61
One-Time Computable Self-Erasing Functions Stefan Dziembowski Tomasz Kazana Daniel Wichs (accepted to TCC 2011)

One-Time Computable Self -Erasing Functions

  • Upload
    shirin

  • View
    55

  • Download
    1

Embed Size (px)

DESCRIPTION

One-Time Computable Self -Erasing Functions. Stefan Dziembowski Tomasz Kazana Daniel Wichs. (accepted to TCC 2011) . Main contribution of this work. We introduce a new model for leakage/tamper resistance . In our model the adversary is space-bounded . - PowerPoint PPT Presentation

Citation preview

Page 1: One-Time Computable Self -Erasing Functions

One-Time Computable Self-Erasing Functions

Stefan DziembowskiTomasz KazanaDaniel Wichs

(accepted to TCC 2011)

Page 2: One-Time Computable Self -Erasing Functions

Main contribution of this work

We introduce a new model for leakage/tamper resistance.

In our model the adversary is space-bounded.

We present some primitives that are secure in this model.

Applications: password-protected storage, proofs-of-erasure.

Page 3: One-Time Computable Self -Erasing Functions

How to construct secure digital systems?

CRYPTO

MACHINE(PC, smartcard, etc.)

very secure

Security based on well-defined mathematical problems.

not secure!

Page 4: One-Time Computable Self -Erasing Functions

The problem

hard to attack

easy to attack

CRYPTO

MACHINE(PC, smartcard, etc.)

Page 5: One-Time Computable Self -Erasing Functions

Machines cannot be trusted!

1. Informationleakage

2. Maliciousmodifications

MACHINE(PC, smartcard, etc.)

Page 6: One-Time Computable Self -Erasing Functions

Relevant scenarios

PCs specialized hardware

malicious software:

• viruses,

• trojan horses.

side-channel attacks:

• power consumption,

• electromagnetic leaks,

• timing information.

MACHINES

. . .

Page 7: One-Time Computable Self -Erasing Functions

A recent trend in cryptography

Construct protocols that are secure even if they are implemented on machines that are not fully trusted.

[ISW03, GLMMR04, MR04, IPW06, CLW06, Dzi06, DP07, DP08, AGV09, ADW09, Pie09, NS09, SMY09, KV09, FKPR10, DDV10, DPW10, DHLW10, BKKV10, BG10,…]

Page 8: One-Time Computable Self -Erasing Functions

Main idea of this line of research

To achieve security one assumes that the power of the adversary during the “physical attack” is

“limited in some way”.

this should be justified by some physical characteristics of the device

Page 9: One-Time Computable Self -Erasing Functions

Examples of assumptions (1/3)

S

length-shrinkingh(S)

the adversary can learn the values on up to t wires

boolean circuit

Bounded-Retrieval Model“Memory Attacks” [AGV09]

“Probing Attacks” [ISW03]

Page 10: One-Time Computable Self -Erasing Functions

S

length-shrinkinglow-complexity h

S0

length-shrinking

h

S1

length-shrinking

h

h(S) h(S0) h(S1)

[FRTV10,DDV10] [MR04,DP08…]

Examples of assumptions (2/3)

Page 11: One-Time Computable Self -Erasing Functions

the adversary can modify up to t wires

boolean circuit

[IPSW03]

Examples of assumptions (3/3)

Page 12: One-Time Computable Self -Erasing Functions

One way to look at these efforts:

The trust assumptions on hardware can never be removed completely.

But we can try to reduce them.

Page 13: One-Time Computable Self -Erasing Functions

General goal

Come up with attack models that are:

• realistic (i.e. they correspond to the real-life adversaries),

• allow to construct secure schemes

tradeoff

Problem: current models are not strong enough.

Example: BRM --- the adversary is assumed to be passive.

Page 14: One-Time Computable Self -Erasing Functions

Outline

1. Introduction and motivation2. Our model3. One-time computable functions4. Proofs of erasure5. Subsequent work and open

problems

Page 15: One-Time Computable Self -Erasing Functions

Our model

We work in the “virus model”(but our techniques may also be used to protect against the side-channel

attacks)

We assume that the adversary is active:

big

small(the “virus”)

modifies the internal datainteracts

Page 16: One-Time Computable Self -Erasing Functions

The model

big

device

read / write

send/receive

small

memory

Page 17: One-Time Computable Self -Erasing Functions

What are the restrictions on interaction?

big

send/receive

small(the “virus”)

There is a limit t on the number of bits that the virus can send out.

(this is essentially the assumption used before in the BRM).

Page 18: One-Time Computable Self -Erasing Functions

What are the restrictions on malicious modifications?

small(the “virus”)

The virus can modify the contents of the memory arbitrarily.

The only restriction is that he is space-bounded.

memory

read / write

Page 19: One-Time Computable Self -Erasing Functions

Outline

1. Introduction and motivation2. Our model3. One-time computable functions4. Proofs of erasure5. Subsequent work and open

problems

Page 20: One-Time Computable Self -Erasing Functions

Our contributionIn this model we construct a primitive:

one-time-computable pseudorandom functions

f : keys × messages ciphertexts

key Rmessage M ciphertext C=f(R,M)

Informally: “it should be possible to evaluate f(R,M) at most once”.

Normally |R| >> |M| (= |C|)

Page 21: One-Time Computable Self -Erasing Functions

key Rmessage M ciphertext C=f(R,M)

message M’ error

read / write

send/receive

key R

In our model:

the “ideal functionality”:

can only learn one value of

f(R,K)

Page 22: One-Time Computable Self -Erasing Functions

Some more details

key RA1: extra space for the adversary

memory

A0: for the honest scheme

Main idea: design f such that:

• the computation of f(R,M) twice takes more space than |A0| + |A1| + |R|.

• but it can be done efficiently once in space |A0| + |R|.

• hence we can compute f(R,M) exactly once (during this computation we will overwrite R).

Page 23: One-Time Computable Self -Erasing Functions

ObservationIf |A1| ≥ |R| then: the adversary can copy M into A1:

key RA1: extra space for the adversaryA0: for the honest scheme

copy

Then, he can simply run the honest scheme on the “copy of R”.

He can obviously do it multiple times. Moral

A1 has to be shorter than R.

Page 24: One-Time Computable Self -Erasing Functions

A simplifying assumption

In our schemes A0 will be very short.

Therefore we can forget about (include it into the space for the adversary).

So, the memory looks now like this :

key RA: space for the adversary

Page 25: One-Time Computable Self -Erasing Functions

An application of this primitivePassword-protected storage:

f – a one-time computable PRF(Enc, Dec) – a standard symmetric encryption schemeTo encrypt a message M with a password π:1. select R at random2. calculate Z= f(R, π)3. store (R, Enc(Z,M))

key R

C=Enc(Z,M)

M

π

To decrypt compute:

Z =f(R, π) and then

Dec(Z,M)

Note: this will overwrite R

Page 26: One-Time Computable Self -Erasing Functions

ProblemC has to be shorter than R.

(since the adversary can use part of the space where C is stored as his memory).

A solution: store C on a read-only memory.

Page 27: One-Time Computable Self -Erasing Functions

Another problem

If an honest user makes a typo then he will not have another try.

We have a solution for this – stay tuned.

Page 28: One-Time Computable Self -Erasing Functions

Yet another problem

1. select R at random2. calculate Z= f(R, π)3. store (R, Enc(Z, M))

Look again at this procedure:

Can it be done “locally” on this machine?

1. select a short seed S at random and store it2. set R := PRG(S)3. calculate Z= f(R, π) (destroying R)4. recalculate R := PRG(S)5. erase S 6. store (R, Enc(Z, M))

Looks problematic, since the calculation of Z will destroy R.

Solution:

Page 29: One-Time Computable Self -Erasing Functions

Can we prove anything in our model?

It seems like we do not have the right tools in complexity theory to prove anything in a plain model.

Our solution: use the random oracle model

oraclewith a hash function H

bigsmall

Page 30: One-Time Computable Self -Erasing Functions

Using ROM in this context is delicate

Example:

H – hash function, M – long messageIn ROM computing H(M) requires the adversary to store entire M

first.In real-life --- not necessarily:If H is constructed using Merkle-Damgard then H(M) can be

computed “on fly”:H(M)

M

Page 31: One-Time Computable Self -Erasing Functions

Our solution

Assume that Random Oracle works only on messages of small length:

H: {0,1}cw -> {0,1}w

(for a small c)

m’

H(m||m’)

m

Typically:

c = 2 In this case H is just the compression function.

this will be our main building-

block

Page 32: One-Time Computable Self -Erasing Functions

Our functions will always correspond to a graph

f:H(m||m’)

m m’

input

output

Page 33: One-Time Computable Self -Erasing Functions

Our PRF is based on a pyramid graph

R1

M

R2 R3 R4 R5R1 R2 R3 R4 R5

R1 R2 R3 R4 R5R =

the key:

H(m||m’)

m m’

the hash function:

the message:

M

output (the ciphertext):

Page 34: One-Time Computable Self -Erasing Functions

Our theorem (informally)

R

read / write

send/receive

tbits

memorykey RA: for adv.

If |A|+ t < |R|- ε then the adversary will never learn

f(R,M) and f(R,M’) for M ≠ M’

f

M

Page 35: One-Time Computable Self -Erasing Functions

So, how to prove the security?We use a technique called

graph pebbling

there is a vast literature on this. See e.g.:

John E. Savage. Models of Computation: Exploring the Power of Computing. 1997.

We use techniques introduced in:

Dwork, Naor and Wee Pebbling and Proofs of Work, CRYPTO 2005.

Page 36: One-Time Computable Self -Erasing Functions

Graph pebbling

a DAG:

“input vertices”

“output vertices”

Intuition: there is a pebble on a vertex v if the corresponding block is in the memory.

In the initial configuration there is a pebble on every input vertex.

Page 37: One-Time Computable Self -Erasing Functions

The rules of moving the pebbles

1. there are up to B pebbles2. if all the children of v

carry a pebble, we can put a pebble on v

3. a pebble can be removed from every vertex

Goal: pebble every output vertex.

Page 38: One-Time Computable Self -Erasing Functions

Fact [Dwork-Naor-Wee 1995]

R1 R2 R3- memory

read / write

R1 R2 R3--

f:

w – length of the block

the graph corresponding to f cannot be pebbled with T pebbles

impliesf cannot cannot be computed in memory ≈ w T

Page 39: One-Time Computable Self -Erasing Functions

But our model is more complicated…

read / write

send/receive

memory

The adversary can also send data to an external adversary that is not space-bounded.

Our solution: we introduce special red-pebbles.

The “old” pebbles will be called black.

Page 40: One-Time Computable Self -Erasing Functions

New rules

1. If there is a black pebble on v then we can put a red pebble on it.

2. if all the children of v carry (red or black) pebble, we can put a black pebble on v.

3. if all the children of v carry a red pebble then we can put a red pebble on it.

4. a black pebble can be removed from every vertex (there is no need to remove the red pebbles)

Goal: put a black or red pebble on every output vertex.

Definition: a vertex v a “heavy pebble” if it is a black pebble, or a red pebble generated by Rule 1.

Page 41: One-Time Computable Self -Erasing Functions

The new restriction

We require that at any point of the game the number of the heavy pebbles is at most U (where U is some parameter).

Intuition:The only things that costs are:• the black pebbles ≈ “memory”• transforming a black pebble into a red one

≈ “communication”

Page 42: One-Time Computable Self -Erasing Functions

Fact that we prove

w – length of the block

the graph corresponding to f cannot be pebbled with U heavy pebbles

implies

f cannot cannot be computed if the sum of • the memory size and • the number of sent bitsis ≈ w U

Page 43: One-Time Computable Self -Erasing Functions

Now, recall what we want to prove

read / write

send/receive

tbits

memorykey RA: for adv.

If |A|+ t < |R|- ε then the adversary will never learn

f(R,M) and f(R,M’) for M ≠ M’

How does it translate into “pebbling”?

R

f

M

Page 44: One-Time Computable Self -Erasing Functions

The pebbling problem

M R2R1 RK M’

It is impossible to pebble both outputs with less than 2K-1 heavy pebbles.

Page 45: One-Time Computable Self -Erasing Functions

A definition

We say that the output of the graph is input-dependent if after removing all the pebbles from the input it’s impossible to pebble the output:

impossiblepossible

Page 46: One-Time Computable Self -Erasing Functions

Lemma 1

If the output is input-dependent then the number of heavy pebbles is at least K.

Proof by induction on K.

Base case K=2 is trivial:

Page 47: One-Time Computable Self -Erasing Functions

Suppose the hypothesis holds for some K-1We show it for K:

suppose in this configuration:1. the output is input-dependent2. there are x heavy pebbles

transform the configuration by: 1. putting on the

second row black pebbles that are reachable from the first row

2. removing the pebbles from the first row

observations:1. the “new” configuration is input-

dependent2. y ≤ x-1

From the induction hypothesis: y ≥ K-1

let y denote the number of heavy

pebbles

x ≥ K QED

Page 48: One-Time Computable Self -Erasing Functions

Lemma 2In the first configuration that is input-independent there are at least K-1 heavy

pebbles.

Proof

A configuration can become input-independent only because of moves of this type.

Therefore there new configuration has to “depend on the second row”.

So, it needs to have at least K-1 heavy pebbles.

QED

Page 49: One-Time Computable Self -Erasing Functions

Now, look again at the graph

M R2R1 RK M’

Suppose the left graph becomes input independent first.

there need to be at least K-1 heavy pebbles here

and at least K heavy pebbles in the rest of the graph.

So, there are at least 2K-1 pebbles altogether. QED

Page 50: One-Time Computable Self -Erasing Functions

In the “password-protected storage”:Can we allow more than one trial?

YES!

The construction gets a bit more complicated.

Main idea: the key gets destroyed “gradually”.

The maximal number of trials that we can tolerate is approximately equal to

u2(u-m)

where:u – the bound on communication plus storagem – the size of the secret key

Page 51: One-Time Computable Self -Erasing Functions

Outline

1. Introduction and motivation2. Our model3. One-time computable functions4. Proofs of erasure5. Subsequent work and open

problems

Page 52: One-Time Computable Self -Erasing Functions

Proof of erasure

[Perito and Tsudik, ESORICS 2010]

verifier securelink

memory

device

Goal: the verifier wants to make sure that the device has erased its memory.

Page 53: One-Time Computable Self -Erasing Functions

The scheme of Perito and Tsudik

verifier

memory M

devicea random string

of length |M|

R

R

the device proves the knowledge of

R

Page 54: One-Time Computable Self -Erasing Functions

Our idea

We construct a “hash function” H: {0,1}a {0,1}a

(where a is small) that • can be computed in memory of length |M|• but it cannot be computed in memory slightly

smaller than M.

Page 55: One-Time Computable Self -Erasing Functions

The improved protocol

verifier

memory M

devicea random string

of length aX

computeY := H(X)

(this overwrites M)Ycheck ifY = H(X)

advantage: communication from the verifier to the device is much shorter.

Page 56: One-Time Computable Self -Erasing Functions

How to construct such an H?

We use again the pyramid graph!X

Y=H(X)w – the length of the block

set K := |M|/w

let K be the number of the blocks.

Fact 1this function can be computed in memory of length |M|

Page 57: One-Time Computable Self -Erasing Functions

Fact 2

Using the “pebbling techniques” we can show that:

it is impossible to compute H in memory significantly smaller than |M|.

Page 58: One-Time Computable Self -Erasing Functions

Outline

1. Introduction and motivation2. Our model3. One-time computable functions4. Proofs of erasure5. Subsequent work and open

problems

Page 59: One-Time Computable Self -Erasing Functions

Subsequent work

D., Kazana and WichsKey-Evolution Schemes Resilient to Space-

Bounded Leakage(in submission)

We show key-evolution schemes secure in this model.

Page 60: One-Time Computable Self -Erasing Functions

Research directions

1. Find new applications.

2. Proofs without the standard model?

Page 61: One-Time Computable Self -Erasing Functions

Thank you!