overcoming impossibility results in composable security
play

Overcoming Impossibility Results in Composable Security using - PowerPoint PPT Presentation

Oct 03, 2023 •769 likes •1.25k views

Overcoming Impossibility Results in Composable Security using Interval-Wise Guarantees Daniel Jost Ueli Maurer ETH Zurich Crypto 2020, August 17-21, 2020 Motivation: how to best define security? Aug 17, 2020 2 Daniel Jost Defining Security

  1. Overcoming Impossibility Results in Composable Security using Interval-Wise Guarantees Daniel Jost Ueli Maurer ETH Zurich Crypto 2020, August 17-21, 2020

  2. Motivation: how to best define security? Aug 17, 2020 2 Daniel Jost

  3. Defining Security Game-based security: • Simple and minimal • no direct link to real-world executions • many games • no composition Aug 17, 2020 3 Daniel Jost

  4. Defining Security Game-based security: Composable security: • Guarantees linked to real-world application • Simple and minimal • Modularization • Composition • • More complicated proofs no direct link to real-world executions • Less efficient schemes • many games • Impossibility results • no composition Aug 17, 2020 4 Daniel Jost

  5. Defining Security Game-based security: Composable security: • Guarantees linked to real-world application • Simple and minimal • Modularization • Composition • • More complicated proofs no direct link to real-world executions • Less efficient schemes • many games • Impossibility results • no composition Simulator-commitment problem Aug 17, 2020 5 Daniel Jost

  6. The Commitment Problem • Example : − encrypting a message to protect confidentiality − where adversaries that can (adaptively) learn parties ’ state (including keys) Key π A π B sim Aug 17, 2020 6 Daniel Jost

  7. The Commitment Problem • Example : − encrypting a message to protect confidentiality − where adversaries that can (adaptively) learn parties ’ state (including keys) (Leakable) key Secure channel Key π A π B sim Authenticated channel Aug 17, 2020 7 Daniel Jost

  8. The Commitment Problem • Example : − encrypting a message to protect confidentiality − where adversaries that can (adaptively) learn parties ’ state (including keys) ? Key ≈ π A π B sim Aug 17, 2020 8 Daniel Jost

  9. The Commitment Problem • Example : − encrypting a message to protect confidentiality − where adversaries that can (adaptively) learn parties ’ state (including keys) 1 Key m m π A π B sim Aug 17, 2020 9 Daniel Jost

  10. The Commitment Problem • Example : − encrypting a message to protect confidentiality − where adversaries that can (adaptively) learn parties ’ state (including keys) 1 Key m m π A π B |m| sim c c 2 without m → committed Aug 17, 2020 10 Daniel Jost

  11. The Commitment Problem • Example : − encrypting a message to protect confidentiality − where adversaries that can (adaptively) learn parties ’ state (including keys) 1 Key m m π A π B |m| m sim c k c 2 3 Aug 17, 2020 11 Daniel Jost

  12. The Commitment Problem • Example : − encrypting a message to protect confidentiality − where adversaries that can (adaptively) learn parties ’ state (including keys) 1 Key m m π A π B |m| m sim c k c Cannot come 2 3 up with k that explains c Aug 17, 2020 12 Daniel Jost

  13. The Commitment Problem Observation: • Example : • Leaking only the messages length (and the simulator creating a fake ciphertext) is − encrypting a message to protect confidentiality used to formalize that the message remains confidential until the key leaks − where adversaries that can (adaptively) learn parties ’ state (including keys) • But it causes problems to simulate after that event… 1 Key m m π A π B |m| m sim c k c Cannot come 2 3 up with k that explains c Aug 17, 2020 13 Daniel Jost

  14. The Commitment Problem • Existing solutions : − Allowing for superpolynomial simulators → Still needs stronger schemes / additional setup − Non-information oracles: embedding game-based notions → Lack of clear composition rules Aug 17, 2020 14 Daniel Jost

  15. Contributions Idea of this paper: Can we make to separate statements? • One up to the moment the key leaks (for confidentiality) • One after the key leaked (about the remaining guarantees) Goal: Non-goals: • Express security guarantees of • Requireing less efficient schemes / «regular» schemes composably additional setup • Fall back to game-based security Open question: How would such a notion fit within a composable framework? Aug 17, 2020 15 Daniel Jost

  16. Specifications: a fresh take on composable security Aug 17, 2020 16 Daniel Jost

  17. Rethinking Composable Security: Specifications a resource Aug 17, 2020 17 Daniel Jost

  18. Rethinking Composable Security: Specifications Subset of resources with the desired properties → specification Set of all resources Aug 17, 2020 18 Daniel Jost

  19. Rethinking Composable Security: Specifications ▪ General statement: specification abstraction ▪ Abstract assumed specification by constructed one ▪ Easier to understand Aug 17, 2020 19 Daniel Jost

  20. Rethinking Composable Security: Specifications ▪ General statement: specification abstraction ▪ Abstract assumed specification by constructed one ▪ Easier to understand Aug 17, 2020 20 Daniel Jost

  21. Rethinking Composable Security: Specifications ▪ General statement: specification abstraction ▪ Abstract assumed specification by constructed one ▪ Easier to understand Aug 17, 2020 21 Daniel Jost

  22. Rethinking Composable Security: Specifications ▪ General statement: specification abstraction ▪ Abstract assumed specification by constructed one ▪ Easier to understand Introduced in Mau- Ren’16 Aug 17, 2020 22 Daniel Jost

  23. Rethinking Composable Security: Specifications ▪ General statement: specification abstraction ▪ Abstract assumed specification by constructed one ▪ Easier to understand ▪ While traditional composable framework have a single type of statement, specifications give us flexibility : ▪ Basic properties and compositional guarantees fixed ▪ But not the types of specifications! Aug 17, 2020 23 Daniel Jost

  24. Rethinking Composable Security: Specifications ▪ Advantages: ▪ Absolute statement: no «forgotten» attacks ▪ Composition: transitivity of subset relation ▪ Intersection Aug 17, 2020 24 Daniel Jost

  25. Rethinking Composable Security: Specifications ▪ Advantages: ▪ Absolute statement: no «forgotten» attacks ▪ Composition: transitivity of subset relation ▪ Intersection ∧ Aug 17, 2020 25 Daniel Jost

  26. Rethinking Composable Security: Specifications ▪ Advantages: ▪ Absolute statement: no «forgotten» attacks ▪ Composition: transitivity of subset relation ▪ Intersection Guarantee 2 Guarantee 1 (e.g confidentiality) (e.g authenticity) Aug 17, 2020 26 Daniel Jost

  27. Simulation-based Security ▪ The standard «simulation-based» notion can be expressed as a special case of specification abstraction: Key ≈ π A π B sim Aug 17, 2020 27 Daniel Jost

  28. Simulation-based Security ▪ The standard «simulation-based» notion can be expressed as a special case of specification abstraction: Key ≈ π A π B sim Aug 17, 2020 28 Daniel Jost

  29. Simulation-based Security ▪ The standard «simulation-based» notion can be expressed as a special case of specification abstraction: Key ≈ π A π B Easy to see what Eve can do sim Aug 17, 2020 29 Daniel Jost

  30. Simulation-based Security ▪ The standard «simulation-based» notion can be expressed as a special case of specification abstraction: Key ≈ π A π B sim Aug 17, 2020 30 Daniel Jost

  31. Simulation-based Security ▪ The standard «simulation-based» notion can be expressed as a special case of specification abstraction: Key ≈ π A π B sim ⊆ Aug 17, 2020 31 Daniel Jost

  32. Simulation-based Security ▪ The standard «simulation-based» notion can be expressed as a special case of specification abstraction: Key ≈ ε -relaxation: π A π B the set of all resources that are computationally indistinguishable to one of the original (green) specification. sim ⊆ Aug 17, 2020 32 Daniel Jost

  33. Simulation-based Security ▪ The ε -relaxation has two important properties: 1. Commutes with protocol application 𝜌 ℛ 𝜗 ⊆ 𝜌ℛ 𝜗 2. Monotonicity: ℛ ⊆ 𝒯 ⟹ ℛ 𝜗 ⊆ 𝑇 𝜗 Aug 17, 2020 33 Daniel Jost

  34. Simulation-based Security ▪ The ε -relaxation has two important properties: 1. Commutes with protocol application 𝜌 ℛ 𝜗 ⊆ 𝜌ℛ 𝜗 • The «standard» composition rule can be recovered as a syntactic derivation rule • In particular simulator and ε -relaxation can be ignored in further construction step 2. Monotonicity: ➔ Having structured specifications is crucial for true modularity! ℛ ⊆ 𝒯 ⟹ ℛ 𝜗 ⊆ 𝑇 𝜗 Aug 17, 2020 34 Daniel Jost

  35. Interval-wise Relaxations Aug 17, 2020 35 Daniel Jost

  36. Interval-wise Guarantees We use this specification based view this to overcome commitment problem! • Recall: cannot simulate across exposure of key Key m 1 π A π B • Solution: we formalize the guarantees before and after 3 2 c k the key exposure as separate specifications: m 1. Confidentiality until the key is exposed |m| m 2. Remaining guarantees afterwards sim c Aug 17, 2020 36 Daniel Jost

Recommend

New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem

New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem

New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem for Secure Computation Abishek Kumarasubramanian Secure Computation [Yao,GMW] Security guarantee only Corrupted party learns no when protocol runs

369 views • 16 slides
Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove.

Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove.

Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove. ASIACRYPT 2018 J. P. Degabriele M. Fischlin 1 What this talk is about We propose and explore new security definitions for symmetric encryption

819 views • 24 slides
Concurrently Composable Security With Shielded Super-polynomial Simulators B. Broadnax, N.

Concurrently Composable Security With Shielded Super-polynomial Simulators B. Broadnax, N.

Concurrently Composable Security With Shielded Super-polynomial Simulators B. Broadnax, N. Dttling, G. Hartung, J. Mller-Quade, and M. Nagel Faculty of Computer Science Institute for Theoretical Informatics Research Group for

643 views • 60 slides
EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE &

EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE &

EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE & EXTENSIBLE REST API REST API Thierry Delprat td@nuxeo.com https://github.com/tiry/ AGENDA AGENDA Quick introduction provide some context API design

1.37k views • 75 slides
Circumventing Impossibility Partial Synchrony Circumventing Impossibility Consensus is an

Circumventing Impossibility Partial Synchrony Circumventing Impossibility Consensus is an

Circumventing Impossibility Partial Synchrony Circumventing Impossibility Consensus is an important building block for fault-tolerant computing Universal: any deterministic fault-tolerant service can be implemented on top of it

349 views • 12 slides
Point-Set Topology for Impossibility Results in Distributed Computing Thomas Nowak Overview

Point-Set Topology for Impossibility Results in Distributed Computing Thomas Nowak Overview

Point-Set Topology for Impossibility Results in Distributed Computing Thomas Nowak Overview Introduction Safety vs. Liveness First Example: Wait-Free Shared Memory Message Omission Model Execution Trees Three Classical

845 views • 40 slides
A Simpler Variant of Universally Composable Security for Standard Multi Party Computation Chlo

A Simpler Variant of Universally Composable Security for Standard Multi Party Computation Chlo

A Simpler Variant of Universally Composable Security for Standard Multi Party Computation Chlo e H ebant Ecole Normale Sup erieure February 22, 2018 Chlo e H ebant (ENS) Working Group: SUC Security February 22, 2018 1 / 18

898 views • 42 slides
Control of Networks Algorithms, Fundamental Limitations, Impossibility Results Alex Olshevsky

Control of Networks Algorithms, Fundamental Limitations, Impossibility Results Alex Olshevsky

Control of Networks Algorithms, Fundamental Limitations, Impossibility Results Alex Olshevsky Department of Electrical and Computer Engineering Boston University Linear control theory The study of the linear differential equation x ( t )

881 views • 87 slides
Impossibility Results for Distributed Transactional Memory Paper Reading Group Costas Bunsch

Impossibility Results for Distributed Transactional Memory Paper Reading Group Costas Bunsch

Impossibility Results for Distributed Transactional Memory Paper Reading Group Costas Bunsch Maurice Herlihy Miroslav Popovic Gokarna Sharma Presents: Maksym Planeta 12.11.2015 Table of Contents Introduction Table of Contents

640 views • 22 slides
E R I S A A p p e a l s Overcoming the FAKE Appeal Process What is ERISA

E R I S A A p p e a l s Overcoming the FAKE Appeal Process What is ERISA

AppealTraining.com Webinar Series E R I S A A p p e a l s Overcoming the FAKE Appeal Process What is ERISA Employee Retirement Income Security Act federal law governing employer-sponsored benefit plans. Claim impact:

579 views • 26 slides
The Impossibility of a Paretian Liberal Christian Geist Project: Modern Classics in Social Choice

The Impossibility of a Paretian Liberal Christian Geist Project: Modern Classics in Social Choice

The Author Setting, Definitions and Conditions Sen s Impossibility Theorem and Proof Critique and Ways Out Conclusion The Impossibility of a Paretian Liberal Christian Geist Project: Modern Classics in Social Choice Theory Institute

1.98k views • 15 slides
On the Impossibility of Tight Cryptographic Reduc:ons Christoph Bader, Tibor Jager, Yong Li, Sven

On the Impossibility of Tight Cryptographic Reduc:ons Christoph Bader, Tibor Jager, Yong Li, Sven

On the Impossibility of Tight Cryptographic Reduc:ons Christoph Bader, Tibor Jager, Yong Li, Sven Schge Ruhr-University Bochum EUROCRYPT 2016 1 Tight Cryptographic Reduc:ons 1. Define a security model 2. Prove: efficient a/acker A

835 views • 48 slides
An Impossibility Theorem Seminar Algorithms Kevin Chang Eindhoven University of Technology June

An Impossibility Theorem Seminar Algorithms Kevin Chang Eindhoven University of Technology June

An Impossibility Theorem Seminar Algorithms Kevin Chang Eindhoven University of Technology June 19, 2018 Contents Motivation Definitions The Impossibility Theorem Centroid-Based Clustering and Consistency Relaxing the Properties Table of

1.08k views • 96 slides
Overcoming access control in web APIs How to address security concerns using Sanic Adam Hopkins

Overcoming access control in web APIs How to address security concerns using Sanic Adam Hopkins

Overcoming access control in web APIs How to address security concerns using Sanic Adam Hopkins 1 / 39 class Adam: def __init__(self): self.work = PacketFabric("Sr. Software Engineer") self.oss = Sanic("Core Maintainer")

719 views • 50 slides
REBUILDING THE MONOLITH WITH COMPOSABLE APPS

REBUILDING THE MONOLITH WITH COMPOSABLE APPS

REBUILDING THE MONOLITH WITH COMPOSABLE APPS https://www.quora.com/Why-are-front-end-developers-so-high-in-demand-at-startups-if-front-end-development-is-relatively-easier-than-other-fields-of-engineering 2013

1.17k views • 87 slides
Disjoint-Access Parallelism: Impossibility, Possibility, and Cost of

Disjoint-Access Parallelism: Impossibility, Possibility, and Cost of

Disjoint-Access Parallelism: Impossibility, Possibility, and Cost of Transactional Memory Implementations Sebastiano Peluso 1 , Roberto Palmieri 1 , Paolo Romano 2 , Binoy Ravindran 1 and Francesco Quaglia 3 3 1 2

412 views • 26 slides
Randomized Composable Core-sets for Distributed Op7miza7on

Randomized Composable Core-sets for Distributed Op7miza7on

Randomized Composable Core-sets for Distributed Op7miza7on Vahab Mirrokni Google Research, New York Based on the following papers: 1) Diversity Maximiza7on

933 views • 69 slides
Fused and Composable Heterogeneous Cores Roshan Nair and Anirudh Krishna Villivalam Single cores

Fused and Composable Heterogeneous Cores Roshan Nair and Anirudh Krishna Villivalam Single cores

Fused and Composable Heterogeneous Cores Roshan Nair and Anirudh Krishna Villivalam Single cores Fused/Composable cores Evolution!!! Core Fusion: Accommodating Software Diversity in Chip Multiprocessors Motivation Software Diversity

378 views • 25 slides
Consensus and Its Impossibility in Asynchronous Systems A Few Questions from Protocols We

Consensus and Its Impossibility in Asynchronous Systems A Few Questions from Protocols We

Consensus and Its Impossibility in Asynchronous Systems A Few Questions from Protocols We studied Was it necessary to assume that a node can detect failure of other nodes? What if we could not do that in a system? E.g., if delays

366 views • 22 slides
Termination Impossibility of any infinite sequence G 0 R G 1 R G 2 R . . . given a

Termination Impossibility of any infinite sequence G 0 R G 1 R G 2 R . . . given a

Modular Termination of Graph Transformation 1 Detlef Plump University of York, UK 1 In Graph Transformation, Specifications, and Nets: In Memory of Hartmut Ehrig . LNCS 10800, Springer, 2018 Termination Impossibility of any infinite sequence

215 views • 17 slides
Certificate of impossibility of Hilbert-Artin representation of given degree for definite

Certificate of impossibility of Hilbert-Artin representation of given degree for definite

Certificate of impossibility of Hilbert-Artin representation of given degree for definite polynomials and functions Feng Guo Key Laboratory of Mathematics Mechanization Chinese Academy of Sciences, Beijing North Carolina State University

568 views • 30 slides
How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web,

How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web,

How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web, and Telephone Samples Elissa M. Redmiles, Sean Kross, and Michelle L. Mazurek @eredmil1 eredmiles@cs.umd.edu 30+ papers in the Top 4 security

560 views • 35 slides
Overcoming non-tariff barriers to trade: the role of migrant networks Jos e L. Groizard and

Overcoming non-tariff barriers to trade: the role of migrant networks Jos e L. Groizard and

Intro and literature Empirical approach Results Conclusion Overcoming non-tariff barriers to trade: the role of migrant networks Jos e L. Groizard and Joan Mart n-Montaner Universitat de les Illes Balears Universitat Jaume I &

642 views • 34 slides
Decision Making Beyond Sometimes It Is . . . Cheating May Hurt . . . Arrows Impossibility

Decision Making Beyond Sometimes It Is . . . Cheating May Hurt . . . Arrows Impossibility

Group Decision . . . Case of Three or More . . . Nashs Solution as a . . . Decision Making Beyond Sometimes It Is . . . Cheating May Hurt . . . Arrows Impossibility For Territorial . . . How to Find Individual . . . We Must Take .

822 views • 31 slides

More recommend