Principal Investigator Silvio Micali
A cryptographic algorithm is executed by various parties, where one (or more) has some secret information. The classical security definitions for these algorithms assume that an adversary has no access whatsoever to the secret information of honest parties. Rather, the adversary is only allowed to query the cryptographic algorithms on inputs of its choice, where the answer is always computed according to the correct original secret information.
However, many of today’s cryptographic applications are carried out on small portable devices, such as smartcards. These devices try to offer physical security features that prevent the adversary from reading the secrets stored inside the card. However, as recent research has shown, it is possible for the adversary to partially manipulate the secret key by injecting faults into the storage. This might have catastrophic effects on the security of the algorithms implemented by the device.
We propose a new security model that deals with this type of attacks. The model allows the adversary to apply a function f to the secret key sk and obtain the result of the cryptographic algorithms using the new secret key f (sk).