challenges in leakage resilient symmetric cryptography
play

Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof - PowerPoint PPT Presentation

Apr 13, 2023 •34 likes •994 views

Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on Physical Attacks, Graz, November 28, 2012 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography Krzysztof Pietrzak Challenges

  1. Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on Physical Attacks, Graz, November 28, 2012 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  2. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  3. Provable Security Define “Breaking the Cryptosystem”. 1 Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  4. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures key Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  5. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures key Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  6. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures key Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  7. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures key Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  8. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures key Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  9. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures key Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  10. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures ? ? key breaks scheme if ? ? is a valid signature for a new message. Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  11. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures ? ? key breaks scheme if ? ? is a valid signature for a new message. Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Theorem No efficient adversary who breaks the scheme exists Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  12. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures ? ? key breaks scheme if ? ? is a valid signature for a new message. Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Theorem No efficient adversary who breaks the scheme exists if (factoring, SVP,. . . ) is hard. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  13. Provably secure cryptosystems get broken in practice. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  14. Provably secure cryptosystems get broken in practice. Problem: adversaries outside the anticipated model. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  15. Provably secure cryptosystems get broken in practice. Problem: adversaries outside the anticipated model. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  16. Black-Box Security Models vs. Reality key Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  17. Black-Box Security Models vs. Reality key Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  18. Black-Box Security Models vs. Reality key Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  19. Black-Box Security Models vs. Reality key E.g. can measure time to compute . Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  20. Black-Box Security Models vs. Reality key E.g. can measure time to compute . breaks RSA on smart cards [Kocher’95] Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  21. Black-Box Security Models vs. Reality key E.g. can measure time to compute . breaks RSA on smart cards [Kocher’95] Side-Channel Attack: Cryptanalytic attack exploring information leaked from a physical implementation of a cryptosystem. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  22. power analysis probing attacks cold-boot attacks cache attacks radiation, sound, heat,. . . Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  23. power analysis [Eisenbarth et al. CRYPTO’08] break wireless car keys probing attacks cold-boot attacks [Halderman et al. USENIX’08] break disc-encryption schemes cache attacks [Ristenpart et al. CCS’09] break cloud computing radiation, sound, heat,. . . Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  24. The Rise of Side-Channel Attacks Became major threat in the last few decades. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  25. The Rise of Side-Channel Attacks Became major threat in the last few decades. Ubiquitous computing: Light-weight crypto-devices are susceptible to side-channel attacks. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  26. The Rise of Side-Channel Attacks Became major threat in the last few decades. Ubiquitous computing: Light-weight crypto-devices are susceptible to side-channel attacks. Provable security: Side-channels became the weakest link. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  27. Side-channels are a physical phenomenon, how could theoretical cryptography be of help? Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  28. Side-channels are a physical phenomenon, how could theoretical cryptography be of help? Reductions in the context of side-channel attacks [MicRey’04] Construct schemes that remain provably secure in the presence of leakage. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  29. Leakage models: one-time vs. continuous key one-time f key continuous Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  30. Leakage models: one-time vs. continuous key one-time f ( key ) key continuous Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  31. Leakage models: one-time vs. continuous key one-time key continuous Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  32. Leakage models: one-time vs. continuous key one-time key continuous Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  33. Leakage models: one-time vs. continuous key one-time key continuous f 1 , Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  34. Leakage models: one-time vs. continuous key one-time key continuous f 1 ( key , coins ) , Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  35. Leakage models: one-time vs. continuous key one-time key continuous f 2 , Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  36. Leakage models: one-time vs. continuous key one-time key continuous f 2 ( key , coins ) , Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  37. Leakage models: one-time vs. continuous key one-time key continuous f 2 ( key , coins ) , Most side-channels like timing,power,. . . are continuous. Notable exception cold-boot. Security against continuous leakage is much harder to achieve. E.g. requires key-refreshing. Intermediate “Floppy model”. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  38. Leakage models: dedicated vs. general dedicated leakage functions f models a particular side-channel timing: Make running time independent of input. probing: Private Circuits ([Ishai,Sahai,Wagner Crypto’03]) Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  39. Leakage models: dedicated vs. general dedicated leakage functions f models a particular side-channel timing: Make running time independent of input. probing: Private Circuits ([Ishai,Sahai,Wagner Crypto’03]) general leakage functions bounded: f ( key ) has length ℓ ≪ | key | bits. entropic: Entropy of key decreases by at most ℓ given f ( key ). auxiliary input: Computationally hard to compute key given f ( key ). Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  40. One-Time Bounded/Entropic leakage key ∈ { 0 , 1 } n . Adv choses f and gets f ( key ). Bounded leakage: f must satisfy | f ( key ) | = ℓ ≪ n . 1 Entropic leakage: f must satisfy H ∞ ( key | f ( key )) ≥ n − ℓ . 2 Maurer’s bounded storage model, privacy amplification,. . . Intrusion resilience [Dzi’06,CDDLLW’07,. . . ] (symmetric) Memory attacks [AGV’09,NaoSeg’09,. . . ] (public-key) Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

Recommend

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein University of Illinois at Chicago, Technische Universiteit Eindhoven CHES 2012 paper Practical leakage-resilient symmetric cryptography (Faust,

669 views • 30 slides
Leakage-Resilient (Symmetric) Cryptography Franois-Xavier Standaert UCL Crypto Group, Belgium

Leakage-Resilient (Symmetric) Cryptography Franois-Xavier Standaert UCL Crypto Group, Belgium

Leakage-Resilient (Symmetric) Cryptography Franois-Xavier Standaert UCL Crypto Group, Belgium Summer school on real-world crypto, 2016 Outline Starting point (link with previous lecture) Seed results (TCC 2004, FOCS 2008)

1.14k views • 111 slides
Leakage-Resilient Zero Knowledge Sanjam Garg Abhishek Jain Amit Sahai Leakage-Resilient

Leakage-Resilient Zero Knowledge Sanjam Garg Abhishek Jain Amit Sahai Leakage-Resilient

Leakage-Resilient Zero Knowledge Sanjam Garg Abhishek Jain Amit Sahai Leakage-Resilient Cryptography Traditional Cryptography: adv has only black-box access to a cryptosystem I O LR-Cryptography: open the black-box more

279 views • 25 slides
Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy

Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy

Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy Dodis, Daniel Wichs New York University Speaker: Daniel Wichs CRYPTO 09 Goal of Leakage-Resilient Crypto Model of Leakage Resilience

303 views • 29 slides
Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec. 5th 2018 1 / 55 Yu Chen 1 Yuyu Wang 2 Hong-Sheng Zhou 3 1 SKLOIS-IIE-CAS, UCAS 2 Tokyo Institute of Technology, IOHK, AIST 3 Virginia Commonwealth

1.29k views • 116 slides
Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec. 5th 2018 1 / 51 Yu Chen 1 Yuyu Wang 2 Hong-Sheng Zhou 3 1 SKLOIS-IIE-CAS, UCAS 2 Tokyo Institute of Technology, IOHK, AIST 3 Virginia Commonwealth

1.2k views • 104 slides
Leakage-Resilient Cryptography with Key Derived from Sensitive Data Konrad Durnoga, Stefan

Leakage-Resilient Cryptography with Key Derived from Sensitive Data Konrad Durnoga, Stefan

Leakage-Resilient Cryptography with Key Derived from Sensitive Data Konrad Durnoga, Stefan Dziembowski, Tomasz Kazana, Micha Zaj c , Maciej Zdanowicz Estonian Computer Science Theory Days Jekla 2-4.10.2015 Computers can be

542 views • 32 slides
Regular Lossy Functions and Applications in Leakage-Resilient Cryptography CT-RSA 2018 April

Regular Lossy Functions and Applications in Leakage-Resilient Cryptography CT-RSA 2018 April

Regular Lossy Functions and Applications in Leakage-Resilient Cryptography CT-RSA 2018 April 20th, 2018 1 / 41 Yu Chen 1 Baodong Qin 2 Haiyang Xue 1 1 SKLOIS, IIE, Chinese Academy of Sciences 2 Xian University of Posts and Telecommunication

1.92k views • 115 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of

Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of

Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of Science Israel Foundations of Cryptography Rigorous analysis of the security of cryptographic schemes Adversarial model Notion of security

428 views • 20 slides
LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov Gordon, Feng-Hao Lui, Adam, ONeill, and Hong-Sheng Zhou O UTLINE OF T ALK Leakage Models for PKE Bounded, Continual, and Continual w/ Leakage on

1.05k views • 102 slides
Leakage Resilient Masking Schemes Sebastian Faust Ruhr University Bochum 1 Modern cryptography

Leakage Resilient Masking Schemes Sebastian Faust Ruhr University Bochum 1 Modern cryptography

Leakage Resilient Masking Schemes Sebastian Faust Ruhr University Bochum 1 Modern cryptography Until 1970s: Design crypto algorithm secure against one attack Find attack C Find attack B Crypto Crypto algorithm A algorithm B secure against

631 views • 51 slides
LR 2 : LR : Le Leakage-Re Resilient La Layout t Ra Randomization fo for Mo Mobile

LR 2 : LR : Le Leakage-Re Resilient La Layout t Ra Randomization fo for Mo Mobile

LR 2 : LR : Le Leakage-Re Resilient La Layout t Ra Randomization fo for Mo Mobile Devices Kjell Braden , Stephen Crane, Lucas Davi , Michael Franz , Per Larsen , Christopher Liebchen , Ahmad- Reza Sadeghi

578 views • 38 slides
Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and

877 views • 28 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

263 views • 11 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
Implementation and Evaluation of a Leakage-Resilient ElGamal KEM David Galindo 1 , 2 , Johann

Implementation and Evaluation of a Leakage-Resilient ElGamal KEM David Galindo 1 , 2 , Johann

Implementation and Evaluation of a Leakage-Resilient ElGamal KEM David Galindo 1 , 2 , Johann Groschdl 3 , Zhe Liu 3 , Praveen K. Vadnala 3 , Srinivas Vivek 3 1 CNRS/Loria, France 2 SCYTL Secure Electronic Voting, Spain 3 University of

712 views • 33 slides
Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System Symmetric Key System a shared symmetric key Examples: DES IDEA RC4 AES Examples: DES, IDEA, RC4, AES Asymmetric Key System y y y a pair

661 views • 38 slides
Cryptography with Tamperable and Leaky Memory Yael Tauman Kalai Bhavana Kanukurthi Amit Sahai

Cryptography with Tamperable and Leaky Memory Yael Tauman Kalai Bhavana Kanukurthi Amit Sahai

Cryptography with Tamperable and Leaky Memory Yael Tauman Kalai Bhavana Kanukurthi Amit Sahai MSR UCLA UCLA Leakage Resilient Cryptography [Rivest1997, Boyko1999, Canetti-Dodis-Halevi-Kushilevitz-Sahai2000, Ishai-Sahai-Wagner2003, Micali-

716 views • 14 slides
Leakage Stefan Dziembowski Tomasz Kazana Daniel Wichs Main contribution We propose a secure

Leakage Stefan Dziembowski Tomasz Kazana Daniel Wichs Main contribution We propose a secure

Key-Evolution Schemes Resilient to Space Bounded Leakage Stefan Dziembowski Tomasz Kazana Daniel Wichs Main contribution We propose a secure scheme for deterministic key-evolution Properties: leakage-resilient in the random oracle

668 views • 27 slides
CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

527 views • 26 slides
Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens Hermans KU Leuven/COSIC Cryptology: basic principles Eve Alice Bob CRYP CRYP Clear Clear %^C& %^C& TOB TOB @&^( @&^(

1.32k views • 119 slides

More recommend