leakage resilient chosen ciphertext secure public key
play

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption - PowerPoint PPT Presentation

Sep 21, 2023 •106 likes •580 views

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure

  1. Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF

  2. ������������ Why We Consider Secrets Leak? T HEORY R EAL L IFE � � Ideal setting Physical implementation leaks � information Private internal secret state � e.g.: secret key/ randomness secret state secret state B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  3. ������������ Why We Consider Secrets Leak? T HEORY R EAL L IFE � � Ideal setting Physical implementation leaks electromagnetic � information Private internal secret state radiation � e.g.: secret key/ randomness time secret state secret state Side channel attacks sound B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  4. ������������ Why We Consider Secrets Leak? T HEORY R EAL L IFE � � Ideal setting Physical implementation leaks electromagnetic � information Private internal secret state radiation � e.g.: secret key/ randomness time secret state secret state Side channel attacks sound Only computation leaks information [Micali and Reyzin 04] B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  5. ������������ Bounded Leakage Model � Inspired by “cold-boot” attack/memory attack [Halderman et al.08] � Not only computation leaks information � Model: leakage oracle secret key: SK • • • Leakage rate: B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  6. ������������ Public-Key Encryption Semantic security against key leakage and CCA [NS09] Adversary y Decryption queries Leakage queries B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  7. ������������ Public-Key Encryption Semantic security against key leakage and CCA [NS09] Adversary y Decryption The adversary succeeds if queries b=b’ Advantage: Pr[b=b’]-1/2 Leakage queries B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  8. ������������ Previous Works � High leakage-rate (e.g. 1-o(1), using NIZK) but � either no efficient instantiations [NS09] or � over a pairing-friendly group (efficient, but the ciphertext size is a little bit large) [Dodis et al.10, Galindo et al.12] B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  9. ������������ Previous Works � High leakage-rate (e.g. 1-o(1), using NIZK) but � either no efficient instantiations [NS09] or � over a pairing-friendly group (efficient, but the ciphertext size is a little bit large) [Dodis et al.10, Galindo et al.12] � Low leakage rate (e.g. 1/4-o(1)), but � very practical construction via hash proof system [NS09,Li et al.12, Liu et al.13] � has short ciphertext size (for reasonable leakage rate) � Instantiations under DDH, DCR etc. (without pairing) B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  10. ������������ Question From [Dodis et al. Asiacrypt 2010] …, it seems that the hash proof system approach to building CCA encryption is inherently limited to leakage-rates below 1/2: this is because the secret-key consists of two components (one for verifying that the ciphertext is well-formed and one for decrypting it) and the proofs break down if either of the components is individually leaked in its entirety. However, no HPS-based PKEs are known achieving leakage- rate 1/2-o(1), especially under DDH or DCR assumptions. Question: can we find a new way to construct LR-CCA secure PKEs which are as practical as HPS with reasonable high leakage-rates, like 1/2-o(1)? B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  11. ������������ Hash Proof System[CS02] � Family of projective hash functions � Subset membership problem: (valid/invalid) B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  12. ������������ Hash Proof System[CS02] � Family of projective hash functions � Subset membership problem: (valid/invalid) SK space PK space B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  13. ������������ Hash Proof System[CS02] � Family of projective hash functions � Subset membership problem: (valid/invalid) SK space Public evaluation Private evaluation PK space B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  14. ������������ Hash Proof System[CS02] � Family of projective hash functions � Subset membership problem: (valid/invalid) SK space High entropy Public evaluation Private evaluation •universal/universal 2 •smooth PK space B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  15. ������������ HPS-based Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  16. ������������ HPS-based Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  17. ������������ HPS-based Approach (language) additional input Prove Mask message •Leakage amount is at most: •In fact smaller than B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  18. ������������ HPS-based Approach (language) additional input Leakage-rate: Prove Mask message •Leakage amount is at most: •In fact smaller than B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  19. ������������ HPS-based Approach (language) additional input Leakage-rate: Best result: 1/4 –o(1) under DDH assumption Prove Mask message •Leakage amount is at most: •In fact smaller than B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  20. ������������ Our Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  21. ������������ Our Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  22. ������������ Our Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  23. ������������ Our Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  24. ������������ Our Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  25. ������������ Our Approach (language) additional input Leakage-rate: Our result: 1/2 –o(1) under DDH /DCR Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  26. ������������ Our Approach (language) additional input Leakage-rate: One-Time Lossy Filter Our result: 1/2 –o(1) under DDH /DCR Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  27. ������������ ������������ B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  28. ������������ ������������ B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

Recommend

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy Duong Hieu Phan David Pointcheval ENS France CNRS-ENS France Asiacrypt '03 Taipei - Taiwan December 1 st 2003 Summary Summary Asymmetric

235 views • 21 slides
Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks joint work with Pierre-Alain

Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks joint work with Pierre-Alain

Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks joint work with Pierre-Alain Fouque Asiacrypt 01 Gold Coast - Australia December 2001 David Pointcheval Dpartement dInformatique ENS - CNRS David.Pointcheval@ens.fr

436 views • 9 slides
LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov Gordon, Feng-Hao Lui, Adam, ONeill, and Hong-Sheng Zhou O UTLINE OF T ALK Leakage Models for PKE Bounded, Continual, and Continual w/ Leakage on

1.05k views • 102 slides
Leakage Stefan Dziembowski Tomasz Kazana Daniel Wichs Main contribution We propose a secure

Leakage Stefan Dziembowski Tomasz Kazana Daniel Wichs Main contribution We propose a secure

Key-Evolution Schemes Resilient to Space Bounded Leakage Stefan Dziembowski Tomasz Kazana Daniel Wichs Main contribution We propose a secure scheme for deterministic key-evolution Properties: leakage-resilient in the random oracle

668 views • 27 slides
Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy

Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy

Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy Dodis, Daniel Wichs New York University Speaker: Daniel Wichs CRYPTO 09 Goal of Leakage-Resilient Crypto Model of Leakage Resilience

303 views • 29 slides
Chosen-Ciphertext Security from Subset Sum PKC 2016, 07.03.2016 Sebastian Faust 1 Daniel Masny 1

Chosen-Ciphertext Security from Subset Sum PKC 2016, 07.03.2016 Sebastian Faust 1 Daniel Masny 1

Chosen-Ciphertext Security from Subset Sum PKC 2016, 07.03.2016 Sebastian Faust 1 Daniel Masny 1 Daniele Venturi 2 1 Ruhr Universitt Bochum 2 Sapienza University of Rome 1 Outline 1 Our Contribution 2 Subset Sum 3 CCA secure PKE 4 Tag-Based

965 views • 80 slides
Implementation and Evaluation of a Leakage-Resilient ElGamal KEM David Galindo 1 , 2 , Johann

Implementation and Evaluation of a Leakage-Resilient ElGamal KEM David Galindo 1 , 2 , Johann

Implementation and Evaluation of a Leakage-Resilient ElGamal KEM David Galindo 1 , 2 , Johann Groschdl 3 , Zhe Liu 3 , Praveen K. Vadnala 3 , Srinivas Vivek 3 1 CNRS/Loria, France 2 SCYTL Secure Electronic Voting, Spain 3 University of

712 views • 33 slides
Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of

Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of

Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of Science Israel Foundations of Cryptography Rigorous analysis of the security of cryptographic schemes Adversarial model Notion of security

428 views • 20 slides
Leakage-Resilient Zero Knowledge Sanjam Garg Abhishek Jain Amit Sahai Leakage-Resilient

Leakage-Resilient Zero Knowledge Sanjam Garg Abhishek Jain Amit Sahai Leakage-Resilient

Leakage-Resilient Zero Knowledge Sanjam Garg Abhishek Jain Amit Sahai Leakage-Resilient Cryptography Traditional Cryptography: adv has only black-box access to a cryptosystem I O LR-Cryptography: open the black-box more

279 views • 25 slides
Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein University of Illinois at Chicago, Technische Universiteit Eindhoven CHES 2012 paper Practical leakage-resilient symmetric cryptography (Faust,

669 views • 30 slides
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar Pandey Indian Statistical Institute Kolkata January 14, 2012 Sumit Kumar Pandey Relaxing IND-CCA: Indistinguishability Against Chosen Outline 1

624 views • 37 slides
Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key

Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key

Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key Encryption Accepted security notion: chosen-ciphertext security (IND-CCA) Public-Key Encryption Accepted security notion: chosen-ciphertext security

1.16k views • 83 slides
Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext Security Jian Weng, Yanjiang

Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext Security Jian Weng, Yanjiang

Introduction Model of C-PRE Our proposed C-PRE Scheme Conclusion Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext Security Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Institute for Infocomm Research (I2R),

1.04k views • 15 slides
LR 2 : LR : Le Leakage-Re Resilient La Layout t Ra Randomization fo for Mo Mobile

LR 2 : LR : Le Leakage-Re Resilient La Layout t Ra Randomization fo for Mo Mobile

LR 2 : LR : Le Leakage-Re Resilient La Layout t Ra Randomization fo for Mo Mobile Devices Kjell Braden , Stephen Crane, Lucas Davi , Michael Franz , Per Larsen , Christopher Liebchen , Ahmad- Reza Sadeghi

578 views • 38 slides
On the power of non-adaptive quantum chosen-ciphertext attacks joint work with Gorjan Alagic

On the power of non-adaptive quantum chosen-ciphertext attacks joint work with Gorjan Alagic

On the power of non-adaptive quantum chosen-ciphertext attacks joint work with Gorjan Alagic (UMD, NIST), Stacey Jeffery (QuSoft, CWI), and Maris Ozols (QuSoft, UvA) Alexander Poremba August 29, 2018 Heidelberg University; California Institute

511 views • 24 slides
Leakage Resilient Masking Schemes Sebastian Faust Ruhr University Bochum 1 Modern cryptography

Leakage Resilient Masking Schemes Sebastian Faust Ruhr University Bochum 1 Modern cryptography

Leakage Resilient Masking Schemes Sebastian Faust Ruhr University Bochum 1 Modern cryptography Until 1970s: Design crypto algorithm secure against one attack Find attack C Find attack B Crypto Crypto algorithm A algorithm B secure against

631 views • 51 slides
Computing World Dan Boneh and Mark Zhandry Stanford University Classical Chosen Message Attack

Computing World Dan Boneh and Mark Zhandry Stanford University Classical Chosen Message Attack

Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World Dan Boneh and Mark Zhandry Stanford University Classical Chosen Message Attack (CMA) m = S(sk, m) signing key sk Classical CMA + Quantum Computer (post-quantum

341 views • 21 slides
How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research Silicon Valley Protecting Sensitive Computations from Leakage/Side-Channel Attacks Sensitive computations: Cryptographic Algorithms Secret Key

232 views • 20 slides
Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec. 5th 2018 1 / 55 Yu Chen 1 Yuyu Wang 2 Hong-Sheng Zhou 3 1 SKLOIS-IIE-CAS, UCAS 2 Tokyo Institute of Technology, IOHK, AIST 3 Virginia Commonwealth

1.29k views • 116 slides
Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec. 5th 2018 1 / 51 Yu Chen 1 Yuyu Wang 2 Hong-Sheng Zhou 3 1 SKLOIS-IIE-CAS, UCAS 2 Tokyo Institute of Technology, IOHK, AIST 3 Virginia Commonwealth

1.2k views • 104 slides
Leakage-Resilient Cryptography with Key Derived from Sensitive Data Konrad Durnoga, Stefan

Leakage-Resilient Cryptography with Key Derived from Sensitive Data Konrad Durnoga, Stefan

Leakage-Resilient Cryptography with Key Derived from Sensitive Data Konrad Durnoga, Stefan Dziembowski, Tomasz Kazana, Micha Zaj c , Maciej Zdanowicz Estonian Computer Science Theory Days Jekla 2-4.10.2015 Computers can be

542 views • 32 slides
Towards Fresh Re-Keying with Leakage-Resilient PRFs: Cipher Design Principles and Analysis d 1 ,

Towards Fresh Re-Keying with Leakage-Resilient PRFs: Cipher Design Principles and Analysis d 1 ,

Towards Fresh Re-Keying with Leakage-Resilient PRFs: Cipher Design Principles and Analysis d 1 , F. De Santis 2 , 3 , J. Heyszl 4 , S. Mangard 3 , S. Bela M. Medwed 5 , J.-M. Schmidt 6 , F.-X. Standaert 7 , S. Tillich 8 1 Ecole Normale Sup

754 views • 29 slides
Online Public Forum 15 DECEMBER 2016 A secure and resilient Nation connected, informed and

Online Public Forum 15 DECEMBER 2016 A secure and resilient Nation connected, informed and

Information Sharing and Analysis Organization (ISAO) Standards Organization Online Public Forum 15 DECEMBER 2016 A secure and resilient Nation connected, informed and empowered. 1 Agenda Why Were Here ISAO Business Model

460 views • 21 slides
Center for Secure and Resilient Maritime Commerce Developing a Resiliency Framework for Regional

Center for Secure and Resilient Maritime Commerce Developing a Resiliency Framework for Regional

Center for Secure and Resilient Maritime Commerce Developing a Resiliency Framework for Regional Freight Platforms T. Wakeman, H. Gajjar, J. Ramirez-Marquez, and H. Salloum Stevens Institute of Technology Center for Secure and Resilient

895 views • 48 slides

More recommend