Upload
zion-barrett
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
Leakage-Resilient Cryptography
Microsoft Research & U. Toronto
Vinod Vaikuntanathan
New Developments and Challenges
Secrets
Information accessible to one party and not to other(s)
Essential to cryptography!
Theory Real life
Secrets leak!
[Kocher,Jaffe,Jun’98]
[Kocher’96]
[Quisquater’01]
Cache-Timing
[Bernstein’05,OST’05]
Secrets Leak
So, what can we do about it?
Leakage-Resilient Cryptography
Can we do Crypto with no (perfect) secrecy?
Yes (in most cases)
A Fundamental Question in the Foundations of Cryptography
secret
public
Three Commandments
I. Secrets leak in arbitrary ways.
II. Secrets leak from everywhere.
III. Secrets leak all the time.
(hard-disk, RAM, cache, registers, randomness sources,…)
(No protected time periods)
(Axioms of Leakage)
[Micali-Reyzin’04]
(except: leakage is polynomial time computable,
and does not betray the entire secret key)
Interpreting the Commandments
A Simple Interpretation: Bounded Leakage [AGV09]
(or, Two Leakage Models)
— Total leakage λ < |SK| [AGV09,NS09,KV09,ADW09,ADN+10,…]
— Adversary can learn any efficiently computable function L:{0,1}* → {0,1} λ of the secret key(*).
sk L(sk)1 0 1
(*) Ideally, leakage from the entire secret state.
Interpreting the Commandments
A Simple Interpretation: Bounded Leakage [AGV09]
(or, Two Leakage Models)
— Total leakage λ < |SK| [AGV09,NS09,KV09,ADW09,ADN+10,…]
— Adversary can learn any efficiently computable function L:{0,1}* → {0,1} λ of the secret key.
Variations:
Auxiliary Input Model [DKL’09,DGKPV’10]: L is an uninvertible function of SK
Noisy Model [NS’09]: H∞(SK | L(SK)) > |SK|- λ
Interpreting the Commandments
A Realistic Interpretation: Continual Leakage
(or, Two Leakage Models)
— Rate of Leakage λ (leakage/time period) < |SK|
— Adversary can learn any efficiently computable function
Li:{0,1}* → {0,1}λ of the secret key at each “time-period”
sk
L1(sk)
L2(sk)1 0 1
0 0 1
[ISW03MR04,DP08,Pie09,FKPR10,FRRTV10,BKKV10, DHLW10…]
Interpreting the Commandments
A Realistic Interpretation: Continual Leakage
(or, Two Leakage Models)
[ISW03MR04,DP08,Pie09,FKPR10,FRRTV10,BKKV10, DHLW10…]
— Of course, secret key should be refreshed in each time.
— Non-trivial: Refresh SK without changing PK (in public-key systems), or without co-ordination (in SK systems)
Observations:
— Rate of Leakage λ (leakage/time period) < |SK|
— Adversary can learn any efficiently computable function
Li:{0,1}* → {0,1}λ of the secret key at each “time-period”
Talk Plan
PART 1: Bounded Leakage Model
– One-way Functions
PART 2: Continual Leakage Model
PART 3: Some Research Directions
– Digital Signatures
– Leakage-resilient Compilers, Tamper Resistance,…
– Public-key Encryption
A Brief History of Leakage in Crypto“We stand on the shoulders of giants…”
A Brief History of Leakage in Crypto
Privacy Amplification [von Neumann’46,…,Bennett-Brassard-Robert’85]
— “Distill an perfectly random shared key from an imperfect one”
Bounded Storage/Retrieval Models [Maurer’92,…,Di Crescenzo-Lipton-Walfish’06,Dziembowski’06]
Exposure-Resilient Cryptography[Rivest’97, Boyko’98, CDHKS’00,ISW’03,IPSW’06]
— Leakage = a subset of bits of SK
— We want to tolerate arbitrary (PPT) leakage functions (axiom 1)
— More generally, MPC, threshold crypto etc.
A Brief History of Leakage in Crypto
— “Distill an perfectly random shared key from an imperfect one”
Bounded Storage/Retrieval Models [Maurer’92,…,Di Crescenzo-Lipton-Walfish’06,Dziembowski’06]
Exposure-Resilient Cryptography[Rivest’97, Boyko’98, CDHKS’00,ISW’03,IPSW’06]
Proactive Cryptography[HJKY’95, HJJKY’97, R’98]
— “How to cope with perpetual leakage” (a continual leakage model)
Privacy Amplification [von Neumann’46,…,Bennett-Brassard-Robert’85]
[Ishai-Sahai-Wagner2003]
[Micali-Reyzin2004]
[Dodis-Ong-Prabhakaran-Sahai2004]
[Ishai-Prabhakaran-Sahai-Wagner2006]
[Dziembowski-Pietrzak2008]
[Akavia-Goldwasser-V.2009][Pietrzak2009][Dodis-Kalai-Lovett2009][Naor-Segev2009][Dodis-Goldwasser-Kalai-Peikert-V.2009][Katz-V.2009][Faust-Kiltz-Pietrzak-Rothblum2009][Alwen-Dodis-Wichs2009][Goldwasser-Kalai-Peikert-V.2010][Alwen-Dodis-Naor-Segev-Walfish-Wichs2009][Juma-Vahlis.2010][Faust-Rabin-Reyzin-Tromer-V.2010][Brakerski-Kalai-Katz-V.2010][Goldwasser-Rothblum.2010][Dodis-Haralambiev-Lopez-alt-Wichs.2010][Lewko-Waters.2010][Chow-Dodis-Rouselakis-Waters.2010][Boyle-Wichs-Segev.2011][Kiltz-Pietrzak.2011][Malkin-Teranishi-Vahlis-Yung.2011][Jain-Pietrzak.2011][Halevi-Lin.2011][Lewko-Rouselakis-Waters.2011][Lewko-Lewko-Waters.2011] …
Bounded Leakage
Leakage-Resilient One-way Functions
Easy Observation: “Hardness Leakage-resilience”
– Similar connections for other primitives (enc,sig,…)
– Need 2O(n)-hardness to get O(n)-LR.
Leakage-Resilient One-way Functions
Theorem [KV09,ADW09]: If there are Universal One-way Hash Functions, then there are LR one-way functions.
– Corollary [NY89,Rom90]: If OWF exist, then LR OWFs exist.
Leakage-Resilient One-way Functions
Proof:
Information-theoretic + Crypto techniques
A Blue-print for most leakage-resilience proofs
Leakage-Resilient One-way Functions
Proof: reduction (UOWHF-breaker)
adversary
𝑓 ,𝑥
𝑥 ′ ≠ 𝑥s.t.
𝑓 , 𝑓 (𝑥 ) ,𝐿(𝑥)
𝑥 ′
Leakage-Resilient One-way Functions
Proof: reduction
adversary
𝑓 ,𝑥
𝑥 ′ ≠ 𝑥s.t.
𝑓 , 𝑓 (𝑥 ) ,𝐿(𝑥)
y=f(x)x
{0,1 }𝑛
— H∞(x) = n — H∞(x | f(x)) ≥ — H∞(x | f(x), L(x)) ≥ — H∞(x | f(x), L(x)) ≥
— Adversary returns x'≠x w.p ≥ 1/2 → breaks UOWHF
𝑥 ′
A Blueprint for Leakage Proofs
— Problem with many solutions
— Hard: given one solution, find another
— Security redn has one soln, computes leakage using that
— Adversary doesn’t have enough info to pin-point the solution
— Adversary returns a different soln, unwittingly solves the hard problem
(information-theoretic argument)
(computational argument)
Leakage-Resilient Signatures
PK
SignSK(m)
L(SK)
L
m
Cannot produce
sign for a new m*
sk
Leakage-Resilient Signatures
Theorem [KV09]: λ-leakage-resilient OWF (+simulation-
extractable NIZK [S99,DDOPS01]) → λ-leakage-resilient signatures
Sign(m): SimExt-NIZKm for “∃x s.t PK contains h(x)”
SK: xPK: (f,y=f(x),CRSnizk), where f is an λ-LR OWF,
— Signature contains no (computational) info. on SK
— Forgery extract a secret-key.⇒
Proof Idea:
Sim-Ext
— Break LR OWF.
similar to [Bellare-Goldwasser’92]
LR Signatures: Subsequent Results
[ADW09]: Fiat-Shamir transform + LR OWFs → LR-Sigs in the random oracle model.
[DHLW10]: Efficient LR Sigs without random oracles (using bilinear maps).
[BKKV10,DHLW10]: Continual LR Sigs
[BSW11,MTVY11]: (continual) LR Sigs where the randomness used for signing can leak as well.
[LLW10]: Continual LR Sigs where the key update phase leaks as well
Leakage-Resilient Public-key Encryption(cpa)
PK
L(SK)
Lsk Enc(b)
(b←${0,1})
Cannot predict b
– [AGV09]: based on Lattices
– [NS09,DGKPV10] based on Diffie-Hellman
(show that [Regev05,GPV08] is leakage-resilient)
(show that [BHHO08] is leakage-resilient)
– [NS09] from any hash proof system [CS02]
Leakage-Resilient Public-key Encryption
Theorem: For every λ < |SK| - secparam, (cpa-secure)
public-key encryption that tolerates λ bits of leakage:
Adv. breaks
cpa-securityConstruction Outline
Old Idea: One Public Key, many possible Secret Keys
PK
Public Key Space Secret Key space
Hard Problem: Given one SK, find another.
For starters:
Adv. finds sk.
– Reduction knows one SK, simulates leakage from it
– Adv. gets pk+leakage → not enough info to fully specify SK
– Adv. finds SK′ ≠ SK → breaks hard problem.
Proof:
Adv. breaks
cpa-securityConstruction Outline
Old Idea: One Public Key, many possible Secret Keys
For starters:
Adv. finds sk.
M
DEC
MCENC
PK M
M
► Correctness All secret keys decrypt C to the same message
Adv. breaks
cpa-securityConstruction Outline
Old Idea: One Public Key, many possible Secret Keys
New Idea: REAL Encryption vs. FAKE Encryption
PK
CFakeENC
MC
RealENC
DEC
M1
M3
M2
► Different secret keys decrypt c to different messages
► and yet, Fake ≈ Real (even given an SK)
≈
Security Proof
L(SK)
M1
M3
M2CFakeENC
“Fake World”
???
“Real World”
MM CReal
ENCPK
DEC
LR Public-key Encryption: Subsequent Results
[NS09]: CPA-secure → CCA-secure with the same leakage-resilience (idea: use Naor-Yung)
[AGV09,ADN+10,CDRW10]: leakage-resilient IBE (with leakage from the user secret keys).
[LW10]: leakage-resilient IBE (with leakage from the master secret key as well), LR HIBE, ABE etc.
[BKKV10,DHLW10]: Continual LR Encryption
[LLW10]: Continual LR Enc where the key update phase leaks as well
[HL11]: “After-the-fact” Leakage
Continual Leakage
Continual LR Public-key Encryption
Unbounded leakage, but bounded in each time period
Challenge: keep the public key the same
Solution idea: “refresh” (randomize) the secret key
sk1
L1(sk1)
L2(sk2)1 0 1
0 0 1sk2
– users (encryptors) are oblivious of the updates!
Continual LR Public-key Encryption
Theorem: [BKKV10] CLR-secure public-key encryption schemes that tolerate (in every time step):
– (1/2-ε)|SK| leakage, based on decisional linear– (1-ε)|SK| leakage, based on symmetric external DH
assumptions in bilinear groups.
sk1
L1(sk1)
L2(sk2)1 0 1
0 0 1sk2
Continual LR Public-key Encryption
Other Results:
[BKKV10]: CLR-secure signatures and IBE (with leakage from user secret keys)
Concurrently, [DHLW10]: efficient CLR-secure signatures, ID schemes and AKA schemes
sk1
L1(sk1)
L2(sk2)1 0 1
0 0 1sk2
[LLW11]: tolerates large leakage from updates
Continual LR Public-key Encryption
How to update SK? (without changing PK)
pk
sk space
First Idea: Resample from the key-space!
PROBLEM: This is supposed to be hard!
sk1sk
2
sk3
sk4
L1(SK1)
L2 (SK2)
L3(SK3)
L4(SK4)
New Idea: “Neighborhood of SKs”
• Given a secret key:– Easy to resample inside neighborhood.– Hard to find a secret key outside of neighborhood.
pk
corresp. sk space
• Sampling in neighborhood ≈c entire space. Adv. can’t tell the difference.
• “Proof” outline:– Reduction knows sk and updates in neighborhood.– To Adv., updates “look like” from entire space.– Even given leakage, Adv. cannot recover any
leaked key entirely will have to come up with new sk’≠sk.
– WHP sk’ not in neighborhood breaks hard problem.
Some Open Questions
SO FAR: Designed SPECIFIC crypto primitives (sigs.,enc.) secure against continual leakage
QUESTION:
Any circuit → Continual Leakage-resilient circuit
— Yao/GMW/BGW/CCD for leakage-resilient crypto
Foundational Questions
— Automatically leakage-proof commonly used cryptosystems, e.g., RSA / AES
Foundational Questions
Many Partial Results
[Ishai-Sahai-Wagner’03] : Any circuit → “Probing-resilient” circuit secure against leakage of ≤ t wires
[FRRTV’09] : Any circuit → circuit secure against AC0 leakage
[JV’10,GR’10] : Any circuit → circuit secure against polynomial-time leakage
(assuming a small piece of secure hardware)
(assuming a small piece of secure hardware + secure memory)
OPEN: a compiler against general
leakage functions(without secure hardware)
[BGIRSVY’00,Imp’10] : This has connections to program obfuscation!
Practical Questions
In theory, we have practical constructions
– How about truly practical constructions? (e.g. [YSPY’10])
– Perhaps relax the model in a meaningful way
Given a side-channel attack, how much information does it leak? [SVO+10]
modelreality
To Conclude…
Tons of Open Problems
— Parallel Repetition for Leakage Amplification [DW,LW]:
Suppose scheme S tolerates L bits. Can we “repeat it in parallel” n times and get nL bit leakage-tolerance?
— Tamper Resistance [IPSW, GLMMR, DPW, Malkin et al.]:
Many attacks, Boneh-Lipton, Shamir’s bug attacks...
Very Active Field, Lots of work recently!Information-theoretic + Computational Techniques
Entropy
Thanks!
Questions?
You can find me here …