430 likes | 685 Views
Leakage-Resilient Cryptography. New Developments and Challenges. Vinod Vaikuntanathan. Microsoft Research & U. Toronto. Secrets. Information accessible to one party and not to other(s) Essential to cryptography!. Theory. Real life. Secrets leak!. [Kocher,Jaffe,Jun’98 ]. [Quisquater’01].
E N D
Leakage-Resilient Cryptography New Developments and Challenges Vinod Vaikuntanathan Microsoft Research & U. Toronto
Secrets Information accessible to one party and not to other(s) Essential to cryptography! Theory Real life Secrets leak! • [Kocher,Jaffe,Jun’98] • [Quisquater’01] • Cache-Timing • [Bernstein’05,OST’05] • [Kocher’96]
Secrets Leak So, what can we do about it?
Leakage-Resilient Cryptography Can we do Crypto with no (perfect) secrecy? secret Yes (in most cases) public A Fundamental Question in the Foundations of Cryptography
Three Commandments (Axioms of Leakage) • Secrets leak in arbitrary ways. • Secrets leak from everywhere. • Secrets leak all the time. (except: leakage is polynomial time computable, and does not betray the entire secret key) [Micali-Reyzin’04] (hard-disk, RAM, cache, registers, randomness sources,…) (No protected time periods)
Interpreting the Commandments (or, Two Leakage Models) A Simple Interpretation: Bounded Leakage [AGV09] • Adversary can learn any efficiently computable function L:{0,1}* → {0,1}λof the secret key(*). • Total leakage λ< |SK| [AGV09,NS09,KV09,ADW09,ADN+10,…] sk L(sk) 1 0 1 (*) Ideally, leakage from the entire secret state.
Interpreting the Commandments (or, Two Leakage Models) A Simple Interpretation: Bounded Leakage [AGV09] • Adversary can learn any efficiently computable function L:{0,1}* → {0,1} λof the secret key. • Total leakage λ< |SK| [AGV09,NS09,KV09,ADW09,ADN+10,…] Variations: • Noisy Model [NS’09]: H∞(SK | L(SK)) > |SK|- λ • Auxiliary Input Model [DKL’09,DGKPV’10]: L is an uninvertible function of SK
Interpreting the Commandments (or, Two Leakage Models) A Realistic Interpretation: Continual Leakage [ISW03MR04,DP08,Pie09,FKPR10,FRRTV10,BKKV10, DHLW10…] • Adversary can learn any efficiently computable function Li:{0,1}* → {0,1}λ of the secret key at each “time-period” • Rate of Leakage λ(leakage/time period) < |SK| L1(sk) 1 0 1 L2(sk) sk 0 0 1
Interpreting the Commandments (or, Two Leakage Models) A Realistic Interpretation: Continual Leakage [ISW03MR04,DP08,Pie09,FKPR10,FRRTV10,BKKV10, DHLW10…] • Adversary can learn any efficiently computable function Li:{0,1}* → {0,1}λ of the secret key at each “time-period” • Rate of Leakage λ(leakage/time period) < |SK| Observations: • Of course, secret key should be refreshed in each time. • Non-trivial: Refresh SK without changing PK (in public-key systems), or without co-ordination (in SK systems)
Talk Plan PART 1: Bounded Leakage Model • One-way Functions • Digital Signatures • Public-key Encryption PART 2: Continual Leakage Model PART 3: Some Research Directions • Leakage-resilient Compilers, Tamper Resistance,…
A Brief History of Leakage in Crypto “We stand on the shoulders of giants…”
A Brief History of Leakage in Crypto • Privacy Amplification [von Neumann’46,…,Bennett-Brassard-Robert’85] • “Distill an perfectly random shared key from an imperfect one” • Bounded Storage/Retrieval Models • [Maurer’92,…,Di Crescenzo-Lipton-Walfish’06,Dziembowski’06] • Exposure-Resilient Cryptography • [Rivest’97, Boyko’98, CDHKS’00,ISW’03,IPSW’06] • More generally, MPC, threshold crypto etc. • Leakage = a subset of bits of SK • We want to tolerate arbitrary (PPT) leakage functions (axiom 1)
A Brief History of Leakage in Crypto • Privacy Amplification [von Neumann’46,…,Bennett-Brassard-Robert’85] • “Distill an perfectly random shared key from an imperfect one” • Bounded Storage/Retrieval Models • [Maurer’92,…,Di Crescenzo-Lipton-Walfish’06,Dziembowski’06] • Exposure-Resilient Cryptography • [Rivest’97, Boyko’98, CDHKS’00,ISW’03,IPSW’06] • Proactive Cryptography • [HJKY’95, HJJKY’97, R’98] • “How to cope with perpetual leakage” (a continual leakage model)
[Ishai-Sahai-Wagner2003] [Micali-Reyzin2004] [Dodis-Ong-Prabhakaran-Sahai2004] [Ishai-Prabhakaran-Sahai-Wagner2006] [Dziembowski-Pietrzak2008] [Akavia-Goldwasser-V.2009] [Pietrzak2009] [Dodis-Kalai-Lovett2009] [Naor-Segev2009] [Dodis-Goldwasser-Kalai-Peikert-V.2009] [Katz-V.2009] [Faust-Kiltz-Pietrzak-Rothblum2009] [Alwen-Dodis-Wichs2009] [Goldwasser-Kalai-Peikert-V.2010] [Alwen-Dodis-Naor-Segev-Walfish-Wichs2009] [Juma-Vahlis.2010] [Faust-Rabin-Reyzin-Tromer-V.2010] [Brakerski-Kalai-Katz-V.2010] [Goldwasser-Rothblum.2010] [Dodis-Haralambiev-Lopez-alt-Wichs.2010] [Lewko-Waters.2010] [Chow-Dodis-Rouselakis-Waters.2010] [Boyle-Wichs-Segev.2011] [Kiltz-Pietrzak.2011] [Malkin-Teranishi-Vahlis-Yung.2011] [Jain-Pietrzak.2011] [Halevi-Lin.2011] [Lewko-Rouselakis-Waters.2011] [Lewko-Lewko-Waters.2011] …
Leakage-Resilient One-way Functions Easy Observation: “Hardness Leakage-resilience” • Similar connections for other primitives (enc,sig,…) • Need 2O(n)-hardness to get O(n)-LR.
Leakage-Resilient One-way Functions Theorem[KV09,ADW09]: If there are Universal One-way Hash Functions, then there are LR one-way functions. • Corollary[NY89,Rom90]: If OWF exist, then LR OWFs exist.
Leakage-Resilient One-way Functions Proof: • Information-theoretic + Crypto techniques • A Blue-printfor most leakage-resilience proofs
Leakage-Resilient One-way Functions Proof: reduction (UOWHF-breaker) adversary s.t.
Leakage-Resilient One-way Functions y=f(x) x Proof: reduction adversary s.t. • H∞(x | f(x), L(x)) ≥ • H∞(x) = n • H∞(x | f(x)) ≥ • H∞(x | f(x), L(x)) ≥ • Adversary returns x'≠xw.p ≥ 1/2 → breaks UOWHF
A Blueprint for Leakage Proofs • Problem with many solutions • Hard: given one solution, find another • Security redn has one soln, computes leakage using that • Adversary doesn’t have enough info to pin-point the solution (information-theoretic argument) • Adversary returns a different soln, unwittingly solves the hard problem (computational argument)
Leakage-Resilient Signatures PK m SignSK(m) sk L L(SK) Cannot produce sign for a new m*
Leakage-Resilient Signatures Theorem[KV09]: λ-leakage-resilient OWF (+simulation-extractable NIZK [S99,DDOPS01]) → λ-leakage-resilient signatures similar to [Bellare-Goldwasser’92] PK: (f,y=f(x),CRSnizk), where f is an λ-LR OWF, SK: x Sign(m): SimExt-NIZKm for “∃x s.t PK contains h(x)” Proof Idea: • Signature contains no (computational) info. on SK Sim-Ext • Forgery ⇒ extract a secret-key. • Break LR OWF.
LR Signatures: Subsequent Results • [ADW09]: Fiat-Shamir transform + LR OWFs → LR-Sigs in the random oracle model. • [DHLW10]: Efficient LR Sigs without random oracles (using bilinear maps). • [BKKV10,DHLW10]: Continual LR Sigs • [LLW10]: Continual LR Sigs where the key update phase leaks as well • [BSW11,MTVY11]: (continual) LR Sigs where the randomness used for signing can leak as well.
Leakage-Resilient Public-key Encryption(cpa) PK sk L Enc(b) L(SK) (b←${0,1}) Cannot predict b
Leakage-Resilient Public-key Encryption Theorem:For every λ < |SK| - secparam, (cpa-secure) public-key encryption that tolerates λ bits of leakage: • [AGV09]: based on Lattices (show that [Regev05,GPV08] is leakage-resilient) • [NS09,DGKPV10] based on Diffie-Hellman (show that [BHHO08] is leakage-resilient) • [NS09] from any hash proof system [CS02]
Construction Outline Adv. breaks cpa-security For starters: Adv. findssk. Old Idea: One Public Key, many possible Secret Keys Hard Problem: Given one SK, find another. Proof: Public Key Space Secret Key space • Reduction knows one SK, simulates leakage from it • Adv. gets pk+leakage → not enough info to fully specify SK PK • Adv. finds SK′ ≠ SK → breaks hard problem.
Construction Outline Adv. breaks cpa-security For starters: Adv. findssk. Old Idea: One Public Key, many possible Secret Keys • Correctness All secret keys decrypt C to the same message DEC M M ENC C M PK M
Construction Outline Adv. breaks cpa-security Old Idea: One Public Key, many possible Secret Keys New Idea: REAL Encryption vs. FAKE Encryption • Different secret keys decrypt c to different messages • and yet, Fake≈ Real(even given an SK) DEC M RealENC C M1 PK M2 ≈ FakeENC C M3
FakeENC C RealENC M C PK Security Proof “Fake World” “Real World” DEC M1 M2 M M3 L(SK) ???
LR Public-key Encryption: Subsequent Results • [NS09]: CPA-secure → CCA-secure with the same leakage-resilience (idea: use Naor-Yung) • [AGV09,ADN+10,CDRW10]: leakage-resilient IBE (with leakage from the user secret keys). • [LW10]: leakage-resilient IBE (with leakage from the master secret key as well), LR HIBE, ABE etc. • [BKKV10,DHLW10]: Continual LR Encryption • [LLW10]: Continual LR Enc where the key update phase leaks as well • [HL11]: “After-the-fact” Leakage
Continual LR Public-key Encryption • Unbounded leakage, but bounded in each time period • Solution idea: “refresh” (randomize) the secret key • Challenge: keep the public key the same • users (encryptors) are oblivious of the updates! L1(sk1) 1 0 1 L2(sk2) sk1 sk2 0 0 1
Continual LR Public-key Encryption Theorem: [BKKV10] CLR-secure public-key encryption schemes that tolerate (in every time step): • (1/2-ε)|SK| leakage, based on decisional linear • (1-ε)|SK| leakage, based on symmetric external DH assumptions in bilinear groups. L1(sk1) 1 0 1 L2(sk2) sk1 sk2 0 0 1
Continual LR Public-key Encryption Other Results: • [BKKV10]: CLR-secure signatures and IBE (with leakage from user secret keys) • Concurrently, [DHLW10]: efficient CLR-secure signatures, ID schemes and AKA schemes • [LLW11]: tolerateslarge leakage from updates L1(sk1) 1 0 1 L2(sk2) sk1 sk2 0 0 1
Continual LR Public-key Encryption How to update SK? (without changing PK) • First Idea: Resample from the key-space! • PROBLEM: This is supposed to be hard! L3(SK3) L1(SK1) sk3 sk1 L2 (SK2) sk2 pk L4(SK4) sk4 skspace
New Idea: “Neighborhood of SKs” • Given a secret key: • Easyto resample inside neighborhood. • Hard to find a secret key outside of neighborhood. pk • Sampling in neighborhood ≈c entire space. Adv. can’t tell the difference. • “Proof” outline: • Reduction knows sk and updates in neighborhood. • To Adv., updates “look like” from entire space. • Even given leakage, Adv. cannot recover any leaked key entirely will have to come up with new sk’≠sk. • WHP sk’ not in neighborhood breaks hard problem. corresp. sk space
Foundational Questions SO FAR: Designed SPECIFICcrypto primitives (sigs.,enc.) secure against continual leakage QUESTION: Any circuit → Continual Leakage-resilient circuit • Yao/GMW/BGW/CCD for leakage-resilient crypto • Automatically leakage-proof commonly used cryptosystems, e.g., RSA / AES
Foundational Questions Many Partial Results • [Ishai-Sahai-Wagner’03] : Any circuit → “Probing-resilient” circuit secure against leakage of ≤ t wires OPEN: a compiler against general leakage functions (without secure hardware) • [FRRTV’09] : Any circuit → circuit secure against AC0 leakage (assuming a small piece of secure hardware) • [JV’10,GR’10] : Any circuit → circuit secure against polynomial-time leakage (assuming a small piece of secure hardware + secure memory) • [BGIRSVY’00,Imp’10] : This has connections to program obfuscation!
Practical Questions • In theory, we have practical constructions • How about truly practical constructions? (e.g. [YSPY’10]) • Perhaps relax the model in a meaningful way model reality • Given a side-channel attack, how much information does it leak? [SVO+10]
To Conclude… • Tons of Open Problems • Parallel Repetition for Leakage Amplification[DW,LW]: Suppose scheme S tolerates L bits. Can we “repeat it in parallel” n times and get nL bit leakage-tolerance? • Tamper Resistance[IPSW, GLMMR, DPW, Malkin et al.]: Many attacks, Boneh-Lipton, Shamir’s bug attacks... Entropy Very Active Field, Lots of work recently! Information-theoretic + Computational Techniques
Thanks! Questions? You can find me here …