A recent trend in cryptography is to protect data and computation against various side-channel attacks. Dziembowski and Faust (TCC 2012) have proposed a general way to protect arbitrary circuits against any continual leakage assuming that: (i) the memory is divided into the parts, which leaks independently (ii) the leakage in each observation is bounded (iii) the circuit has an access to a leak-free component, which samples random orthogonal vectors. The pivotal element of their construction is a protocol for refreshing the so-called Leakage-Resilient Storage (LRS). In this note, we present a more efficient and simpler protocol for refreshing LRS under the same assumptions. Our solution needs O(n) operations to fully refresh the secret (in comparison to {Omega}(n^2) for a protocol of Dziembowski and Faust), where n is a security parameter that describes the maximal amount of leakage in each invocation of the refreshing procedure
تحميل البحث