Simultaneous hardcore bits and cryptography against memory attacks

Adi Akavia, Shafi Goldwasser, Vinod Vaikuntanathan

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


This paper considers two questions in cryptography. Cryptography Secure Against Memory Attacks. A particularly devastating side-channel attack against cryptosystems, termed the "memory attack", was proposed recently. In this attack, a significant fraction of the bits of a secret key of a cryptographic algorithm can be measured by an adversary if the secret key is ever stored in a part of memory which can be accessed even after power has been turned off for a short amount of time. Such an attack has been shown to completely compromise the security of various cryptosystems in use, including the RSA cryptosystem and AES. We show that the public-key encryption scheme of Regev (STOC 2005), and the identity-based encryption scheme of Gentry, Peikert and Vaikuntanathan (STOC 2008) are remarkably robust against memory attacks where the adversary can measure a large fraction of the bits of the secret-key, or more generally, can compute an arbitrary function of the secret-key of bounded output length. This is done without increasing the size of the secret-key, and without introducing any complication of the natural encryption and decryption routines. Simultaneous Hardcore Bits. We say that a block of bits of x are simultaneously hard-core for a one-way function f(x), if given f(x) they cannot be distinguished from a random string of the same length. Although any candidate one-way function can be shown to hide one hardcore bit and even a logarithmic number of simultaneously hardcore bits, there are few examples of one-way or trapdoor functions for which a linear number of the input bits have been proved simultaneously hardcore; the ones that are known relate the simultaneous security to the difficulty of factoring integers. We show that for a lattice-based (injective) trapdoor function which is a variant of function proposed earlier by Gentry, Peikert and Vaikuntanathan, an N-o(N) number of input bits are simultaneously hardcore, where N is the total length of the input. These two results rely on similar proof techniques.

Original languageEnglish
Title of host publicationTheory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings
Number of pages22
StatePublished - 2009
Externally publishedYes
Event6th Theory of Cryptography Conference, TCC 2009 - San Francisco, CA, United States
Duration: 15 Mar 200917 Mar 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5444 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference6th Theory of Cryptography Conference, TCC 2009
Country/TerritoryUnited States
CitySan Francisco, CA

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Simultaneous hardcore bits and cryptography against memory attacks'. Together they form a unique fingerprint.

Cite this