Tight Estimate of the Local Leakage Resilience of the Additive Secret-Sharing Scheme & Its Consequences

Hemanta K. Maji, Anat Paskin-Cherniavsky, Mingyuan Wang, Albert Yu, Hai H. Nguyen, Tom Suad, Xiuyu Ye

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

Innovative side-channel attacks have repeatedly exposed the secrets of cryptosystems. Benhamouda, Degwekar, Ishai, and Rabin (CRYPTO-2018) introduced local leakage resilience of secret-sharing schemes to study some of these vulnerabilities. In this framework, the objective is to characterize the unintended information revelation about the secret by obtaining independent leakage from each secret share. This work accurately quantifies the vulnerability of the additive secret-sharing scheme to local leakage attacks and its consequences for other secret-sharing schemes. Consider the additive secret-sharing scheme over a prime field among k parties, where the secret shares are stored in their natural binary representation, requiring λ bits - the security parameter. We prove that the reconstruction threshold k = ω(log λ) is necessary to protect against local physical-bit probing attacks, improving the previous ω(log λ/log log λ) lower bound. This result is a consequence of accurately determining the distinguishing advantage of the “parity-of-parity” physical-bit local leakage attack proposed by Maji, Nguyen, Paskin-Cherniavsky, Suad, and Wang (EUROCRYPT-2021). Our lower bound is optimal because the additive secret-sharing scheme is perfectly secure against any (k − 1)-bit (global) leakage and (statistically) secure against (arbitrary) one-bit local leakage attacks when k = ω(log λ). Any physical-bit local leakage attack extends to (1) physical-bit local leakage attacks on the Shamir secret-sharing scheme with adversarially-chosen evaluation places, and (2) local leakage attacks on the Massey secret-sharing scheme corresponding to any linear code. In particular, for Shamir's secret-sharing scheme, the reconstruction threshold k = ω(log λ) is necessary when the number of parties is n = O(λlog λ). Our analysis of the “parity-of-parity” attack's distinguishing advantage establishes it as the best-known local leakage attack in these scenarios. Our work employs Fourier-analytic techniques to analyze the “parity-of-parity” attack on the additive secret-sharing scheme. We accurately estimate an exponential sum that captures the vulnerability of this secret-sharing scheme to the parity-of-parity attack, a quantity that is also closely related to the “discrepancy” of the Irwin-Hall probability distribution.

Original languageEnglish
Title of host publication3rd Conference on Information-Theoretic Cryptography, ITC 2022
EditorsDana Dachman-Soled
PublisherSchloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
ISBN (Electronic)9783959772389
DOIs
StatePublished - 1 Jul 2022
Event3rd Conference on Information-Theoretic Cryptography, ITC 2022 - Cambridge, United States
Duration: 5 Jul 20227 Jul 2022

Publication series

NameLeibniz International Proceedings in Informatics, LIPIcs
Volume230
ISSN (Print)1868-8969

Conference

Conference3rd Conference on Information-Theoretic Cryptography, ITC 2022
Country/TerritoryUnited States
CityCambridge
Period5/07/227/07/22

Keywords

  • Fourier analysis
  • Shamir's secret-sharing
  • additive secret-sharing
  • leakage resilience
  • physical-bit probing leakage attacks

Fingerprint

Dive into the research topics of 'Tight Estimate of the Local Leakage Resilience of the Additive Secret-Sharing Scheme & Its Consequences'. Together they form a unique fingerprint.

Cite this