Strong Converse Theorem for Source Encryption under Side-Channel Attacks

TL;DR

This paper establishes a strong converse theorem for source encryption security under side-channel attacks, introducing a new security criterion based on maximum conditional mutual information, and characterizes the rate region for secure transmission.

Contribution

It proposes a general framework for source encryption security under side-channel attacks and introduces a new strong secrecy criterion extending mutual information.

Findings

Formulated a necessary and sufficient rate region for secure transmission

Proved that perfect secrecy under standard criteria is impossible without satisfying the new criterion

Introduced a new security measure based on maximum conditional mutual information

Abstract

We are interested in investigating the security of source encryption with a symmetric key under side-channel attacks. In this paper, we propose a general framework of source encryption with a symmetric key under the side-channel attacks, which applies to \emph{any} source encryption with a symmetric key and \emph{any} kind of side-channel attacks targeting the secret key. We also propose a new security criterion for strong secrecy under side-channel attacks, which is a natural extension of mutual information, i.e., \emph{the maximum conditional mutual information between the plaintext and the ciphertext given the adversarial key leakage, where the maximum is taken over all possible plaintext distribution}. Under this new criterion, we successfully formulate the rate region, which serves as both necessary and sufficient conditions to have secure transmission even under side-channel attacks. Furthermore, we also prove another theoretical result on our new security criterion, which might be interesting in its own right: in the case of the discrete memoryless source, no perfect secrecy under side-channel attacks in the standard security criterion, i.e., the ordinary mutual information, is achievable without achieving perfect secrecy in this new security criterion, although our new security criterion is more strict than the standard security criterion.