- 90 Views
- Uploaded on
- Presentation posted in: General

Leakage-Resilient Cryptography

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Leakage-ResilientCryptography

StefanDziembowski

UniversityofRome

La Sapienza

KrzysztofPietrzak

CWI Amsterdam

WPK 2009 Workshop on Cryptographic Protocols and Public-Key Cryptography

Bertinoro, 27.05.09

- Motivation and introduction
- Our model
- Our construction
- Extension of the construction

cryptographicdevice

very secure

Security based on well-defined mathematical problems.

implementation

CRYPTO

not secure!

cryptographicdevice

easy to attack

implementation

hard to attack

CRYPTO

- Side channel information:
- power consumption,
- electromagnetic leaks,
- timing information,
- etc.

cryptographicdevice

cryptographicdevice

cryptographicdevice

Implementation is not our business!

implementation

practitioners

CRYPTO

CRYPTO

theoreticians

Design cryptographic protocols that are secure

even

on the machines that leak information.

(standard) black-box access

cryptographicscheme

additional accessto the internal data

- S. Chari, C. S. Jutla, J.R. Rao, P. RohatgiTowards Sound Approaches to Counteract Power-Analysis Attacks. CRYPTO 1999
- Y. Ishai, A. Sahai, and D. Wagner. Private Circuits: Securing Hardware against Probing Attacks. CRYPTO 2003
- S. Micali and L. Reyzin. Physically Observable Cryptography (Extended Abstract). TCC 2004
- R. Gennaro, A. Lysyanskaya, T. Malkin, S. Micali, and T. Rabin. Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering. TCC 2004.
- C. Petit, F.-X. Standaert, O. Pereira, T.G. Malkin, M. Yung.A Block Cipher Based PRNG Secure Against Side-Channel Key Recovery. ASIACCS 2008
- a sequence of papers by F.-X. Standaert, T.G. Malkin, M. Yung, and others, available at the web-page of F.-X. Standaert.

We construct a

stream cipher

that is secure against a

very large and well-defined class of leakages.

Our construction is in the standard model (i.e. without the random oracles).

short key X

long

streamK

a computationally bounded

adversary should not be ableto distinguish K from random

S

?

short key X

S

K1

X

stream K is generated in rounds

(one block per round)

K2

time

K3

K4

. . .

- An equivalent security definition

the adversary

knows:

should look random:

K1

X

K1

K1

K2

K2

K2

K3

K3

K3

K4

. . .

We will assume that there is a leakage each time a keyKiis generated (i.e. leakage occurs in every round).

S

K1

X

K2

K3

K4

the details follow...

. . .

. . .

- Y. Ishai, A. Sahai, and D. Wagner. Private Circuits: Securing Hardware against Probing Attacks.

The adversary can learn the value of some wires of a circuit that computes the cryptographic scheme.

- another example (a “Hamming attack”):

The adversary can learn the sum of the secret bits.

ff

In every ith round theadversary choses

a poly-time computable“bounded-output

function”

f : {0,1}n→ {0,1}m

for m < n

and learns f(X)

X

We say that the adversary “retrieved m bits”

(in a given round).

In our construction

the total number of retrieved bits

will be

larger than

the length of the secret key X

(but in every round the number of retrieved bits will be much less than |X|)

How can we achieve it?

by key evolution!

this will be a parameter

In each round the secret key X gets refreshed.

Assumptions:

X

K1

X0

key evolution has to be deterministic

(no refreshing with external randomness)

X1

K2

X2

K3

also the refreshing procedure may cause leakage

X3

K4

- Is “indistinguishability” possible?

- Problem
- If the adversary can “retrieve” just one bit of Kithen he can distinguish it from random...

Solution

Indistinguishability will concern the “future” keys Ki

- Security “without leakage”

the adversary

knows:

should look random:

K1

X0

K1

K1

K2

X1

K2

K2

K3

X2

K3

K3

K4

Security “with leakage”

the adversary

knows:

should look random:

ff

ff

ff

K1

X0

f1(X0)

the adversarychooses f1

K1

K1

the adversarychooses f3

the adversarychooses f2

K2

X1

f2(X1)

K2

K2

K3

X2

f3(X2)

K3

K3

K4

Recall that:

1. the key evolution is deterministic

2. the “leakage function fi” can by any poly-time function.

Therefore:

the function fi can always compute the “future” keys

We us the principle introduced in:

S. Micali and L. Reyzin. Physically Observable Cryptography.

TCC 2004

“only computation leaks information”

in other words:

“untouched memory cells do not leak information”

accessed only inthe even rounds

accessed always

accessed only inthe odd rounds

L

C

R

L0

C0

R0

round 0

L1

C1

R1

round 1

L2

C2

R2

round 2

L3

C3

R3

round 3

. . .

. . .

. . .

. . .

the key of the cipher=

“the initial memory contents (L0, C0, R0)”

L0

C0

R0

S

L1

C1

R1

S

L2

C2

R2

S

L3

C3

R3

. . .

. . .

. . .

The output is the contents of the “central” part of the memory.

C → K

(L0, K0, R0)

(L0, C0, R0)

L0

L0

C0

K0

R0

R0

S

S

All the keysKi

will be given

“for free” to the adversary

L1

L1

K1

C1

R1

R1

S

S

L2

L2

C2

K2

R2

R2

S

S

L3

L3

K3

C3

R3

R3

should look

random:

the adversary

knows:

(L0, K0, R0)

K0

K1

f1(R0)

L0

K0

R0

K1

K2

S

L1

f2(L1)

K1

R1

K2

K3

S

f3(R2)

L2

K2

R2

K3

K4

S

L3

K3

R3

Idea

Use the randomness extractors.

A function

Ext : {0,1}k × {0,1}r → {0,1}m

is an (ε,n)-randomness extractorif for

- a uniformly random K, and
- everyXwithmin-entropyn
- we have that
- (Ext(K,X),K) is ε – close to uniform.

Alternating extraction [DP, FOCS07]

L

K0

R

K1= Ext(K0, R)

L

K1

R

K2 = Ext(K1, L)

L

K2

R

K3 = Ext(K2, R)

L

K3

R

. . .

. . .

. . .

Even if

a constant fraction of L and R leaks

the keys K1,K2,..

look “almost uniform”

What to do?

Use a pseudorandom generator (prg) in the following way:

Ki

R

Ki

Ri

Ki+1= Ext(Ki, R)

(Ki+1, Yi+1) = Ext(Ki, R)

Ki+1

R

Ki+1

Ri+1 = prg(Yi+1)

L0

L0

K0

K0

R0

R0

(K1, Y1) = Ext(K0, R0)

K1= Ext(K0, R)

L1

L0

K1

K1

R0

R1 = prg(Y1)

(K2, Y2) = Ext(K1, L1)

K2 = Ext(K1, L1)

L0

L2 = prg(Y2)

K2

K2

R0

R2

K3 = Ext(K2, R)

(K3, Y3) = Ext(K2, R2)

L0

L3

K3

K3

R0

R3 = prg(Y3)

. . .

. . .

. . .

assume the existence of pseudorandom generators

the cipher constructed on the previous slides is

secure against the adversary that in every round retrieves:

λ = ω( log(lengthof the key))

bits

then

this covers many real-life attacks

(e.g. the “Hamming attack”)

assume the existence of pseudorandom generators

secure against exponential-size circuits

the cipher constructed on the previous slides is

secure against the adversary that in every round retrieves:

λ = ϴ(lengthof the key)

bits

then

- Alternating extraction
- The following lemma:

prg– pseudorandom generator

f – bounded-output function

S – seed for the prgdistributed uniformly

then:

with a high probability

the distributionPprg(S)|f(S) = x wherex := f(S)

is indistinguishable from a distribution having high min-entropy

this was proven independently in:Omer Reingold, Luca Trevisan, MadhurTulsiani, and SalilVadhan.Dense subsets of pseudorandom sets. FOCS 2008

- Motivation and introduction
- Our model
- Our construction
- Extension of the construction

K1 ?

K1

X0

K2 ?

K2

X1

K3 ?

K3

X2

K4 ?

K4

X3

K5 ?

K6 ?

X4

K5

K7 ?

X5

K6

What if the adversary doesn’t learn the Ki’s?

Does the leakage in the ith round reveal something about the previous keys?

K1

X0

K1 ?

K2

X1

the adversary doesn’t learn it

K2 ?

K3

X2

K3 ?

K4

X3

K1 ?

suppose the adversary didn’t learn K3

K1

X0

K2 ?

K2

X1

K3 ?

even if the entire state later leaks

K3

should look random

K3

X2

K4 ?

K4

X3

K5 ?

K6 ?

X4

K5

K7 ?

X5

K6

Idea: use different keys for “output” and for the “extraction”

use Kifor refreshing the state & output Ki

output Kiout

use Kinextfor refreshing the state

OLD:

NEW:

Ki

Ri

Kinext

Kiout

Ri

(Ki+1,Yi+1) = Ext(Ki,Ri)

(Ki+1next, Ki+1out,Yi+1) = Ext(Kinext,Ri)

Ki+1

Ri+1 = prg(Yi+1)

K1+1next

Ki+1out

Ri+1 = prg(Yi)

L0

L0

K0next

K0

R0

R0

(K1next, K1out,Y1) = Ext(K0next, R0)

(K1, Y1) = Ext(K0, R0)

L1

L1

K1next

K1

K1out

R1 = prg(Y1)

R1 = prg(Y1)

(K2next, K2out,Y2) = Ext(K1next, L1)

(K2, Y2) = Ext(K1, L1)

L2 = prg(Y2)

L2 = prg(Y2)

K2

K2next

K2out

R2

R2

(K3next, K3out,Y3) = Ext(K2next, R2)

(K3, Y3) = Ext(K2, R2)

L3

L3

K3

K3next

K3out

R3 = prg(Y3)

R3 = prg(Y3)

. . .

. . .

. . .

using the “computation leaks information” paradigm:

- Krzysztof PietrzakA Leakage-Resilient Mode of Operation. EUROCRYPT 2009
- Public-key crypto in the generic groups Kiltz and Pietrzak [Bertinoro 2009]
other:

- Joel Alwen, YevgeniyDodis and Daniel Wichs, Leakage Resilient Public-Key Cryptography in the Bounded Retrieval ModelCRYPTO 2009
- YevgeniyDodis, Yael TaumanKalai and Shachar Lovett, On Cryptography with Auxiliary InputSTOC 2009
- A. Akavia, S. Goldwasser and V. VaikuntanathanSimultaneous Hardcore Bits and Cryptography against Memory Attacks TCC 2009
- MoniNaor and Gil SegevPublic-Key Cryptosystems Resilient to Key Leakage