1 / 38

Leakage-Resilient Cryptography

Leakage-Resilient Cryptography. Stefan Dziembowski University of Rome La Sapienza. Krzysztof Pietrzak CWI Amsterdam. Plan. Motivation and introduction Our model Our construction these slides are available at www.dziembowski.net/Slides. How to construct secure cryptographic devices ?.

glenna
Download Presentation

Leakage-Resilient Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Leakage-ResilientCryptography StefanDziembowski UniversityofRome La Sapienza KrzysztofPietrzak CWI Amsterdam

  2. Plan • Motivation and introduction • Our model • Our construction these slides are available atwww.dziembowski.net/Slides

  3. How to construct securecryptographicdevices? cryptographicdevice very secure Security based on well-defined mathematical problems. implementation CRYPTO not secure!

  4. The problem cryptographicdevice easy to attack implementation hard to attack CRYPTO

  5. Information leakage • Side channel information: • power consumption, • electromagnetic leaks, • timing information, • etc. cryptographicdevice

  6. The standard view cryptographicdevice cryptographicdevice Implementation is not our business! implementation practitioners CRYPTO CRYPTO theoreticians

  7. A recent idea Design cryptographic protocols that are secure even on the machines that leak information.

  8. Themodel (standard) black-box access cryptographicscheme additional accessto the internal data

  9. Some prior work • S. Chari, C. S. Jutla, J.R. Rao, P. RohatgiTowards Sound Approaches to Counteract Power-Analysis Attacks. CRYPTO 1999 • Y. Ishai, A. Sahai, and D. Wagner. Private Circuits: Securing Hardware against Probing Attacks. CRYPTO 2003 • S. Micali and L. Reyzin. Physically Observable Cryptography (Extended Abstract). TCC 2004 • R. Gennaro, A. Lysyanskaya, T. Malkin, S. Micali, and T. Rabin. Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering. TCC 2004. • C. Petit, F.-X. Standaert, O. Pereira, T.G. Malkin, M. Yung.A Block Cipher Based PRNG Secure Against Side-Channel Key Recovery. ASIACCS 2008 • a sequence of papers by F.-X. Standaert, T.G. Malkin, M. Yung, and others, available at the web-page of F.-X. Standaert.

  10. Our contribution We construct a stream cipher that is secure against a very large and well-defined class of leakages. Our construction is in the standard model (i.e. without the random oracles).

  11. streamciphers ≈ pseudorandomgenerators short key X long streamK a computationally bounded adversary should not be ableto distinguish K from random S ?

  12. Howdo the stream ciphers work in practice? short key X S K1 X stream K is generated in rounds (one block per round) K2 time K3 K4 . . .

  13. An equivalent security definition the adversary knows: should look random: K1 X K1 K1 K2 K2 K2 K3 K3 K3 K4 . . .

  14. Our assumption We will assume that there is a leakage each time a keyKiis generated (i.e. leakage occurs in every round). S K1 X K2 K3 K4 the details follow... . . . . . .

  15. Leakage-resilient stream cipher - the model

  16. Examples of the “leakage functions” from the literature: • Y. Ishai, A. Sahai, and D. Wagner. Private Circuits: Securing Hardware against Probing Attacks. The adversary can learn the value of some wires of a circuit that computes the cryptographic scheme. • another example (a “Hamming attack”): The adversary can learn the sum of the secret bits.

  17. ff We consider a very general class of leakages In every ith round theadversary choses a poly-time computable“bounded-output function” f : {0,1}n→ {0,1}m for m < n and learns f(X) X We say that the adversary “retrieved m bits” (in a given round).

  18. How much leakage can we tolerate? In our construction the total number of retrieved bits will be larger than the length of the secret key X (but in every round the number of retrieved bits will be much less than |X|) How can we achieve it? by key evolution! this will be a parameter

  19. Key evolution In each round the secret key X gets refreshed. Assumptions: X K1 X0 key evolution has to be deterministic (no refreshing with external randomness) X1 K2 X2 K3 also the refreshing procedure may cause leakage X3 K4

  20. How to define security? • Is “indistinguishability” possible? • Problem • If the adversary can “retrieve” just one bit of Kithen he can distinguish it from random... Solution Indistinguishability will concern the “future” keys Ki

  21. Security “without leakage” the adversary knows: should look random: K1 X0 K1 K1 K2 X1 K2 K2 K3 X2 K3 K3 K4

  22. Security “with leakage” the adversary knows: should look random: ff ff ff K1 X0 f1(X0) the adversarychooses f1 K1 K1 the adversarychooses f3 the adversarychooses f2 K2 X1 f2(X1) K2 K2 K3 X2 f3(X2) K3 K3 K4

  23. Key evolution – a problem Recall that: 1. the key evolution is deterministic 2. the “leakage function fi” can by any poly-time function. Therefore: the function fi can always compute the “future” keys

  24. What to do? We us the principle introduced in: S. Micali and L. Reyzin. Physically Observable Cryptography. TCC 2004 “only computation leaks information” in other words: “untouched memory cells do not leak information”

  25. Divide the memory into three parts: L, C and R accessed only inthe odd rounds accessed always accessed only inthe even rounds L C R round 0 L0 C0 R0 round 1 L1 C1 R1 round 2 L2 C2 R2 round 3 L3 C3 R3 . . . . . . . . . . . .

  26. Ourcipher – the outline the key of the cipher= “the initial memory contents (L0, C0, R0)” L0 C0 R0 S L1 C1 R1 S L2 C2 R2 S L3 C3 R3 . . . . . . . . .

  27. The output The output is the contents of the “central” part of the memory. C → K Also K0 will be a part of the output (L0, K0, R0) (L0, C0, R0) L0 L0 K0 C0 R0 R0 S S All the keysKi will be given “for free” to the adversary L1 L1 K1 C1 R1 R1 S S L2 L2 K2 C2 R2 R2 S S L3 L3 K3 C3 R3 R3

  28. should look random: the adversary knows: The details of the model K0 (L0, K0, R0) K0 K1 f1(R0) L0 K0 R0 K1 K2 S L1 f2(L1) K1 R1 K2 K3 S f3(R2) L2 K2 R2 K3 K4 S L3 K3 R3

  29. Leakage-resilient stream cipher - the construction

  30. How to construct such a cipher? Idea Use the randomness extractors. A function Ext : {0,1}k × {0,1}r → {0,1}m is an (ε,n)-randomness extractorif for • a uniformly random K, and • everyXwithmin-entropyn • we have that • (Ext(K,X),K) is ε – close to uniform.

  31. Alternating extraction [DP, FOCS07] L K0 R K1= Ext(K0, R) L K1 R K2 = Ext(K1,L) L K2 R K3 = Ext(K2, R) L K3 R . . . . . . . . .

  32. A fact from [DP07] Even if a constant fraction of L and R leaks the keys K1,K2,.. look “almost uniform”

  33. Idea: “add key evolution to [DP07]” What to do? Use a pseudorandom generator (prg) in the following way: Ki R Ki Ri Ki+1= Ext(Ki,R) (Ki+1, Yi+1) = Ext(Ki,R) Ki+1 R Ki+1 Ri+1= prg(Yi+1)

  34. Our scheme L0 L0 K0 K0 R0 R0 (K1, Y1) = Ext(K0,R0) K1= Ext(K0, R) L1 L0 K1 K1 R0 R1 = prg(Y1) (K2, Y2) = Ext(K1, L1) K2 = Ext(K1, L1) L0 L2 = prg(Y2) K2 K2 R0 R2 K3 = Ext(K2, R) (K3, Y3) = Ext(K2,R2) L0 L3 K3 K3 R0 R3 = prg(Y3) . . . . . . . . .

  35. Our results (1/2) assume the existence of pseudorandom generators the cipher constructed on the previous slides is secure against the adversary that in every round retrieves: λ = ω( log(lengthof the key)) bits then this covers many real-life attacks (e.g. the “Hamming attack”)

  36. Our results (2/2) assume the existence of pseudorandom generators secure against exponential-size circuits the cipher constructed on the previous slides is secure against the adversary that in every round retrieves: λ = ϴ(lengthof the key) bits then

  37. An open problem Y. Ishai, A. Sahai, and D. Wagner. Private Circuits: Securing Hardware against Probing Attacks. CRYPTO 2003 genericconstruction, weakermodel anything in between? This paper: specificconstruction, strongermodel

  38. Thank you for your attention!

More Related