Survey: Leakage resilience and the bounded retrieval model

Joël Alwen, Yevgeniy Dodis, Daniel Wichs

Research output: Chapter in Book/Report/Conference proceedingConference contribution


This survey paper studies recent advances in the field of Leakage-Resilient Cryptography. This booming area is concerned with the design of cryptographic primitives resistant to arbitrary side-channel attacks, where an attacker can repeatedly and adaptively learn information about the secret key, subject only to the constraint that the overall amount of such information is bounded by some parameter ℓ. We start by surveying recent results in the so called Relative Leakage Model, where all the parameters of the system are allowed to depend on ℓ, and the goal is to make ℓ large relative to the length of the secret key. We conclude by showing how to extend the relative leakage results to the Bounded Retrieval Model (aka "Absolute Leakage Model"), where only the secret key length is allowed to be slightly larger than ℓ, but all other system parameters (e.g., public-key, communication, etc.) are independent of the absolute value of ℓ. Throughout the presentation we will emphasize the information-theoretic techniques used in leakage-resilient cryptography.

Original languageEnglish (US)
Title of host publicationInformation Theoretic Security - 4th International Conference, ICITS 2009, Revised Selected Papers
Number of pages18
StatePublished - 2010
Event4th International Conference on Information Theoretic Security, ICITS 2009 - Shizuoka, Japan
Duration: Dec 3 2009Dec 6 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5973 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other4th International Conference on Information Theoretic Security, ICITS 2009

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Survey: Leakage resilience and the bounded retrieval model'. Together they form a unique fingerprint.

Cite this