leakage-resilient cryptography
DESCRIPTION
Leakage-Resilient Cryptography. Stefan Dziembowski University of Rome La Sapienza. Krzysztof Pietrzak CWI Amsterdam. WPK 2009 Workshop on Cryptographic Protocols and Public-Key Cryptography Bertinoro , 27.05.09. Plan. Motivation and introduction Our model Our construction - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/1.jpg)
Leakage-Resilient Cryptography
Stefan DziembowskiUniversity of Rome
La Sapienza
Krzysztof PietrzakCWI Amsterdam
WPK 2009 Workshop on Cryptographic Protocols and Public-Key
CryptographyBertinoro, 27.05.09
![Page 2: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/2.jpg)
Plan
1. Motivation and introduction2. Our model3. Our construction4. Extension of the construction
![Page 3: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/3.jpg)
How to construct secure cryptographic devices?
CRYPTO
cryptographic device
very secure
Security based on well-defined mathematical problems.
not secure!
![Page 4: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/4.jpg)
The problem
hard to attack
easy to attack
CRYPTO
cryptographic device
![Page 5: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/5.jpg)
Information leakagecryptographic deviceSide channel information:
• power consumption, • electromagnetic leaks, • timing information, etc.
![Page 6: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/6.jpg)
The standard view
CRYPTO
theoreticians
practitioners
cryptographic device
CRYPTO
cryptographic device
Implementation is not our business!
![Page 7: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/7.jpg)
A recent ideaDesign cryptographic
protocols that are secure
even
on the machines that leak information.
![Page 8: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/8.jpg)
cryptographicscheme
The model
(standard) black-box access
additional accessto the internal data
![Page 9: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/9.jpg)
Some prior work S. Chari, C. S. Jutla, J.R. Rao, P. Rohatgi
Towards Sound Approaches to Counteract Power-Analysis Attacks. CRYPTO 1999
Y. Ishai, A. Sahai, and D. Wagner. Private Circuits: Securing Hardware against Probing Attacks. CRYPTO 2003
S. Micali and L. Reyzin. Physically Observable Cryptography (Extended Abstract). TCC 2004
R. Gennaro, A. Lysyanskaya, T. Malkin, S. Micali, and T. Rabin. Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering. TCC 2004.
C. Petit, F.-X. Standaert, O. Pereira, T.G. Malkin, M. Yung.A Block Cipher Based PRNG Secure Against Side-Channel Key Recovery. ASIACCS 2008
a sequence of papers by F.-X. Standaert, T.G. Malkin, M. Yung, and others, available at the web-page of F.-X. Standaert.
![Page 10: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/10.jpg)
Our contributionWe construct a
stream cipher that is secure against a
very large and well-defined class of leakages.
Our construction is in the standard model
(i.e. without the random oracles).
![Page 11: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/11.jpg)
stream ciphers ≈ pseudorandom generators
Slongstrea
mK
short key X
a computationally bounded adversary
should not be ableto distinguish K from
random
?
![Page 12: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/12.jpg)
How do the stream ciphers work in practice?
. . .
S
K1
K2
K3
K4
short key X
stream K is generated in
rounds
(one block per round)
X
time
![Page 13: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/13.jpg)
X
the adversary knows:
should look random:
K2
K3
K1
K2
K3
K4
K2
K3
An equivalent security definition
K1K1
. .
.
![Page 14: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/14.jpg)
Our assumption
K1
K2
K3
K4
. .
.
X
. .
.
We will assume that there is a leakage each time a key Ki is generated (i.e. leakage occurs in every round).
S
the details follow...
![Page 15: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/15.jpg)
Leakage-resilient stream cipher
- the model
![Page 16: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/16.jpg)
Examples of the “leakage functions” from the literature:
Y. Ishai, A. Sahai, and D. Wagner. Private Circuits: Securing Hardware against Probing Attacks.
The adversary can learn the value of some wires of a circuit that computes the cryptographic scheme.
another example (a “Hamming attack”):The adversary can learn the sum of the secret bits.
![Page 17: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/17.jpg)
ff
We consider a very general class of leakages
X
In every ith round theadversary choses
a poly-time computable“bounded-output
function”
f : {0,1}n → {0,1}m
for m < n
and learns f(X)
We say that the adversary “retrieved m bits” (in a given round).
![Page 18: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/18.jpg)
How much leakage can we tolerate?
How can we achieve it?
by key evolution!
In our constructionthe total number of retrieved bits
will belarger than
the length of the secret key X
(but in every round the number of retrieved bits will be much less than |X|)
this will be a
parameter
![Page 19: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/19.jpg)
Key evolution
K1
K2
K3
K4
X2
X1
X0
In each round the secret key X gets refreshed.
key evolution has to be deterministic
(no refreshing with external randomness)
X
also the refreshing procedure may cause
leakage
Assumptions:
X3
![Page 20: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/20.jpg)
How to define security?
Is “indistinguishability” possible?
ProblemIf the adversary can “retrieve” just one
bit of Ki then he can distinguish it from random...
SolutionIndistinguishability will concern the “future” keys Ki
![Page 21: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/21.jpg)
X1
X0
the adversary knows:
should look random:
K2
K1
K2
K3
K4
K2
Security “without leakage”
K1K1
X2 K3K3
![Page 22: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/22.jpg)
X1
X0
ffthe adversarychooses f2
the adversary knows:
should look random:
f1(X0
)
f2(X1)
f3(X2)
Security “with leakage”
K2
K2
K3
K4
ffthe adversarychooses f1
ffthe adversarychooses f3
K2
K1K1
K1
X2 K3K3
![Page 23: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/23.jpg)
Key evolution – a problem
Recall that:
1. the key evolution is deterministic 2. the “leakage function fi” can by any poly-time function.
Therefore:
the function fi can always compute the “future” keys
![Page 24: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/24.jpg)
What to do?We us the principle introduced in:
S. Micali and L. Reyzin. Physically Observable Cryptography.TCC 2004
“only computation leaks information”
“untouched memory cells do not leak information”
in other words:
![Page 25: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/25.jpg)
Divide the memory into three parts: L, C and R
L RC
L0 R0C0
L1 R1C1
L2 R2C2
L3 R3C3
accessed only in
the even rounds
accessed only in
the odd roundsaccessed always
round 0
round 1
round 2
round 3 . . .
. . .
. . .. . .
unmodified
unmodified
unmodified
unmodified
modified
modified
modified
modified
![Page 26: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/26.jpg)
Our cipher – the outline
L0 R0C0
L1 R1C1
L2 R2C2
L3 R3C3
S
S
S
. . .
the key of the cipher = “the initial memory contents (L0, C0, R0)”
. . .. . .
unmodified
unmodified
unmodified
![Page 27: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/27.jpg)
The output
L0 R0C0
L1 R1C1
L2 R2C2
L3 R3C3
S
S
S
(L0, C0, R0)
The output is the contents of the “central” part of the memory.
L0 R0K0
L1 R1K1
L2 R2K2
L3 R3K3
S
S
S
(L0, K0, R0)
C → K
All the keysKi
will be given
“for free” to the
adversary
![Page 28: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/28.jpg)
The details of the model
L0 R0K0
L1 R1K1
L2 R2K2
L3 R3K3
S
S
S
(L0, K0, R0)
the adversary knows:
should look random:
f1(R0
)
f2(L1)
f3(R2)
K2
K1
K3
K4
K1
K2
K3
K0
![Page 29: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/29.jpg)
Leakage-resilient stream cipher
- the construction
![Page 30: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/30.jpg)
How to construct such a cipher?IdeaUse the randomness extractors.
A functionExt : {0,1}k × {0,1}r → {0,1}m
is an (ε, n)-randomness extractor if for • a uniformly random K, and• every X with min-entropy n we have that
(Ext(K,X),K) is ε – close to uniform.
![Page 31: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/31.jpg)
. . .
. . .
. . .
L RK0
L
R
K1= Ext(K0, R)
K2 = Ext(K1, L)
K1
K2
L
K3 = Ext(K2, R)
K3
R
L
R
Alternating extraction [DP, FOCS07]
![Page 32: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/32.jpg)
A fact from [DP07]
Even if a constant fraction of L and R
leaksthe keys K1,K2,..
look “almost uniform”
![Page 33: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/33.jpg)
Idea: “add key evolution to [DP07]”What to do?
Use a pseudorandom generator (prg) in the following way:
RiKi
Ri+1 = prg(Yi+1)
(Ki+1, Yi+1) = Ext(Ki, R)
Ki+1
RKi
R
Ki+1= Ext(Ki, R)
Ki+1
![Page 34: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/34.jpg)
L0 R0K0
L0
R0
K1= Ext(K0, R)
K2 = Ext(K1, L1)
K1
K2
L0
K3 = Ext(K2, R)
K3
R0
L0
R0
Our schemeL0 R0K0
L1 R1 = prg(Y1)
L2 = prg(Y2) R2
(K1, Y1) = Ext(K0, R0)
(K2, Y2) = Ext(K1, L1)
K1
K2
L3 R3 = prg(Y3)
(K3, Y3) = Ext(K2, R2)
K3
. . .
. . .
. . .
![Page 35: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/35.jpg)
Our results (1/2)
the cipher constructed on the previous slides is secure against the adversary that in every round
retrieves:λ = ω( log(length of the key))
bits
35
assume the existence of pseudorandom generators then
this covers many real-life attacks
(e.g. the “Hamming attack”)
![Page 36: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/36.jpg)
Our results (2/2)
the cipher constructed on the previous slides is secure against the adversary that in every round
retrieves:λ = ϴ(length of the key)
bits
36
assume the existence of pseudorandom generators
secure against exponential-size circuitsthen
![Page 37: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/37.jpg)
Main ingredients of the proof1. Alternating extraction2. The following lemma:
prg – pseudorandom generatorf – bounded-output function
S – seed for the prg distributed uniformlythen:
with a high probabilitythe distribution Pprg(S)|f(S) = x where x := f(S)
is indistinguishable from a distribution having high min-entropy
this was proven independently in:Omer Reingold, Luca Trevisan, Madhur Tulsiani, and Salil Vadhan.Dense subsets of pseudorandom sets. FOCS 2008
![Page 38: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/38.jpg)
Plan
1. Motivation and introduction2. Our model3. Our construction4. Extension of the construction
![Page 39: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/39.jpg)
Look again at our model:
X1
X0 K1
X2
X4
X3
X5
K2
K3
K4
K5
K6
K1
?K2
?K3
?K4
?K5
?K6
?K7
?
![Page 40: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/40.jpg)
Problem – forward security
X1
X0 K1
X2
X3
K2
K3
K4
K1
?K2
?K3
?
the adversary doesn’t learn it
What if the adversary doesn’t learn the Ki’s?Does the leakage in the ith round reveal something about the previous keys?
![Page 41: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/41.jpg)
Forward security – the definition
X1
X0 K1
X2
X4
X3
X5
K2
K3
K4
K5
K6
K1
?K2
?K3
?K4
?K5
?K6
?K7
?
suppose the adversary
didn’t learn K3
even if the entire state later leaks
K3
should look random
![Page 42: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/42.jpg)
Forward security - the solution
RiKinext
Ri+1 = prg(Yi)
(Ki+1next, Ki+1
out,Yi+1) = Ext(Ki
next, Ri)K1+1
nex
tKi+1
out
Ri
Ri+1 = prg(Yi+1)
(Ki+1,Yi+1) = Ext(Ki, Ri)
Ki+1
KioutKi
use Kinext
for refreshing the state
output Kiout
use Ki for refreshing the state & output Ki
OLD: NEW:
Idea: use different keys for “output” and for the “extraction”
![Page 43: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/43.jpg)
The modified schemeL0 R0K0
next
L1 R1 = prg(Y1)
L2 = prg(Y2) R2
(K1next, K1
out,Y1) = Ext(K0next,
R0)
(K2next, K2
out,Y2) = Ext(K1next,
L1)
K1next
K2next
L3 R3 = prg(Y3)
(K3next, K3
out,Y3) = Ext(K2next,
R2)
K3next
. . .
. . .
. . .
K1out
K2out
K3out
R0L0 K0
L1 R1 = prg(Y1)
L2 = prg(Y2) R2
(K1, Y1) = Ext(K0, R0)
(K2, Y2) = Ext(K1, L1)
K1
K2
L3 R3 = prg(Y3)
(K3, Y3) = Ext(K2, R2)
K3
![Page 44: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/44.jpg)
Subsequent workusing the “computation leaks information” paradigm:
Krzysztof PietrzakA Leakage-Resilient Mode of Operation. EUROCRYPT 2009
Public-key crypto in the generic groups Kiltz and Pietrzak [Bertinoro 2009]
other: Joel Alwen, Yevgeniy Dodis and Daniel Wichs,
Leakage Resilient Public-Key Cryptography in the Bounded Retrieval ModelCRYPTO 2009
Yevgeniy Dodis, Yael Tauman Kalai and Shachar Lovett, On Cryptography with Auxiliary InputSTOC 2009
A. Akavia, S. Goldwasser and V. VaikuntanathanSimultaneous Hardcore Bits and Cryptography against Memory Attacks TCC 2009
Moni Naor and Gil Segev Public-Key Cryptosystems Resilient to Key Leakage
![Page 45: Leakage-Resilient Cryptography](https://reader036.vdocument.in/reader036/viewer/2022062302/568164a6550346895dd69968/html5/thumbnails/45.jpg)
Thank you!