Leakage resilient cryptography
This presentation is the property of its rightful owner.
Sponsored Links
1 / 45

Leakage-Resilient Cryptography PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on
  • Presentation posted in: General

Leakage-Resilient Cryptography. Stefan Dziembowski University of Rome La Sapienza. Krzysztof Pietrzak CWI Amsterdam. WPK 2009 Workshop on Cryptographic Protocols and Public-Key Cryptography Bertinoro , 27.05.09. Plan. Motivation and introduction Our model Our construction

Download Presentation

Leakage-Resilient Cryptography

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Leakage-ResilientCryptography

StefanDziembowski

UniversityofRome

La Sapienza

KrzysztofPietrzak

CWI Amsterdam

WPK 2009 Workshop on Cryptographic Protocols and Public-Key Cryptography

Bertinoro, 27.05.09


Plan

  • Motivation and introduction

  • Our model

  • Our construction

  • Extension of the construction


How to construct securecryptographicdevices?

cryptographicdevice

very secure

Security based on well-defined mathematical problems.

implementation

CRYPTO

not secure!


The problem

cryptographicdevice

easy to attack

implementation

hard to attack

CRYPTO


Information leakage

  • Side channel information:

  • power consumption,

  • electromagnetic leaks,

  • timing information,

  • etc.

cryptographicdevice


The standard view

cryptographicdevice

cryptographicdevice

Implementation is not our business!

implementation

practitioners

CRYPTO

CRYPTO

theoreticians


A recent idea

Design cryptographic protocols that are secure

even

on the machines that leak information.


Themodel

(standard) black-box access

cryptographicscheme

additional accessto the internal data


Some prior work

  • S. Chari, C. S. Jutla, J.R. Rao, P. RohatgiTowards Sound Approaches to Counteract Power-Analysis Attacks. CRYPTO 1999

  • Y. Ishai, A. Sahai, and D. Wagner. Private Circuits: Securing Hardware against Probing Attacks. CRYPTO 2003

  • S. Micali and L. Reyzin. Physically Observable Cryptography (Extended Abstract). TCC 2004

  • R. Gennaro, A. Lysyanskaya, T. Malkin, S. Micali, and T. Rabin. Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering. TCC 2004.

  • C. Petit, F.-X. Standaert, O. Pereira, T.G. Malkin, M. Yung.A Block Cipher Based PRNG Secure Against Side-Channel Key Recovery. ASIACCS 2008

  • a sequence of papers by F.-X. Standaert, T.G. Malkin, M. Yung, and others, available at the web-page of F.-X. Standaert.


Our contribution

We construct a

stream cipher

that is secure against a

very large and well-defined class of leakages.

Our construction is in the standard model (i.e. without the random oracles).


streamciphers ≈ pseudorandomgenerators

short key X

long

streamK

a computationally bounded

adversary should not be ableto distinguish K from random

S

?


Howdo the stream ciphers work in practice?

short key X

S

K1

X

stream K is generated in rounds

(one block per round)

K2

time

K3

K4

. . .


  • An equivalent security definition

the adversary

knows:

should look random:

K1

X

K1

K1

K2

K2

K2

K3

K3

K3

K4

. . .


Our assumption

We will assume that there is a leakage each time a keyKiis generated (i.e. leakage occurs in every round).

S

K1

X

K2

K3

K4

the details follow...

. . .

. . .


Leakage-resilient stream cipher - the model


Examples of the “leakage functions” from the literature:

  • Y. Ishai, A. Sahai, and D. Wagner. Private Circuits: Securing Hardware against Probing Attacks.

The adversary can learn the value of some wires of a circuit that computes the cryptographic scheme.

  • another example (a “Hamming attack”):

The adversary can learn the sum of the secret bits.


ff

We consider a very general class of leakages

In every ith round theadversary choses

a poly-time computable“bounded-output

function”

f : {0,1}n→ {0,1}m

for m < n

and learns f(X)

X

We say that the adversary “retrieved m bits”

(in a given round).


How much leakage can we tolerate?

In our construction

the total number of retrieved bits

will be

larger than

the length of the secret key X

(but in every round the number of retrieved bits will be much less than |X|)

How can we achieve it?

by key evolution!

this will be a parameter


Key evolution

In each round the secret key X gets refreshed.

Assumptions:

X

K1

X0

key evolution has to be deterministic

(no refreshing with external randomness)

X1

K2

X2

K3

also the refreshing procedure may cause leakage

X3

K4


How to define security?

  • Is “indistinguishability” possible?

  • Problem

  • If the adversary can “retrieve” just one bit of Kithen he can distinguish it from random...

Solution

Indistinguishability will concern the “future” keys Ki


  • Security “without leakage”

the adversary

knows:

should look random:

K1

X0

K1

K1

K2

X1

K2

K2

K3

X2

K3

K3

K4


Security “with leakage”

the adversary

knows:

should look random:

ff

ff

ff

K1

X0

f1(X0)

the adversarychooses f1

K1

K1

the adversarychooses f3

the adversarychooses f2

K2

X1

f2(X1)

K2

K2

K3

X2

f3(X2)

K3

K3

K4


Key evolution – a problem

Recall that:

1. the key evolution is deterministic

2. the “leakage function fi” can by any poly-time function.

Therefore:

the function fi can always compute the “future” keys


What to do?

We us the principle introduced in:

S. Micali and L. Reyzin. Physically Observable Cryptography.

TCC 2004

“only computation leaks information”

in other words:

“untouched memory cells do not leak information”


Divide the memory into three parts: L, C and R

accessed only inthe even rounds

accessed always

accessed only inthe odd rounds

L

C

R

L0

C0

R0

round 0

L1

C1

R1

round 1

L2

C2

R2

round 2

L3

C3

R3

round 3

. . .

. . .

. . .

. . .


Ourcipher – the outline

the key of the cipher=

“the initial memory contents (L0, C0, R0)”

L0

C0

R0

S

L1

C1

R1

S

L2

C2

R2

S

L3

C3

R3

. . .

. . .

. . .


The output

The output is the contents of the “central” part of the memory.

C → K

(L0, K0, R0)

(L0, C0, R0)

L0

L0

C0

K0

R0

R0

S

S

All the keysKi

will be given

“for free” to the adversary

L1

L1

K1

C1

R1

R1

S

S

L2

L2

C2

K2

R2

R2

S

S

L3

L3

K3

C3

R3

R3


should look

random:

the adversary

knows:

The details of the model

(L0, K0, R0)

K0

K1

f1(R0)

L0

K0

R0

K1

K2

S

L1

f2(L1)

K1

R1

K2

K3

S

f3(R2)

L2

K2

R2

K3

K4

S

L3

K3

R3


Leakage-resilient stream cipher - the construction


How to construct such a cipher?

Idea

Use the randomness extractors.

A function

Ext : {0,1}k × {0,1}r → {0,1}m

is an (ε,n)-randomness extractorif for

  • a uniformly random K, and

  • everyXwithmin-entropyn

  • we have that

  • (Ext(K,X),K) is ε – close to uniform.


Alternating extraction [DP, FOCS07]

L

K0

R

K1= Ext(K0, R)

L

K1

R

K2 = Ext(K1, L)

L

K2

R

K3 = Ext(K2, R)

L

K3

R

. . .

. . .

. . .


A fact from [DP07]

Even if

a constant fraction of L and R leaks

the keys K1,K2,..

look “almost uniform”


Idea: “add key evolution to [DP07]”

What to do?

Use a pseudorandom generator (prg) in the following way:

Ki

R

Ki

Ri

Ki+1= Ext(Ki, R)

(Ki+1, Yi+1) = Ext(Ki, R)

Ki+1

R

Ki+1

Ri+1 = prg(Yi+1)


Our scheme

L0

L0

K0

K0

R0

R0

(K1, Y1) = Ext(K0, R0)

K1= Ext(K0, R)

L1

L0

K1

K1

R0

R1 = prg(Y1)

(K2, Y2) = Ext(K1, L1)

K2 = Ext(K1, L1)

L0

L2 = prg(Y2)

K2

K2

R0

R2

K3 = Ext(K2, R)

(K3, Y3) = Ext(K2, R2)

L0

L3

K3

K3

R0

R3 = prg(Y3)

. . .

. . .

. . .


Our results (1/2)

assume the existence of pseudorandom generators

the cipher constructed on the previous slides is

secure against the adversary that in every round retrieves:

λ = ω( log(lengthof the key))

bits

then

this covers many real-life attacks

(e.g. the “Hamming attack”)


Our results (2/2)

assume the existence of pseudorandom generators

secure against exponential-size circuits

the cipher constructed on the previous slides is

secure against the adversary that in every round retrieves:

λ = ϴ(lengthof the key)

bits

then


Main ingredients of the proof

  • Alternating extraction

  • The following lemma:

prg– pseudorandom generator

f – bounded-output function

S – seed for the prgdistributed uniformly

then:

with a high probability

the distributionPprg(S)|f(S) = x wherex := f(S)

is indistinguishable from a distribution having high min-entropy

this was proven independently in:Omer Reingold, Luca Trevisan, MadhurTulsiani, and SalilVadhan.Dense subsets of pseudorandom sets. FOCS 2008


Plan

  • Motivation and introduction

  • Our model

  • Our construction

  • Extension of the construction


Look again at our model:

K1 ?

K1

X0

K2 ?

K2

X1

K3 ?

K3

X2

K4 ?

K4

X3

K5 ?

K6 ?

X4

K5

K7 ?

X5

K6


Problem – forward security

What if the adversary doesn’t learn the Ki’s?

Does the leakage in the ith round reveal something about the previous keys?

K1

X0

K1 ?

K2

X1

the adversary doesn’t learn it

K2 ?

K3

X2

K3 ?

K4

X3


Forward security – the definition

K1 ?

suppose the adversary didn’t learn K3

K1

X0

K2 ?

K2

X1

K3 ?

even if the entire state later leaks

K3

should look random

K3

X2

K4 ?

K4

X3

K5 ?

K6 ?

X4

K5

K7 ?

X5

K6


Forward security - the solution

Idea: use different keys for “output” and for the “extraction”

use Kifor refreshing the state & output Ki

output Kiout

use Kinextfor refreshing the state

OLD:

NEW:

Ki

Ri

Kinext

Kiout

Ri

(Ki+1,Yi+1) = Ext(Ki,Ri)

(Ki+1next, Ki+1out,Yi+1) = Ext(Kinext,Ri)

Ki+1

Ri+1 = prg(Yi+1)

K1+1next

Ki+1out

Ri+1 = prg(Yi)


The modified scheme

L0

L0

K0next

K0

R0

R0

(K1next, K1out,Y1) = Ext(K0next, R0)

(K1, Y1) = Ext(K0, R0)

L1

L1

K1next

K1

K1out

R1 = prg(Y1)

R1 = prg(Y1)

(K2next, K2out,Y2) = Ext(K1next, L1)

(K2, Y2) = Ext(K1, L1)

L2 = prg(Y2)

L2 = prg(Y2)

K2

K2next

K2out

R2

R2

(K3next, K3out,Y3) = Ext(K2next, R2)

(K3, Y3) = Ext(K2, R2)

L3

L3

K3

K3next

K3out

R3 = prg(Y3)

R3 = prg(Y3)

. . .

. . .

. . .


Subsequent work

using the “computation leaks information” paradigm:

  • Krzysztof PietrzakA Leakage-Resilient Mode of Operation. EUROCRYPT 2009

  • Public-key crypto in the generic groups Kiltz and Pietrzak [Bertinoro 2009]

    other:

  • Joel Alwen, YevgeniyDodis and Daniel Wichs, Leakage Resilient Public-Key Cryptography in the Bounded Retrieval ModelCRYPTO 2009

  • YevgeniyDodis, Yael TaumanKalai and Shachar Lovett, On Cryptography with Auxiliary InputSTOC 2009

  • A. Akavia, S. Goldwasser and V. VaikuntanathanSimultaneous Hardcore Bits and Cryptography against Memory Attacks TCC 2009

  • MoniNaor and Gil SegevPublic-Key Cryptosystems Resilient to Key Leakage


Thank you!


  • Login