Download - Leakage-Resilient Cryptography
![Page 1: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/1.jpg)
Leakage-Resilient Cryptography
Microsoft Research
Vinod Vaikuntanathan
New Developments and Challenges
![Page 2: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/2.jpg)
Secrets
Information accessible to one party and not to other(s)
Essential to cryptography!
Theory Real life
Secrets leak!
![Page 3: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/3.jpg)
Secrets Leak
So, what can we do about it?
A (bad) solution: Not our problem.— Blame the electrical engineers and hardware folks.
Leakage-resilient Crypto: Let’s try to help.
— Primitives that provably allow some leakage of secrets.
New crypto insights / questions
![Page 4: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/4.jpg)
Two Commandments
Leakage is arbitrary, but:
I.Polynomial-time computable.
II.Does not reveal the entire secret key.
(Leakage = what an antenna can compute)
(Ensure this by hardware / software design)
![Page 5: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/5.jpg)
Interpreting the Commandments
A Simple Interpretation: Bounded Leakage [AGV09]
(or, Two Leakage Models)
— Total leakage L < |SK| [AGV09,NS09,KV09,ADW09,ADN+10,…]
— Adversary can learn any efficiently computable function g:{0,1}* → {0,1}L of the secret key(*).
sk g(sk)1 0 1
(*) Ideally, leakage from the entire secret state. Can achieve sometimes
![Page 6: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/6.jpg)
Interpreting the Commandments
A Simple Interpretation: Bounded Leakage [AGV09]
(or, Two Leakage Models)
— Total leakage L < |SK| [AGV09,NS09,KV09,ADW09,ADN+10,…]
— Adversary can learn any efficiently computable function g:{0,1}* → {0,1}L of the secret key.
Variations:
Auxiliary Input Model [DKL’09,DGKPV’10]: g is an uninvertible function of SK
Noisy Model [NS’09]: H∞(SK | g(SK)) >> 0
![Page 7: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/7.jpg)
Interpreting the Commandments
A Realistic Interpretation: Continual Leakage
(or, Two Leakage Models)
— Rate of Leakage (leakage/time period) < |SK|
— Adversary can learn any efficiently computable function
gi:{0,1}* → {0,1}L of the secret key at each “time-period”
sk
g1(sk)
g2(sk)1 0 1
0 0 1
[ISW03MR04,DP08,Pie09,FKPR10,FRRTV10,BKKV10, DHLW10…]
![Page 8: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/8.jpg)
Interpreting the Commandments
A Realistic Interpretation: Continual Leakage
(or, Two Leakage Models)
— Rate of Leakage (leakage/time period) < |SK|
— Adversary can learn any efficiently computable function
gi:{0,1}* → {0,1}L of the secret key at each “time-period”
[ISW03MR04,DP08,Pie09,FKPR10,FRRTV10,BKKV10, DHLW10…]
— Of course, secret key should be refreshed in each time.
— Non-trivial: Refresh SK without changing PK (in public-key systems), or without co-ordination (in SK systems)
Observations:
![Page 9: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/9.jpg)
Talk Plan
PART 1: Bounded Leakage Model
– One-way Functions
PART 2: Continual Leakage Model
PART 3: “Barriers” and Open Problems
– Digital Signatures
– Leakage-resilient Compilers, LR by Parallel Repetition, Tamper Resistance,…
– Public-key Encryption
![Page 10: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/10.jpg)
Bounded Leakage
![Page 11: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/11.jpg)
LR One-way Functions
L-leakage-resilient OWF: Given y = f(x) and at most L bits of leakage g(x), hard to compute any x′ s.t. f(x′) = y.
– Every 2L-hard OWF is a L-leakage-resilient.
– Not every OWF is a L-leakage-resilient for large L.
(hardness → leakage-resilience)
(easy counterexamples)
x y=F(x)
Observations:
![Page 12: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/12.jpg)
LR One-way Functions
Theorem [KV09,ADW09]: Any Universal One-way Hash Fn (uowhf) f:{0,1}n → {0,1}n-L-1 is an L-leakage-resilient OWF.
– Cor [NY89,Rom90]: OWF = Leakage-resilient OWF.
x y=F(x)
L-leakage-resilient OWF: Given y = f(x) and at most L bits of leakage g(x), hard to compute any x′ s.t. f(x′) = y.
![Page 13: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/13.jpg)
LR One-way Functions
Theorem [KV09,ADW09]: Any Universal One-way Hash Fn (uowhf) f:{0,1}n → {0,1}n-L-1 is an L-leakage-resilient OWF.
x y=F(x)
— Given y=f(x), ≥ 2L+1 possible pre-images
y=f(x)
— Given y=f(x) and leakage g(x), ≥ 2 pre-images
x
— Inverter returns x'≠x w.p ≥ 1/2 → breaks UOWHF
Proof: Adv given y=f(x) and g(x) cannot invert y.
![Page 14: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/14.jpg)
Recurring Theme
(Information-theoretic + Computational arguments)
Theorem [KV09,ADW09]: Any Universal One-way Hash Fn (uowhf) f:{0,1}n → {0,1}n-L-1 is an L-leakage-resilient OWF.
x y=F(x)
— Problem with many solutions
— Hard: given one solution, find another
— Security redn has one soln, computes leakage using that
— Adversary doesn’t have enough info to pin-point the solution
— Adversary returns a different soln, unwittingly solves the hard problem
![Page 15: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/15.jpg)
An Open Question
Theorem [KV09,ADW09]: Any Universal One-way Hash Fn (uowhf) f:{0,1}n → {0,1}n-L-1 is an L-leakage-resilient OWF.
x y=F(x)
• Is there an leakage-resilient injective OWF?• Show injective OWF = injective LR-OWF (or, separation?)
OPEN:
![Page 16: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/16.jpg)
LR Signatures
PK
SignSK(m)
g(SK)
g
m
Cannot produce
sign for a new m*
sk
![Page 17: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/17.jpg)
LR Signatures
Theorem [KV09]: L-leakage-resilient OWF (+simulation-
extractable NIZK [S99,DDOPS01]) → L-leakage-resilient signatures
Sign(m): SimExt-NIZKm for “∃x s.t PK contains h(x)”
SK: xPK: (f,y=f(x),CRSnizk), where f is an L-LR OWF,
— Signature contains no (computational) info. on SK
— Forgery ⇒ extract a secret-key.
Proof Idea:
Sim-Ext
— Break LR OWF.
![Page 18: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/18.jpg)
LR Signatures: Subsequent Results
[ADW09]: Fiat-Shamir transform + LR OWFs → LR-Sigs in the random oracle model.
[DHLW10]: Efficient LR Sigs without random oracles (using bilinear maps).
[BSW10]: LR Sigs where the randomness used for signing can leak as well.
![Page 19: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/19.jpg)
LR Public-key Encryption (cpa)
PK
g(SK)
gsk Enc(b)
(b←${0,1})
Cannot predict bOPEN:
• Modify the definition to be CCA-style• Allow leakage queries after receiving the challenge ctxt
![Page 20: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/20.jpg)
– [AGV09] based on Lattices
– [NS09,DGKPV10] based on Diffie-Hellman
([Regev05,GPV08] is leakage-resilient)
([BHHO08] is leakage-resilient)
– [NS09] from any hash proof system [CS02]
LR Public-key Encryption
![Page 21: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/21.jpg)
Adv. breaks
cpa-securityConstruction Outline
Old Idea: One Public Key, many possible Secret Keys
PK
Public Key Space Secret Key space
Hard Problem: Given one SK, find another.
For starters:
Adv. finds sk.
– Reduction knows one SK, simulates leakage from it
– Adv. gets pk+leakage → not enough info to fully specify SK
– Adv. finds SK′ ≠ SK → breaks hard problem.
Proof:
![Page 22: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/22.jpg)
Adv. breaks
cpa-securityConstruction Outline
Old Idea: One Public Key, many possible Secret Keys
For starters:
Adv. finds sk.
M
DEC
MCENC
PK M
M
► Correctness All secret keys decrypt C to the same message
![Page 23: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/23.jpg)
Adv. breaks
cpa-securityConstruction Outline
Old Idea: One Public Key, many possible Secret Keys
New Idea: REAL Encryption vs. FAKE Encryption
PK
CFakeENC
MC
RealENC
DEC
M1
M3
M2
► Different secret keys decrypt c to different messages
► and yet, Fake ≈ Real (even given an SK)
≈
► Dec(SK,C*) is a good randomness extractor!
In particular, given SK, hard to find SK’ ≠ SK
Min-entropy source “Seed”
![Page 24: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/24.jpg)
Security Proof
L(SK)
M1
M3
M2CFakeENC
“Fake World”
???
“Real World”
MM CReal
ENCPK
DEC
![Page 25: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/25.jpg)
A Concrete Construction(based on decisional Diffie-Hellman [CS98,BHHO09] )
— Params: prime p, group G of order p, generators (g,h)
— KeyGen: sk = (a,b) pk = gahb
— Enc(pk,m): c = [gx, hx, pkx.m]— Dec(sk,c): Compute (gx)a(hx)b=(gahb)x=pkx
— FakeEnc(pk): c* = [gx, hy, (gx)a(hy)b.m]
• Fake ≈ Real: Follows from DDH. (gx,hx) ≈ (gx,hy)• Fake Encryption is random: given g,h & gahb, gaxhby is random
– [ILL] in the exponent
![Page 26: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/26.jpg)
LR Cryptomania: Other Results
[NS09]: CPA-secure → CCA-secure with the same leakage-resilience (idea: use Naor-Yung)
[AGV09,ADN+10,CDRW10]: leakage-resilient IBE (with leakage from the user secret keys).
[LW10]: leakage-resilient IBE (with leakage from the master secret key as well), LR HIBE, ABE etc.
![Page 27: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/27.jpg)
Continual Leakage
![Page 28: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/28.jpg)
Continual LR Public-key Encryption
Unbounded leakage, but bounded in each time period
Challenge: keep the public key the same
Solution idea: “refresh” (randomize) the secret key
sk
g1(sk)
g2(sk)1 0 1
0 0 1
![Page 29: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/29.jpg)
Continual LR Public-key Encryption
sk
g1(sk)
g2(sk)1 0 1
0 0 1
Theorem: [BKKV10] CLR-secure public-key encryption schemes that tolerate (in every time step):
– 1/2-ε leakage rate based on decisional linear assumption– 1-ε leakage rate based on symmetric external DH
in bilinear groups.
![Page 30: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/30.jpg)
Continual LR Public-key Encryption
sk
g1(sk)
g2(sk)1 0 1
0 0 1
Other Results:
[BKKV10]: CLR-secure signatures and IBE (with leakage from user secret keys)
Concurrently, [DHLW10]: efficient CLR-secure signatures, ID schemes and AKA schemes
– same assumptions, different techniques (re-rand. NIZK)
![Page 31: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/31.jpg)
Continual LR Public-key Encryption
L1(SK1) SK1
SK2
L2 (SK2)
L3(SK3) SK3
Continual Leakage: How to update SK?
pk
corresp. sk space
First Idea: Resample from the key space
PROBLEM: This is supposed to be hard!
![Page 32: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/32.jpg)
New Idea: Neighborhood of SKs
• Given a secret key:– Easy to resample inside neighborhood.– Hard problem: find a secret key outside of neighborhood.
• Sampling in neighborhood ≈c entire space. Adv. can’t tell the difference.
• Proof outline:– Reduction knows sk and updates in neighborhood.– To Adv., updates “look like” from entire space.– Even given leakage, Adv. cannot recover any leaked key
entirely will have to come up with new sk’≠sk.– WHP sk’ not in neighborhood breaks hard problem.
• BAD NEWS: comp. indist. not enough!– Adv. can sample in neighborhood without knowing.– Need statistical argument.
• GOOD NEWS: Adv sees only part of each SK
pk
corresp. sk space
![Page 33: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/33.jpg)
An Algebraic Lemma used in the proof:
“Random subspaces are leakage-resilient”
![Page 34: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/34.jpg)
Random Subspaces are Continual Leakage Resilient
(Pictorially)
Neighborhood of SK
![Page 35: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/35.jpg)
Random Subspaces are Continual Leakage Resilient
Proof: two words – pairwise independence (using [BFO,DS]).
![Page 36: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/36.jpg)
Barriers and Open Questions
![Page 37: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/37.jpg)
SO FAR: Design SPECIFIC crypto primitives (sigs.,enc.) secure against continual leakage?”
QUESTION:
Any circuit → Continual Leakage-resilient circuit
— Yao/GMW/BGW/CCD for leakage-resilient crypto
General Leakage-Resilience
— Automatically leakage-proof commonly used cryptosystems, e.g., RSA / AES
![Page 38: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/38.jpg)
“Compiler”
Ishai-Sahai-Wagner: Private Circuits
Any circuit → “Probing-resilient” circuitagainst leakage of at most t wires
KeyX Y YX
Key’
Inpu
t/out
put
acce
ss
indistinguishable
(SIM) (ADV)t-w
irepr
obin
g
How about more general leakage functions?
(e.g., polynomial-time leakage)
![Page 39: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/39.jpg)
A Barrier [BGI+00 + Impagliazzo]
Impossible to design a compiler against
poly-time leakage
— Follows from impossibility of general obfuscation [BGI+00]
— If there is a (not nec. continual) LR compiler for a functionality, then there is a [BGI+00] obfuscator for it
![Page 40: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/40.jpg)
How to Overcome the Barrier?Three Avenues
Work with smaller leakage classes (e.g., AC0)
— Low-complexity leakage, Poly-time Adv (postprocessor)
Assume that “only computation leaks” [MR04]
— Computation is divided into time-periods— Parts of memory not involved in a time period do not
leak in that time
Small, stateless Leak-Proof Hardware
1+3 [FRRTV’10]: compiler against AC0 leakage— uses a deterministic leak-proof hardware that computes parity of n bits
2+3 [JV’10,GR’10]: compiler against poly-time OC leakage— uses a leak-proof hardware that samples random encryptions.
Is a Leak-Proof Hardware necessary?
Minimal assumptions to overcome the barrier?
![Page 41: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/41.jpg)
To Conclude…
More Open Problems
— Parallel Repetition for Leakage Amplification [DW,LW]:
Suppose scheme S tolerates L bits. Can we repeat it in parallel n times and get nL bit leakage-tolerance?
— Tamper Resistance [IPSW, GLMMR, DPW, Malkin et al.]:
Many attacks, Boneh-Lipton, Shamir’s bug attacks...
More Results I didn’t talk about
— Leakage of randomness (hedged PKE), auxiliary input attacks, bounded retrieval model, robustness of assumptions (LWE is resilient against leakage),…
Very Active Field, Lots of work recently!Information-theoretic + Computational Techniques
Entropy
![Page 42: Leakage-Resilient Cryptography](https://reader036.vdocuments.site/reader036/viewer/2022062801/568143d2550346895db05eca/html5/thumbnails/42.jpg)
Thanks!