leakage-resilient cryptography
DESCRIPTION
Leakage-Resilient Cryptography. New Developments and Challenges. Vinod Vaikuntanathan. Microsoft Research. Secrets. Information accessible to one party and not to other(s) Essential to cryptography!. Theory. Real life. Secrets leak!. Secrets Leak. So, what can we do about it?. - PowerPoint PPT PresentationTRANSCRIPT
Leakage-Resilient Cryptography
Microsoft Research
Vinod Vaikuntanathan
New Developments and Challenges
Secrets
Information accessible to one party and not to other(s)
Essential to cryptography!
Theory Real life
Secrets leak!
Secrets Leak
So, what can we do about it?
A (bad) solution: Not our problem.— Blame the electrical engineers and hardware folks.
Leakage-resilient Crypto: Let’s try to help.
— Primitives that provably allow some leakage of secrets.
New crypto insights / questions
Two Commandments
Leakage is arbitrary, but:
I.Polynomial-time computable.
II.Does not reveal the entire secret key.
(Leakage = what an antenna can compute)
(Ensure this by hardware / software design)
Interpreting the Commandments
A Simple Interpretation: Bounded Leakage [AGV09]
(or, Two Leakage Models)
— Total leakage L < |SK| [AGV09,NS09,KV09,ADW09,ADN+10,…]
— Adversary can learn any efficiently computable function g:{0,1}* → {0,1}L of the secret key(*).
sk g(sk)1 0 1
(*) Ideally, leakage from the entire secret state. Can achieve sometimes
Interpreting the Commandments
A Simple Interpretation: Bounded Leakage [AGV09]
(or, Two Leakage Models)
— Total leakage L < |SK| [AGV09,NS09,KV09,ADW09,ADN+10,…]
— Adversary can learn any efficiently computable function g:{0,1}* → {0,1}L of the secret key.
Variations:
Auxiliary Input Model [DKL’09,DGKPV’10]: g is an uninvertible function of SK
Noisy Model [NS’09]: H∞(SK | g(SK)) >> 0
Interpreting the Commandments
A Realistic Interpretation: Continual Leakage
(or, Two Leakage Models)
— Rate of Leakage (leakage/time period) < |SK|
— Adversary can learn any efficiently computable function
gi:{0,1}* → {0,1}L of the secret key at each “time-period”
sk
g1(sk)
g2(sk)1 0 1
0 0 1
[ISW03MR04,DP08,Pie09,FKPR10,FRRTV10,BKKV10, DHLW10…]
Interpreting the Commandments
A Realistic Interpretation: Continual Leakage
(or, Two Leakage Models)
— Rate of Leakage (leakage/time period) < |SK|
— Adversary can learn any efficiently computable function
gi:{0,1}* → {0,1}L of the secret key at each “time-period”
[ISW03MR04,DP08,Pie09,FKPR10,FRRTV10,BKKV10, DHLW10…]
— Of course, secret key should be refreshed in each time.
— Non-trivial: Refresh SK without changing PK (in public-key systems), or without co-ordination (in SK systems)
Observations:
Talk Plan
PART 1: Bounded Leakage Model
– One-way Functions
PART 2: Continual Leakage Model
PART 3: “Barriers” and Open Problems
– Digital Signatures
– Leakage-resilient Compilers, LR by Parallel Repetition, Tamper Resistance,…
– Public-key Encryption
Bounded Leakage
LR One-way Functions
L-leakage-resilient OWF: Given y = f(x) and at most L bits of leakage g(x), hard to compute any x′ s.t. f(x′) = y.
– Every 2L-hard OWF is a L-leakage-resilient.
– Not every OWF is a L-leakage-resilient for large L.
(hardness → leakage-resilience)
(easy counterexamples)
x y=F(x)
Observations:
LR One-way Functions
Theorem [KV09,ADW09]: Any Universal One-way Hash Fn (uowhf) f:{0,1}n → {0,1}n-L-1 is an L-leakage-resilient OWF.
– Cor [NY89,Rom90]: OWF = Leakage-resilient OWF.
x y=F(x)
L-leakage-resilient OWF: Given y = f(x) and at most L bits of leakage g(x), hard to compute any x′ s.t. f(x′) = y.
LR One-way Functions
Theorem [KV09,ADW09]: Any Universal One-way Hash Fn (uowhf) f:{0,1}n → {0,1}n-L-1 is an L-leakage-resilient OWF.
x y=F(x)
— Given y=f(x), ≥ 2L+1 possible pre-images
y=f(x)
— Given y=f(x) and leakage g(x), ≥ 2 pre-images
x
— Inverter returns x'≠x w.p ≥ 1/2 → breaks UOWHF
Proof: Adv given y=f(x) and g(x) cannot invert y.
Recurring Theme
(Information-theoretic + Computational arguments)
Theorem [KV09,ADW09]: Any Universal One-way Hash Fn (uowhf) f:{0,1}n → {0,1}n-L-1 is an L-leakage-resilient OWF.
x y=F(x)
— Problem with many solutions
— Hard: given one solution, find another
— Security redn has one soln, computes leakage using that
— Adversary doesn’t have enough info to pin-point the solution
— Adversary returns a different soln, unwittingly solves the hard problem
An Open Question
Theorem [KV09,ADW09]: Any Universal One-way Hash Fn (uowhf) f:{0,1}n → {0,1}n-L-1 is an L-leakage-resilient OWF.
x y=F(x)
• Is there an leakage-resilient injective OWF?• Show injective OWF = injective LR-OWF (or, separation?)
OPEN:
LR Signatures
PK
SignSK(m)
g(SK)
g
m
Cannot produce
sign for a new m*
sk
LR Signatures
Theorem [KV09]: L-leakage-resilient OWF (+simulation-
extractable NIZK [S99,DDOPS01]) → L-leakage-resilient signatures
Sign(m): SimExt-NIZKm for “∃x s.t PK contains h(x)”
SK: xPK: (f,y=f(x),CRSnizk), where f is an L-LR OWF,
— Signature contains no (computational) info. on SK
— Forgery ⇒ extract a secret-key.
Proof Idea:
Sim-Ext
— Break LR OWF.
LR Signatures: Subsequent Results
[ADW09]: Fiat-Shamir transform + LR OWFs → LR-Sigs in the random oracle model.
[DHLW10]: Efficient LR Sigs without random oracles (using bilinear maps).
[BSW10]: LR Sigs where the randomness used for signing can leak as well.
LR Public-key Encryption (cpa)
PK
g(SK)
gsk Enc(b)
(b←${0,1})
Cannot predict bOPEN:
• Modify the definition to be CCA-style• Allow leakage queries after receiving the challenge ctxt
– [AGV09] based on Lattices
– [NS09,DGKPV10] based on Diffie-Hellman
([Regev05,GPV08] is leakage-resilient)
([BHHO08] is leakage-resilient)
– [NS09] from any hash proof system [CS02]
LR Public-key Encryption
Adv. breaks
cpa-securityConstruction Outline
Old Idea: One Public Key, many possible Secret Keys
PK
Public Key Space Secret Key space
Hard Problem: Given one SK, find another.
For starters:
Adv. finds sk.
– Reduction knows one SK, simulates leakage from it
– Adv. gets pk+leakage → not enough info to fully specify SK
– Adv. finds SK′ ≠ SK → breaks hard problem.
Proof:
Adv. breaks
cpa-securityConstruction Outline
Old Idea: One Public Key, many possible Secret Keys
For starters:
Adv. finds sk.
M
DEC
MCENC
PK M
M
► Correctness All secret keys decrypt C to the same message
Adv. breaks
cpa-securityConstruction Outline
Old Idea: One Public Key, many possible Secret Keys
New Idea: REAL Encryption vs. FAKE Encryption
PK
CFakeENC
MC
RealENC
DEC
M1
M3
M2
► Different secret keys decrypt c to different messages
► and yet, Fake ≈ Real (even given an SK)
≈
► Dec(SK,C*) is a good randomness extractor!
In particular, given SK, hard to find SK’ ≠ SK
Min-entropy source “Seed”
Security Proof
L(SK)
M1
M3
M2CFakeENC
“Fake World”
???
“Real World”
MM CReal
ENCPK
DEC
A Concrete Construction(based on decisional Diffie-Hellman [CS98,BHHO09] )
— Params: prime p, group G of order p, generators (g,h)
— KeyGen: sk = (a,b) pk = gahb
— Enc(pk,m): c = [gx, hx, pkx.m]— Dec(sk,c): Compute (gx)a(hx)b=(gahb)x=pkx
— FakeEnc(pk): c* = [gx, hy, (gx)a(hy)b.m]
• Fake ≈ Real: Follows from DDH. (gx,hx) ≈ (gx,hy)• Fake Encryption is random: given g,h & gahb, gaxhby is random
– [ILL] in the exponent
LR Cryptomania: Other Results
[NS09]: CPA-secure → CCA-secure with the same leakage-resilience (idea: use Naor-Yung)
[AGV09,ADN+10,CDRW10]: leakage-resilient IBE (with leakage from the user secret keys).
[LW10]: leakage-resilient IBE (with leakage from the master secret key as well), LR HIBE, ABE etc.
Continual Leakage
Continual LR Public-key Encryption
Unbounded leakage, but bounded in each time period
Challenge: keep the public key the same
Solution idea: “refresh” (randomize) the secret key
sk
g1(sk)
g2(sk)1 0 1
0 0 1
Continual LR Public-key Encryption
sk
g1(sk)
g2(sk)1 0 1
0 0 1
Theorem: [BKKV10] CLR-secure public-key encryption schemes that tolerate (in every time step):
– 1/2-ε leakage rate based on decisional linear assumption– 1-ε leakage rate based on symmetric external DH
in bilinear groups.
Continual LR Public-key Encryption
sk
g1(sk)
g2(sk)1 0 1
0 0 1
Other Results:
[BKKV10]: CLR-secure signatures and IBE (with leakage from user secret keys)
Concurrently, [DHLW10]: efficient CLR-secure signatures, ID schemes and AKA schemes
– same assumptions, different techniques (re-rand. NIZK)
Continual LR Public-key Encryption
L1(SK1) SK1
SK2
L2 (SK2)
L3(SK3) SK3
Continual Leakage: How to update SK?
pk
corresp. sk space
First Idea: Resample from the key space
PROBLEM: This is supposed to be hard!
New Idea: Neighborhood of SKs
• Given a secret key:– Easy to resample inside neighborhood.– Hard problem: find a secret key outside of neighborhood.
• Sampling in neighborhood ≈c entire space. Adv. can’t tell the difference.
• Proof outline:– Reduction knows sk and updates in neighborhood.– To Adv., updates “look like” from entire space.– Even given leakage, Adv. cannot recover any leaked key
entirely will have to come up with new sk’≠sk.– WHP sk’ not in neighborhood breaks hard problem.
• BAD NEWS: comp. indist. not enough!– Adv. can sample in neighborhood without knowing.– Need statistical argument.
• GOOD NEWS: Adv sees only part of each SK
pk
corresp. sk space
An Algebraic Lemma used in the proof:
“Random subspaces are leakage-resilient”
Random Subspaces are Continual Leakage Resilient
(Pictorially)
Neighborhood of SK
Random Subspaces are Continual Leakage Resilient
Proof: two words – pairwise independence (using [BFO,DS]).
Barriers and Open Questions
SO FAR: Design SPECIFIC crypto primitives (sigs.,enc.) secure against continual leakage?”
QUESTION:
Any circuit → Continual Leakage-resilient circuit
— Yao/GMW/BGW/CCD for leakage-resilient crypto
General Leakage-Resilience
— Automatically leakage-proof commonly used cryptosystems, e.g., RSA / AES
“Compiler”
Ishai-Sahai-Wagner: Private Circuits
Any circuit → “Probing-resilient” circuitagainst leakage of at most t wires
KeyX Y YX
Key’
Inpu
t/out
put
acce
ss
indistinguishable
(SIM) (ADV)t-w
irepr
obin
g
How about more general leakage functions?
(e.g., polynomial-time leakage)
A Barrier [BGI+00 + Impagliazzo]
Impossible to design a compiler against
poly-time leakage
— Follows from impossibility of general obfuscation [BGI+00]
— If there is a (not nec. continual) LR compiler for a functionality, then there is a [BGI+00] obfuscator for it
How to Overcome the Barrier?Three Avenues
Work with smaller leakage classes (e.g., AC0)
— Low-complexity leakage, Poly-time Adv (postprocessor)
Assume that “only computation leaks” [MR04]
— Computation is divided into time-periods— Parts of memory not involved in a time period do not
leak in that time
Small, stateless Leak-Proof Hardware
1+3 [FRRTV’10]: compiler against AC0 leakage— uses a deterministic leak-proof hardware that computes parity of n bits
2+3 [JV’10,GR’10]: compiler against poly-time OC leakage— uses a leak-proof hardware that samples random encryptions.
Is a Leak-Proof Hardware necessary?
Minimal assumptions to overcome the barrier?
To Conclude…
More Open Problems
— Parallel Repetition for Leakage Amplification [DW,LW]:
Suppose scheme S tolerates L bits. Can we repeat it in parallel n times and get nL bit leakage-tolerance?
— Tamper Resistance [IPSW, GLMMR, DPW, Malkin et al.]:
Many attacks, Boneh-Lipton, Shamir’s bug attacks...
More Results I didn’t talk about
— Leakage of randomness (hedged PKE), auxiliary input attacks, bounded retrieval model, robustness of assumptions (LWE is resilient against leakage),…
Very Active Field, Lots of work recently!Information-theoretic + Computational Techniques
Entropy
Thanks!