Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of Science Israel
Foundations of Cryptography Rigorous analysis of the security of cryptographic schemes Adversarial model Notion of security Computational capabilities What does it mean to break the system? Access to the system E k (m) 2
Foundations of Cryptography Rigorous analysis of the security of cryptographic schemes Adversarial model Notion of security Computational capabilities What does it mean to break the system? Access to the system Notions of security significantly evolved Adversarial access analyzed in the “standard model” ... 3
Adversarial Models STANDARD MODEL: REAL LIFE: Abstract computation Physical implementations leak information Interactive Turing machines Side-channel attacks Private memory & randomness Timing attacks [Kocher 96] Well-defined adversarial access Fault detection [BDL 97, BS 97] Can model powerful attacks Power analysis [KJJ 99] CPA\CCA, composition, key Cache attacks [OST 05] cycles,... Memory attacks [HSHCPCFAF 08] SIDE CHANNEL: Any information not captured by the underlying model 4
Modeling Side Channels Canetti, Dodis, Halevi, Kushilevitz, and Sahai ’00 Exposure-resilient functions: functions that “look” random even if several input bits are leaked Ishai, Prabhakaran, Sahai, and Wagner ’03 ’06 Private circuit evaluation allowing several wires to leak Micali and Reyzin ’04 Computation and only computation leaks information Dziembowski and Pietrzak ’08, Pietrzak ’09 Leakage-resilient stream-ciphers Computation and only computation leaks information Low-bandwidth leakage 5
Memory Attacks [HSHCPCFAF 08] Halderman, Schoen, Heninger, Not only computation leaks information Clarkson, Paul, Calandrino, Memory retains its content after power is lost Feldman, Appelbaum and Felten 5 30 60 5 seconds seconds seconds minutes 6 http://citp.princeton.edu/memory
Memory Attacks [HSHCPCFAF 08] Not only computation leaks information Memory retains its content after power is lost Memory content can even last for several minutes Extended and further Recover “noisy” keys analyzed by Heninger & Cold boot attacks Shacham 09 Completely compromise popular disk encryption systems Reconstruct DES, AES, and RSA keys 7 http://citp.princeton.edu/memory
Memory Attacks Akavia, Goldwasser Semantic security with key leakage [AGV 09]: & Vaikuntanathan For any* leakage f(sk) and for any m 0 and m 1 infeasible to distinguish E pk (m 0 ) and E pk (m 1 ) pk f f(sk) m 0 , m 1 (sk, pk) Output b’ E pk (m b ) b ← {0,1} Clearly, cannot allow f(sk) that easily reveals sk [AGV 09]: Regev’s For now f : SK → {0,1} λ |sk| for λ < lattice-based scheme is resilient to such leakage 8
Our Results A generic construction secure against key leakage Based on any Hash Proof System [CS 02] Efficient instantiations Various number-theoretic assumptions A new hash proof system Resulting scheme resilient to leakage of L – o(L) bits Based on either DDH or d -Linear The [BHHO 08] circular-secure scheme Fits into our generic approach Resilient to leakage of L – o(L) bits 9
Our Results Chosen-ciphertext security Theoretical side Practical side A generic CPA-to-CCA Efficient variants of Cramer-Shoup CCA1 : Leakage of L/4 transformation bits Leakage of L – o(L) CCA2 : Leakage of L/6 bits bits Extensions of the [AGV 09] model Satisfied Noisy leakage by our Leakage of intermediate values schemes Keys generated using a “weak” random source Independently by Tauman Kalai & Vaikuntanathan: [BHHO 08] with hard-to-invert 10 leakage and CPA-to-CCA
Outline of the Talk The generic construction by example ≈ |sk|/2 An efficient scheme with λ Extensions of the model Conclusions & open problems 11
A Simple Scheme G - group of order p in which DDH is hard Ext : G × {0,1} d → {0,1} - strong extractor Choose g 1 , g 2 G and x 1 , x 2 Z p ∈ ∈ Key Let h = g 1 x1 g 2 x2 generation Output sk = (x 1 , x 2 ) and pk = (g 1 , g 2 , h) MAIN IDEA Redundancy : pk corresponds to many possible sk ’s x1 g 2 x2 reveals only log(p) bits of information on sk=(x 1 h=g 1 ,x 2 ) bits ⇒ sk still has min-entropy log(p) - Leakage of λ λ 12
A Simple Scheme G - group of order p in which DDH is hard Ext : G × {0,1} d → {0,1} - strong extractor Choose g 1 , g 2 G and x 1 , x 2 Z p ∈ ∈ Key Let h = g 1 x1 g 2 x2 generation Output sk = (x 1 , x 2 ) and pk = (g 1 , g 2 , h) d Choose r ∈ Z p and a seed s ∈ {0,1} Enc pk (m) Output (g 1 r , g 2 r , s, Ext(h r , s) ⊕ m) Output e ⊕ Ext(u 1 x1 u 2 x2 , s) Dec sk (u 1 , u 2 , s, e) Correctness: u 1 x1 u 2 = (g 1 x1 g 2 x2 ) r = h r x2 13
Security of the Simple Scheme ≈ log(p) bits Theorem: The scheme is resilient to any leakage of λ half the size of sk Proof by reduction: Adversary for the Algorithm for DDH: encryption scheme (g 1 , g 2 , g 1r , g 2r ) or (g 1 , g 2 , g 1r1 , g 2r2 ) 14
The Reduction (g 1 , g 2 , u 1 , u 2 ) pk = (g 1 , g 2 , h=g 1 x1 g 2 x2 ) sk = (x 1 , x 2 ) f f(sk) If b’ b m 0 , m 1 output YES u 1 , u 2 , s otherwise NO b’ Ext(u 1 u 2 x2 , s) ⊕ m b x1 Case 1: u 1 = g 1 r & u 2 = g 2 r u 1 x1 u 2 = (g 1 x1 g 2 x2 ) r = h r x2 Simulation is identical to actual attack By assumption Pr[b’ = b] > 1/2 + 1/poly 15
The Reduction (g 1 , g 2 , u 1 , u 2 ) pk = (g 1 , g 2 , h=g 1 x1 g 2 x2 ) sk = (x 1 , x 2 ) f f(sk) If b’ b m 0 , m 1 output YES u 1 , u 2 , s otherwise NO b’ Ext(u 1 u 2 x2 , s) ⊕ m b x1 Case 2: u 1 = g 1 & u 2 = g 2 r1 r2 u 1 x1 u 2 is uniform in G x2 Challenge independent of b bits of leakage ⇒ λ H ∞ (u 1 x1 u 2 x2 ) ≥ log(p) - Pr[b’ = b] = 1/2 λ 16
Hash Proof Systems Key-encapsulation mechanisms with an additional property: Knowing sk , can encapsulate in two modes computationally Valid: Encapsulated key can be recovered indistinguishable Invalid: Encapsulated key is random Leakage reduces the min-entropy by at most λ , extract and mask the message Our general construction: Hash proof system + strong extractor Key-encapsulation mechanism resilient to key leakage 17
Hash Proof Systems Key-encapsulation mechanisms with an additional property: Knowing sk , can encapsulate in two modes computationally Valid: Encapsulated key can be recovered indistinguishable Invalid: Encapsulated key is random Leakage reduces the min-entropy by at most λ , extract and mask the message Known instantiations: Decisional Diffie-Hellman Linear family (bilinear groups) Quadratic residuosity Composite residuosity (Paillier) 18
Extensions Satisfied By Our Schemes Noisy leakage Leakage not necessarily of bounded length H ∞ (sk | pk, leakage) > H ∞ (sk | pk) - λ Leakage of intermediate values Once the keys are generated, are all intermediate values erased? Leakage depends on the random bits used for generating the keys Crucial for security under composition Weak random source Keys generated using a low-entropy adversarially chosen source Need only a min-entropy guarantee for sk 19
Conclusions & Open Problems We can meaningfully model various forms of leakage We can build efficient schemes that resist them Leakage-resilient encryption from general assumptions? From any CPA-secure scheme? Dealing with “iterative’’ leakage and refreshed keys? As in leakage-resilient stream-ciphers [DP08, P09] Other primitives? Other side channels? Signature Scheme [KV09] Bounded Retrieval Model [ADW09] Hard-to-invert leakage [DKL09, KV09] 20
Recommend
More recommend