440 likes | 726 Views
Leakage-Resilient Cryptography. New Developments and Challenges. Vinod Vaikuntanathan. Microsoft Research. Secrets. Information accessible to one party and not to other(s) Essential to cryptography!. Theory. Real life. Secrets leak!. Secrets Leak. So, what can we do about it?.
E N D
Leakage-Resilient Cryptography New Developments and Challenges Vinod Vaikuntanathan Microsoft Research
Secrets Information accessible to one party and not to other(s) Essential to cryptography! Theory Real life Secrets leak!
Secrets Leak So, what can we do about it? • A (bad) solution: Not our problem. • Blame the electrical engineers and hardware folks. • Leakage-resilient Crypto: Let’s try to help. • Primitives that provably allow some leakage of secrets. • New crypto insights / questions
Two Commandments Leakage is arbitrary, but: • Polynomial-time computable. • Does not reveal the entire secret key. (Leakage = what an antenna can compute) (Ensure this by hardware / software design)
Interpreting the Commandments • (or, Two Leakage Models) • A Simple Interpretation: Bounded Leakage [AGV09] • Adversary can learn any efficiently computable function g:{0,1}* → {0,1}Lof the secret key(*). • Total leakage L < |SK| [AGV09,NS09,KV09,ADW09,ADN+10,…] sk g(sk) 1 0 1 • (*) Ideally, leakage from the entire secret state. Can achieve sometimes
Interpreting the Commandments • (or, Two Leakage Models) • A Simple Interpretation: Bounded Leakage [AGV09] • Adversary can learn any efficiently computable function g:{0,1}* → {0,1}Lof the secret key. • Total leakage L < |SK| [AGV09,NS09,KV09,ADW09,ADN+10,…] Variations: • Noisy Model [NS’09]: H∞(SK | g(SK)) >> 0 • Auxiliary Input Model [DKL’09,DGKPV’10]: g is an uninvertible function of SK
Interpreting the Commandments • (or, Two Leakage Models) • A Realistic Interpretation: Continual Leakage [ISW03MR04,DP08,Pie09,FKPR10,FRRTV10,BKKV10, DHLW10…] • Adversary can learn any efficiently computable function gi:{0,1}* → {0,1}L of the secret key at each “time-period” • Rate of Leakage (leakage/time period) < |SK| g1(sk) 1 0 1 g2(sk) sk 0 0 1
Interpreting the Commandments • (or, Two Leakage Models) • A Realistic Interpretation: Continual Leakage [ISW03MR04,DP08,Pie09,FKPR10,FRRTV10,BKKV10, DHLW10…] • Adversary can learn any efficiently computable function gi:{0,1}* → {0,1}L of the secret key at each “time-period” • Rate of Leakage (leakage/time period) < |SK| Observations: • Of course, secret key should be refreshed in each time. • Non-trivial: Refresh SK without changing PK (in public-key systems), or without co-ordination (in SK systems)
Talk Plan PART 1: Bounded Leakage Model • One-way Functions • Digital Signatures • Public-key Encryption PART 2: Continual Leakage Model PART 3: “Barriers” and Open Problems • Leakage-resilient Compilers, LR by Parallel Repetition, Tamper Resistance,…
LR One-way Functions L-leakage-resilient OWF: Given y = f(x) and at most L bits of leakage g(x), hard to compute any x′ s.t. f(x′) = y. x y=F(x) Observations: • Every 2L-hard OWF is a L-leakage-resilient. (hardness → leakage-resilience) • Not every OWF is a L-leakage-resilient for large L. (easy counterexamples)
LR One-way Functions L-leakage-resilient OWF: Given y = f(x) and at most L bits of leakage g(x), hard to compute any x′ s.t. f(x′) = y. x y=F(x) Theorem[KV09,ADW09]: Any Universal One-way Hash Fn (uowhf) f:{0,1}n → {0,1}n-L-1 is an L-leakage-resilient OWF. • Cor [NY89,Rom90]: OWF = Leakage-resilient OWF.
LR One-way Functions Theorem[KV09,ADW09]: Any Universal One-way Hash Fn (uowhf) f:{0,1}n → {0,1}n-L-1 is an L-leakage-resilient OWF. x y=F(x) Proof: Adv given y=f(x) and g(x) cannot invert y. y=f(x) x • Given y=f(x), ≥ 2L+1 possible pre-images • Given y=f(x) and leakage g(x), ≥ 2 pre-images • Inverter returns x'≠x w.p ≥ 1/2 → breaks UOWHF
Recurring Theme Theorem[KV09,ADW09]: Any Universal One-way Hash Fn (uowhf) f:{0,1}n → {0,1}n-L-1 is an L-leakage-resilient OWF. x y=F(x) • Problem with many solutions • Hard: given one solution, find another • Security redn has one soln, computes leakage using that • Adversary doesn’t have enough info to pin-point the solution • Adversary returns a different soln, unwittingly solves the hard problem (Information-theoretic + Computational arguments)
An Open Question Theorem[KV09,ADW09]: Any Universal One-way Hash Fn (uowhf) f:{0,1}n → {0,1}n-L-1 is an L-leakage-resilient OWF. x y=F(x) OPEN: • Is there an leakage-resilient injective OWF? • Show injective OWF = injective LR-OWF (or, separation?)
LR Signatures PK m SignSK(m) sk Cannot produce sign for a new m* g g(SK)
LR Signatures Theorem[KV09]: L-leakage-resilient OWF (+simulation-extractable NIZK [S99,DDOPS01]) → L-leakage-resilient signatures PK: (f,y=f(x),CRSnizk), where f is an L-LR OWF, SK: x Sign(m): SimExt-NIZKm for “∃x s.t PK contains h(x)” Proof Idea: • Signature contains no (computational) info. on SK Sim-Ext • Forgery ⇒ extract a secret-key. • Break LR OWF.
LR Signatures: Subsequent Results • [ADW09]: Fiat-Shamir transform + LR OWFs → LR-Sigs in the random oracle model. • [DHLW10]: Efficient LR Sigs without random oracles (using bilinear maps). • [BSW10]: LR Sigs where the randomness used for signing can leak as well.
LR Public-key Encryption (cpa) PK sk g Enc(b) g(SK) (b←${0,1}) OPEN: Cannot predict b • Modify the definition to be CCA-style • Allow leakage queries after receiving the challenge ctxt
LR Public-key Encryption • [AGV09] based on Lattices ([Regev05,GPV08] is leakage-resilient) • [NS09,DGKPV10] based on Diffie-Hellman ([BHHO08] is leakage-resilient) • [NS09] from any hash proof system [CS02]
Construction Outline Adv. breaks cpa-security For starters: Adv. findssk. Old Idea: One Public Key, many possible Secret Keys Hard Problem: Given one SK, find another. Proof: Public Key Space Secret Key space • Reduction knows one SK, simulates leakage from it • Adv. gets pk+leakage → not enough info to fully specify SK PK • Adv. finds SK′ ≠ SK → breaks hard problem.
Construction Outline Adv. breaks cpa-security For starters: Adv. findssk. Old Idea: One Public Key, many possible Secret Keys • Correctness All secret keys decrypt C to the same message DEC M M ENC C M PK M
Construction Outline Adv. breaks cpa-security Old Idea: One Public Key, many possible Secret Keys Min-entropy source New Idea: REAL Encryption vs. FAKE Encryption “Seed” • Different secret keys decrypt c to different messages • Dec(SK,C*) is a good randomness extractor! • and yet, Fake≈ Real(even given an SK) DEC M RealENC C M1 PK In particular, given SK, hard to find SK’ ≠ SK M2 ≈ FakeENC C M3
FakeENC C RealENC M C PK Security Proof “Fake World” “Real World” DEC M1 M2 M M3 L(SK) ???
A Concrete Construction (based on decisional Diffie-Hellman [CS98,BHHO09] ) Params: prime p, group G of order p, generators (g,h) KeyGen: sk = (a,b) pk = gahb Enc(pk,m): c = [gx, hx, pkx.m] Dec(sk,c): Compute (gx)a(hx)b=(gahb)x=pkx FakeEnc(pk): c* = [gx, hy, (gx)a(hy)b.m] Fake ≈ Real: Follows from DDH. (gx,hx) ≈ (gx,hy) Fake Encryption is random: given g,h & gahb, gaxhby is random • [ILL] in the exponent
LR Cryptomania: Other Results • [NS09]: CPA-secure → CCA-secure with the same leakage-resilience (idea: use Naor-Yung) • [AGV09,ADN+10,CDRW10]: leakage-resilient IBE (with leakage from the user secret keys). • [LW10]: leakage-resilient IBE (with leakage from the master secret key as well), LR HIBE, ABE etc.
Continual LR Public-key Encryption • Unbounded leakage, but bounded in each time period • Solution idea: “refresh” (randomize) the secret key • Challenge:keep the public key the same g1(sk) 1 0 1 g2(sk) sk 0 0 1
Continual LR Public-key Encryption Theorem: [BKKV10] CLR-secure public-key encryption schemes that tolerate (in every time step): • 1/2-ε leakage rate based on decisional linear assumption • 1-ε leakage rate based on symmetric external DH in bilinear groups. g1(sk) 1 0 1 g2(sk) sk 0 0 1
Continual LR Public-key Encryption Other Results: • [BKKV10]: CLR-secure signatures and IBE (with leakage from user secret keys) • Concurrently, [DHLW10]: efficient CLR-secure signatures, ID schemes and AKA schemes • same assumptions, different techniques (re-rand. NIZK) g1(sk) 1 0 1 g2(sk) sk 0 0 1
Continual LR Public-key Encryption • Continual Leakage: How to update SK? • First Idea: Resample from the key space • PROBLEM: This is supposed to be hard! L1(SK1) SK1 pk L3(SK3) SK3 L2 (SK2) SK2 corresp. sk space
New Idea: Neighborhood of SKs • Given a secret key: • Easy to resample inside neighborhood. • Hard problem: find a secret key outside of neighborhood. • Sampling in neighborhood ≈c entire space. Adv. can’t tell the difference. • Proof outline: • Reduction knows sk and updates in neighborhood. • To Adv., updates “look like” from entire space. • Even given leakage, Adv. cannot recover any leaked key entirely will have to come up with new sk’≠sk. • WHP sk’ not in neighborhood breaks hard problem. • BAD NEWS: comp. indist. not enough! • Adv. can sample in neighborhood without knowing. • Need statistical argument. • GOOD NEWS: Adv sees only part of each SK pk corresp. sk space
An Algebraic Lemma used in the proof:“Random subspaces are leakage-resilient”
Random Subspaces are Continual Leakage Resilient(Pictorially) Neighborhood of SK
Random Subspaces are Continual Leakage Resilient Proof: two words – pairwise independence (using [BFO,DS]).
General Leakage-Resilience SO FAR: Design SPECIFICcrypto primitives (sigs.,enc.) secure against continual leakage?” QUESTION: Any circuit → Continual Leakage-resilient circuit • Yao/GMW/BGW/CCD for leakage-resilient crypto • Automatically leakage-proof commonly used cryptosystems, e.g., RSA / AES
Ishai-Sahai-Wagner: Private Circuits Any circuit → “Probing-resilient” circuit against leakage of at most t wires How about more general leakage functions? (e.g., polynomial-time leakage) Key Key’ X X Y Y “Compiler” t-wireprobing Input/output access indistinguishable (SIM) (ADV)
A Barrier [BGI+00 + Impagliazzo] Impossible to design a compiler against poly-time leakage • Follows from impossibility of general obfuscation [BGI+00] • If there is a (not nec. continual) LR compiler for a functionality, then there is a [BGI+00] obfuscator for it
How to Overcome the Barrier? Three Avenues 2+3 [JV’10,GR’10]: compiler against poly-time OC leakage • uses a leak-proof hardware that samples random encryptions. • Work with smaller leakage classes (e.g., AC0) Is a Leak-Proof Hardware necessary? Minimal assumptions to overcome the barrier? • Low-complexity leakage, Poly-time Adv (postprocessor) 1+3 [FRRTV’10]: compiler against AC0 leakage • uses a deterministic leak-proof hardware that computes parity of n bits • Assume that “only computation leaks” [MR04] • Computation is divided into time-periods • Parts of memory not involved in a time period do not leak in that time • Small, stateless Leak-Proof Hardware
To Conclude… • More Open Problems • Parallel Repetition for Leakage Amplification[DW,LW]: Suppose scheme S tolerates L bits. Can we repeat it in parallel n times and get nL bit leakage-tolerance? Very Active Field, Lots of work recently! Information-theoretic + Computational Techniques • Tamper Resistance [IPSW, GLMMR, DPW, Malkin et al.]: Many attacks, Boneh-Lipton, Shamir’s bug attacks... Entropy • More Results I didn’t talk about • Leakage of randomness (hedged PKE), auxiliary input attacks, bounded retrieval model, robustness of assumptions (LWE is resilient against leakage),…