1 / 45

Leakage-Resilient Cryptography

Leakage-Resilient Cryptography. Stefan Dziembowski University of Rome La Sapienza. Krzysztof Pietrzak CWI Amsterdam. WPK 2009 Workshop on Cryptographic Protocols and Public-Key Cryptography Bertinoro , 27.05.09. Plan. Motivation and introduction Our model Our construction

norman
Download Presentation

Leakage-Resilient Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Leakage-ResilientCryptography StefanDziembowski UniversityofRome La Sapienza KrzysztofPietrzak CWI Amsterdam WPK 2009 Workshop on Cryptographic Protocols and Public-Key Cryptography Bertinoro, 27.05.09

  2. Plan • Motivation and introduction • Our model • Our construction • Extension of the construction

  3. How to construct securecryptographicdevices? cryptographicdevice very secure Security based on well-defined mathematical problems. implementation CRYPTO not secure!

  4. The problem cryptographicdevice easy to attack implementation hard to attack CRYPTO

  5. Information leakage • Side channel information: • power consumption, • electromagnetic leaks, • timing information, • etc. cryptographicdevice

  6. The standard view cryptographicdevice cryptographicdevice Implementation is not our business! implementation practitioners CRYPTO CRYPTO theoreticians

  7. A recent idea Design cryptographic protocols that are secure even on the machines that leak information.

  8. Themodel (standard) black-box access cryptographicscheme additional accessto the internal data

  9. Some prior work • S. Chari, C. S. Jutla, J.R. Rao, P. RohatgiTowards Sound Approaches to Counteract Power-Analysis Attacks. CRYPTO 1999 • Y. Ishai, A. Sahai, and D. Wagner. Private Circuits: Securing Hardware against Probing Attacks. CRYPTO 2003 • S. Micali and L. Reyzin. Physically Observable Cryptography (Extended Abstract). TCC 2004 • R. Gennaro, A. Lysyanskaya, T. Malkin, S. Micali, and T. Rabin. Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering. TCC 2004. • C. Petit, F.-X. Standaert, O. Pereira, T.G. Malkin, M. Yung.A Block Cipher Based PRNG Secure Against Side-Channel Key Recovery. ASIACCS 2008 • a sequence of papers by F.-X. Standaert, T.G. Malkin, M. Yung, and others, available at the web-page of F.-X. Standaert.

  10. Our contribution We construct a stream cipher that is secure against a very large and well-defined class of leakages. Our construction is in the standard model (i.e. without the random oracles).

  11. streamciphers ≈ pseudorandomgenerators short key X long streamK a computationally bounded adversary should not be ableto distinguish K from random S ?

  12. Howdo the stream ciphers work in practice? short key X S K1 X stream K is generated in rounds (one block per round) K2 time K3 K4 . . .

  13. An equivalent security definition the adversary knows: should look random: K1 X K1 K1 K2 K2 K2 K3 K3 K3 K4 . . .

  14. Our assumption We will assume that there is a leakage each time a keyKiis generated (i.e. leakage occurs in every round). S K1 X K2 K3 K4 the details follow... . . . . . .

  15. Leakage-resilient stream cipher - the model

  16. Examples of the “leakage functions” from the literature: • Y. Ishai, A. Sahai, and D. Wagner. Private Circuits: Securing Hardware against Probing Attacks. The adversary can learn the value of some wires of a circuit that computes the cryptographic scheme. • another example (a “Hamming attack”): The adversary can learn the sum of the secret bits.

  17. ff We consider a very general class of leakages In every ith round theadversary choses a poly-time computable“bounded-output function” f : {0,1}n→ {0,1}m for m < n and learns f(X) X We say that the adversary “retrieved m bits” (in a given round).

  18. How much leakage can we tolerate? In our construction the total number of retrieved bits will be larger than the length of the secret key X (but in every round the number of retrieved bits will be much less than |X|) How can we achieve it? by key evolution! this will be a parameter

  19. Key evolution In each round the secret key X gets refreshed. Assumptions: X K1 X0 key evolution has to be deterministic (no refreshing with external randomness) X1 K2 X2 K3 also the refreshing procedure may cause leakage X3 K4

  20. How to define security? • Is “indistinguishability” possible? • Problem • If the adversary can “retrieve” just one bit of Kithen he can distinguish it from random... Solution Indistinguishability will concern the “future” keys Ki

  21. Security “without leakage” the adversary knows: should look random: K1 X0 K1 K1 K2 X1 K2 K2 K3 X2 K3 K3 K4

  22. Security “with leakage” the adversary knows: should look random: ff ff ff K1 X0 f1(X0) the adversarychooses f1 K1 K1 the adversarychooses f3 the adversarychooses f2 K2 X1 f2(X1) K2 K2 K3 X2 f3(X2) K3 K3 K4

  23. Key evolution – a problem Recall that: 1. the key evolution is deterministic 2. the “leakage function fi” can by any poly-time function. Therefore: the function fi can always compute the “future” keys

  24. What to do? We us the principle introduced in: S. Micali and L. Reyzin. Physically Observable Cryptography. TCC 2004 “only computation leaks information” in other words: “untouched memory cells do not leak information”

  25. Divide the memory into three parts: L, C and R accessed only inthe even rounds accessed always accessed only inthe odd rounds L C R L0 C0 R0 round 0 L1 C1 R1 round 1 L2 C2 R2 round 2 L3 C3 R3 round 3 . . . . . . . . . . . .

  26. Ourcipher – the outline the key of the cipher= “the initial memory contents (L0, C0, R0)” L0 C0 R0 S L1 C1 R1 S L2 C2 R2 S L3 C3 R3 . . . . . . . . .

  27. The output The output is the contents of the “central” part of the memory. C → K (L0, K0, R0) (L0, C0, R0) L0 L0 C0 K0 R0 R0 S S All the keysKi will be given “for free” to the adversary L1 L1 K1 C1 R1 R1 S S L2 L2 C2 K2 R2 R2 S S L3 L3 K3 C3 R3 R3

  28. should look random: the adversary knows: The details of the model (L0, K0, R0) K0 K1 f1(R0) L0 K0 R0 K1 K2 S L1 f2(L1) K1 R1 K2 K3 S f3(R2) L2 K2 R2 K3 K4 S L3 K3 R3

  29. Leakage-resilient stream cipher - the construction

  30. How to construct such a cipher? Idea Use the randomness extractors. A function Ext : {0,1}k × {0,1}r → {0,1}m is an (ε,n)-randomness extractorif for • a uniformly random K, and • everyXwithmin-entropyn • we have that • (Ext(K,X),K) is ε – close to uniform.

  31. Alternating extraction [DP, FOCS07] L K0 R K1= Ext(K0, R) L K1 R K2 = Ext(K1, L) L K2 R K3 = Ext(K2, R) L K3 R . . . . . . . . .

  32. A fact from [DP07] Even if a constant fraction of L and R leaks the keys K1,K2,.. look “almost uniform”

  33. Idea: “add key evolution to [DP07]” What to do? Use a pseudorandom generator (prg) in the following way: Ki R Ki Ri Ki+1= Ext(Ki, R) (Ki+1, Yi+1) = Ext(Ki, R) Ki+1 R Ki+1 Ri+1 = prg(Yi+1)

  34. Our scheme L0 L0 K0 K0 R0 R0 (K1, Y1) = Ext(K0, R0) K1= Ext(K0, R) L1 L0 K1 K1 R0 R1 = prg(Y1) (K2, Y2) = Ext(K1, L1) K2 = Ext(K1, L1) L0 L2 = prg(Y2) K2 K2 R0 R2 K3 = Ext(K2, R) (K3, Y3) = Ext(K2, R2) L0 L3 K3 K3 R0 R3 = prg(Y3) . . . . . . . . .

  35. Our results (1/2) assume the existence of pseudorandom generators the cipher constructed on the previous slides is secure against the adversary that in every round retrieves: λ = ω( log(lengthof the key)) bits then this covers many real-life attacks (e.g. the “Hamming attack”)

  36. Our results (2/2) assume the existence of pseudorandom generators secure against exponential-size circuits the cipher constructed on the previous slides is secure against the adversary that in every round retrieves: λ = ϴ(lengthof the key) bits then

  37. Main ingredients of the proof • Alternating extraction • The following lemma: prg– pseudorandom generator f – bounded-output function S – seed for the prgdistributed uniformly then: with a high probability the distributionPprg(S)|f(S) = x wherex := f(S) is indistinguishable from a distribution having high min-entropy this was proven independently in:Omer Reingold, Luca Trevisan, MadhurTulsiani, and SalilVadhan.Dense subsets of pseudorandom sets. FOCS 2008

  38. Plan • Motivation and introduction • Our model • Our construction • Extension of the construction

  39. Look again at our model: K1 ? K1 X0 K2 ? K2 X1 K3 ? K3 X2 K4 ? K4 X3 K5 ? K6 ? X4 K5 K7 ? X5 K6

  40. Problem – forward security What if the adversary doesn’t learn the Ki’s? Does the leakage in the ith round reveal something about the previous keys? K1 X0 K1 ? K2 X1 the adversary doesn’t learn it K2 ? K3 X2 K3 ? K4 X3

  41. Forward security – the definition K1 ? suppose the adversary didn’t learn K3 K1 X0 K2 ? K2 X1 K3 ? even if the entire state later leaks K3 should look random K3 X2 K4 ? K4 X3 K5 ? K6 ? X4 K5 K7 ? X5 K6

  42. Forward security - the solution Idea: use different keys for “output” and for the “extraction” use Kifor refreshing the state & output Ki output Kiout use Kinextfor refreshing the state OLD: NEW: Ki Ri Kinext Kiout Ri (Ki+1,Yi+1) = Ext(Ki,Ri) (Ki+1next, Ki+1out,Yi+1) = Ext(Kinext,Ri) Ki+1 Ri+1 = prg(Yi+1) K1+1next Ki+1out Ri+1 = prg(Yi)

  43. The modified scheme L0 L0 K0next K0 R0 R0 (K1next, K1out,Y1) = Ext(K0next, R0) (K1, Y1) = Ext(K0, R0) L1 L1 K1next K1 K1out R1 = prg(Y1) R1 = prg(Y1) (K2next, K2out,Y2) = Ext(K1next, L1) (K2, Y2) = Ext(K1, L1) L2 = prg(Y2) L2 = prg(Y2) K2 K2next K2out R2 R2 (K3next, K3out,Y3) = Ext(K2next, R2) (K3, Y3) = Ext(K2, R2) L3 L3 K3 K3next K3out R3 = prg(Y3) R3 = prg(Y3) . . . . . . . . .

  44. Subsequent work using the “computation leaks information” paradigm: • Krzysztof PietrzakA Leakage-Resilient Mode of Operation. EUROCRYPT 2009 • Public-key crypto in the generic groups Kiltz and Pietrzak [Bertinoro 2009] other: • Joel Alwen, YevgeniyDodis and Daniel Wichs, Leakage Resilient Public-Key Cryptography in the Bounded Retrieval ModelCRYPTO 2009 • YevgeniyDodis, Yael TaumanKalai and Shachar Lovett, On Cryptography with Auxiliary InputSTOC 2009 • A. Akavia, S. Goldwasser and V. VaikuntanathanSimultaneous Hardcore Bits and Cryptography against Memory Attacks TCC 2009 • MoniNaor and Gil SegevPublic-Key Cryptosystems Resilient to Key Leakage

  45. Thank you!

More Related