Information Leakage Measurement in a Distributed Computation Protocol

Shin-ichi KAWAMURA  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E78-A   No.1   pp.59-66
Publication Date: 1995/01/25
Online ISSN: 
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
server-aided secure computation,  RSA,  information theory,  security,  cryptography,  

Full Text: PDF(519.1KB)>>
Buy this Article

This paper deals with the information leakage measurement in a distributed computation protocol called SASC. The SASC protocol is a kind of two-party protocol between a client and a server. The computation for RSA cryptosystem is the target of this paper. This paper shows that a secure RSA-SASC protocol proposed recently could be changed to be insecure if the client which has secret information were to complain about the computation result. This paper first clarifies how to measure the information amount which leaks through the protocol. It, then, shows an attack procedure to make use of the client's complaint. Effectiveness of the attack procedure is measured by the information theoretic measure. By using the same measure, it is shown that some attacks do not work to derive the client's secret. It is also shown that a practical countermeasure to limit the number of incorrect computation allowed is effctive to limit the leakage of the secret information to some reasonable extent.