secure remote execution: Integrity, confidentiality and secure measurement.We then present machine-checked proofs showing that SGX and Sanctum are refinements of the TAP under certain parameterizations of the adversary, demonstrating that these systems implement secure enclaves for the stated adversary models.

Published
2017

17. A formal foundation for secure remote execution of enclaves

Author

Subramanyan, P, Thuraisingham, Bhavani M1, Evans, David, Malkin, Tal, Xu, Dongyan, Subramanyan, P, Sinha, R, Lebedev, I, Devadas, S, Seshia, SA, Subramanyan, P, Thuraisingham, Bhavani M1, Evans, David, Malkin, Tal, Xu, Dongyan, Subramanyan, P, Sinha, R, Lebedev, I, Devadas, S, and Seshia, SA

Abstract

Recent proposals for trusted hardware platforms, such as Intel SGX and the MIT Sanctum processor, offer compelling security features but lack formal guarantees. We introduce a verification methodology based on a trusted abstract platform (TAP), a formalization of idealized enclave platforms along with a parameterized adversary. We also formalize the notion of secure remote execution and present machine-checked proofs showing that the TAP satisfies the three key security properties that entail secure remote execution: Integrity, confidentiality and secure measurement.We then present machine-checked proofs showing that SGX and Sanctum are refinements of the TAP under certain parameterizations of the adversary, demonstrating that these systems implement secure enclaves for the stated adversary models.

Published
2017

18. walk2friends: Inferring Social Links from Mobility Profiles

Author

Thuraisingham, Bhavani M. (ed.), Evans, David (ed.), Malkin, Tal (ed.), Xu, Dongyan (ed.), Backes, Michael, Humbert, Mathias, Pang, Jun, Zhang, Yang, Thuraisingham, Bhavani M. (ed.), Evans, David (ed.), Malkin, Tal (ed.), Xu, Dongyan (ed.), Backes, Michael, Humbert, Mathias, Pang, Jun, and Zhang, Yang

Published
2017

19. Strong Hardness of Privacy from Weak Traitor Tracing

Author

Kowalczyk, Lucas, Malkin, Tal, Ullman, Jonathan, Zhandry, Mark, Kowalczyk, Lucas, Malkin, Tal, Ullman, Jonathan, and Zhandry, Mark

Abstract

Despite much study, the computational complexity of differential privacy remains poorly understood. In this paper we consider the computational complexity of accurately answering a family $Q$ of statistical queries over a data universe $X$ under differential privacy. A statistical query on a dataset $D \in X^n$ asks "what fraction of the elements of $D$ satisfy a given predicate $p$ on $X$?" Dwork et al. (STOC'09) and Boneh and Zhandry (CRYPTO'14) showed that if both $Q$ and $X$ are of polynomial size, then there is an efficient differentially private algorithm that accurately answers all the queries, and if both $Q$ and $X$ are exponential size, then under a plausible assumption, no efficient algorithm exists. We show that, under the same assumption, if either the number of queries or the data universe is of exponential size, and the other has size at least $\tilde{O}(n^7)$, then there is no differentially private algorithm that answers all the queries. In both cases, the result is nearly quantitatively tight, since there is an efficient differentially private algorithm that answers $\tilde{\Omega}(n^2)$ queries on an exponential size data universe, and one that answers exponentially many queries on a data universe of size $\tilde{\Omega}(n^2)$. Our proofs build on the connection between hardness results in differential privacy and traitor-tracing schemes (Dwork et al., STOC'09; Ullman, STOC'13). We prove our hardness result for a polynomial size query set (resp., data universe) by showing that they follow from the existence of a special type of traitor-tracing scheme with very short ciphertexts (resp., secret keys), but very weak security guarantees, and then constructing such a scheme.

Published
2016

20. Applied Cryptography and Network Security : 13th International Conference, ACNS 2015, New York, NY, USA, June 2-5, 2015, Revised Selected Papers / edited by Tal Malkin, Vladimir Kolesnikov, Allison Bishop Lewko, Michalis Polychronakis.

Author

Malkin, Tal. editor., Kolesnikov, Vladimir. editor., Lewko, Allison Bishop. editor., Polychronakis, Michalis. editor., SpringerLink (Online service), Malkin, Tal. editor., Kolesnikov, Vladimir. editor., Lewko, Allison Bishop. editor., Polychronakis, Michalis. editor., and SpringerLink (Online service)

Abstract

This book constitutes the refereed proceedings of the 13th International Conference on Applied Cryptography and Network Security, ACNS 2015, held in New York, NY, USA, in June 2015. The 33 revised full papers included in this volume and presented together with 2 abstracts of invited talks, were carefully reviewed and selected from 157 submissions. They are organized in topical sections on secure computation: primitives and new models; public key cryptographic primitives; secure computation II: applications; anonymity and related applications; cryptanalysis and attacks (symmetric crypto); privacy and policy enforcement; authentication via eye tracking and proofs of proximity; malware analysis and side channel attacks; side channel countermeasures and tamper resistance/PUFs; and leakage resilience and pseudorandomness.

Published
2015

21. Applied Cryptography and Network Security : 13th International Conference, ACNS 2015, New York, NY, USA, June 2-5, 2015, Revised Selected Papers / edited by Tal Malkin, Vladimir Kolesnikov, Allison Bishop Lewko, Michalis Polychronakis.

Author

Malkin, Tal. editor., Kolesnikov, Vladimir. editor., Lewko, Allison Bishop. editor., Polychronakis, Michalis. editor., SpringerLink (Online service), Malkin, Tal. editor., Kolesnikov, Vladimir. editor., Lewko, Allison Bishop. editor., Polychronakis, Michalis. editor., and SpringerLink (Online service)

Abstract

This book constitutes the refereed proceedings of the 13th International Conference on Applied Cryptography and Network Security, ACNS 2015, held in New York, NY, USA, in June 2015. The 33 revised full papers included in this volume and presented together with 2 abstracts of invited talks, were carefully reviewed and selected from 157 submissions. They are organized in topical sections on secure computation: primitives and new models; public key cryptographic primitives; secure computation II: applications; anonymity and related applications; cryptanalysis and attacks (symmetric crypto); privacy and policy enforcement; authentication via eye tracking and proofs of proximity; malware analysis and side channel attacks; side channel countermeasures and tamper resistance/PUFs; and leakage resilience and pseudorandomness.

Published
2015

22. Blind Seer: A Scalable Private DBMS

Author

OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE WASHINGTON DC INTELLIGENCE ADVANCED RESEARCH PROJECTS ACTIVITY, Pappas, Vasilis, Krell, Fernando, Vo, Binh, Kolesnikov, Vladimir, Malkin, Tal, Choi, Seung G, George, Wesley, Keromytis, Angelos, Bellovin, Steven, OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE WASHINGTON DC INTELLIGENCE ADVANCED RESEARCH PROJECTS ACTIVITY, Pappas, Vasilis, Krell, Fernando, Vo, Binh, Kolesnikov, Vladimir, Malkin, Tal, Choi, Seung G, George, Wesley, Keromytis, Angelos, and Bellovin, Steven

Abstract

Query privacy in secure DBMS is an important feature, although rarely formally considered outside the theoretical community. Because of the high overheads of guaranteeing privacy in complex queries, almost all previous works addressing practical applications consider limited queries (e.g., just keyword search), or provide a weak guarantee of privacy. In this work, we address a major open problem in private DB: efficient sublinear search for arbitrary Boolean queries. We consider scalable DBMS with provable security for all parties including protection of the data from both server (who stores encrypted data) and client (who searches it), as well as protection of the query, and access control for the query. We design, build, and evaluate the performance of a rich DBMS system, suitable for real-world deployment on today medium- to large-scale DBs. On a modern server, we are able to query a formula over 10TB, 100M-record DB, with 70 searchable index terms per DB row, in time comparable to (insecure) MySQL (many practical queries can be privately executed with work 1.2-3 times slower than MySQL, although some queries are costlier). We support a rich query set, including searching on arbitrary boolean formulas on keywords and ranges, support for stemming and free keyword searches over text fields. We identify and permit a reasonable and controlled amount of leakage, proving that no further leakage is possible. In particular we allow leakage of some search pattern information, but protect the query and data, provide a high level of privacy for individual terms in the executed search formula, and hide the difference between a query that returned no results and a query that returned a very small result set. We also support private and complex access policies, integrated in the search process so that a query with empty result set and a query that fails the policy are hard to tell apart., Published in n Proceedings of the IEEE Symposium on Security & Privacy (35th), San Jose, CA on 18-21 May 2014. Prepared in collaboration with the US Naval Academy, Bell Labs and University of Toronto. The original document contains color images.

Published
2014

23. A study of secure database access and general two-party computation

Author

Shafi Goldwasser., Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science., Malkin, Tal Geula, 1970, Shafi Goldwasser., Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science., and Malkin, Tal Geula, 1970

Abstract

Thesis (Ph.D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2000., Includes bibliographical references (p. 207-216)., by Tal Geula Malkin., Ph.D.

Published
2014

24. A study of secure database access and general two-party computation

Author

Shafi Goldwasser., Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science., Malkin, Tal Geula, 1970, Shafi Goldwasser., Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science., and Malkin, Tal Geula, 1970

Abstract

Thesis (Ph.D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2000., Includes bibliographical references (p. 207-216)., by Tal Geula Malkin., Ph.D.

Published
2014

25. A comparative cost/security analysis of fault attack countermeasures

Author

UCL - FSA/ELEC - Département d'électricité, Malkin, Tal G., Standaert, François-Xavier, Yungi, Moti, 3rd International Workshop on Fault Diagnosis and Tolerance in Cryptography, UCL - FSA/ELEC - Département d'électricité, Malkin, Tal G., Standaert, François-Xavier, Yungi, Moti, and 3rd International Workshop on Fault Diagnosis and Tolerance in Cryptography

Abstract

Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption algorithms. To protect cryptographic implementations (e.g. of the recent AES which will be our running example) against these attacks, a number of innovative countermeasures have been proposed, usually based on the use of space and time redundancies (e.g. error detection/correction techniques, repeated computations). In this paper, we take the next natural step in engineering studies where alternative methods exist, namely, we take a comparative perspective. For this purpose, we use unified security and efficiency metrics to evaluate various recent protections against fault attacks. The comparative study reveals security weaknesses in some of the countermeasures (e.g. intentional malicious fault injection that are unrealistically modelled). The study also demonstrates that, if fair performance evaluations are performed, many countermeasures are not better than the naive solutions, namely duplication or repetition. We finally suggest certain design improvements for some countermeasures, and further discuss security/efficiency tradeoffs.

Published
2006

Catalog

Books, media, physical & digital resources
See catalog results