Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil - PowerPoint PPT Presentation

Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of Science Israel

Foundations of Cryptography Rigorous analysis of the security of cryptographic schemes Adversarial model Notion of security Computational capabilities What does it mean to break   the system? Access to the system  E k (m) 2

Foundations of Cryptography Rigorous analysis of the security of cryptographic schemes Adversarial model Notion of security Computational capabilities What does it mean to break   the system? Access to the system  Notions of security significantly evolved  Adversarial access analyzed in the “standard model” ...  3

Adversarial Models STANDARD MODEL: REAL LIFE: Abstract computation Physical implementations leak   information Interactive Turing machines  Side-channel attacks  Private memory &  randomness Timing attacks [Kocher 96]  Well-defined adversarial access Fault detection [BDL 97, BS 97]   Can model powerful attacks Power analysis [KJJ 99]   CPA\CCA, composition, key Cache attacks [OST 05]   cycles,... Memory attacks [HSHCPCFAF 08]  SIDE CHANNEL: Any information not captured by the underlying model 4

Modeling Side Channels Canetti, Dodis, Halevi, Kushilevitz, and Sahai ’00  Exposure-resilient functions: functions that “look” random even if several input bits are leaked Ishai, Prabhakaran, Sahai, and Wagner ’03 ’06  Private circuit evaluation allowing several wires to leak Micali and Reyzin ’04  Computation and only computation leaks information Dziembowski and Pietrzak ’08, Pietrzak ’09  Leakage-resilient stream-ciphers Computation and only computation leaks information  Low-bandwidth leakage  5

Memory Attacks [HSHCPCFAF 08] Halderman, Schoen, Heninger, Not only computation leaks information  Clarkson, Paul, Calandrino, Memory retains its content after power is lost  Feldman, Appelbaum and Felten 5 30 60 5 seconds seconds seconds minutes 6 http://citp.princeton.edu/memory

Memory Attacks [HSHCPCFAF 08] Not only computation leaks information  Memory retains its content after power is lost  Memory content can even last for several minutes Extended and further Recover “noisy” keys  analyzed by Heninger & Cold boot attacks  Shacham 09 Completely compromise popular disk encryption systems  Reconstruct DES, AES, and RSA keys  7 http://citp.princeton.edu/memory

Memory Attacks Akavia, Goldwasser Semantic security with key leakage [AGV 09]: & Vaikuntanathan For any* leakage f(sk) and for any m 0 and m 1 infeasible to distinguish E pk (m 0 ) and E pk (m 1 ) pk f f(sk) m 0 , m 1 (sk, pk) Output b’ E pk (m b ) b ← {0,1} Clearly, cannot allow f(sk) that easily reveals sk  [AGV 09]: Regev’s For now f : SK → {0,1} λ |sk| for λ < lattice-based scheme is  resilient to such leakage 8

Our Results A generic construction secure against key leakage  Based on any Hash Proof System [CS 02]  Efficient instantiations  Various number-theoretic assumptions  A new hash proof system  Resulting scheme resilient to leakage of L – o(L) bits  Based on either DDH or d -Linear  The [BHHO 08] circular-secure scheme  Fits into our generic approach  Resilient to leakage of L – o(L) bits  9

Our Results Chosen-ciphertext security  Theoretical side Practical side A generic CPA-to-CCA Efficient variants of Cramer-Shoup   CCA1 : Leakage of L/4 transformation bits  Leakage of L – o(L) CCA2 : Leakage of L/6 bits  bits  Extensions of the [AGV 09] model  Satisfied Noisy leakage  by our Leakage of intermediate values  schemes Keys generated using a “weak” random source  Independently by Tauman Kalai & Vaikuntanathan: [BHHO 08] with hard-to-invert 10 leakage and CPA-to-CCA

Outline of the Talk The generic construction by example  ≈ |sk|/2 An efficient scheme with λ  Extensions of the model  Conclusions & open problems  11

A Simple Scheme G - group of order p in which DDH is hard  Ext : G × {0,1} d → {0,1} - strong extractor  Choose g 1 , g 2 G and x 1 , x 2 Z p ∈ ∈  Key Let h = g 1 x1 g 2 x2  generation Output sk = (x 1 , x 2 ) and pk = (g 1 , g 2 , h)  MAIN IDEA Redundancy : pk corresponds to many possible sk ’s  x1 g 2 x2 reveals only log(p) bits of information on sk=(x 1 h=g 1 ,x 2 )  bits ⇒ sk still has min-entropy log(p) - Leakage of λ λ  12

A Simple Scheme G - group of order p in which DDH is hard  Ext : G × {0,1} d → {0,1} - strong extractor  Choose g 1 , g 2 G and x 1 , x 2 Z p ∈ ∈  Key Let h = g 1 x1 g 2 x2  generation Output sk = (x 1 , x 2 ) and pk = (g 1 , g 2 , h)  d Choose r ∈ Z p and a seed s ∈ {0,1}  Enc pk (m) Output (g 1 r , g 2 r , s, Ext(h r , s) ⊕ m)  Output e ⊕ Ext(u 1 x1 u 2 x2 , s) Dec sk (u 1 , u 2 , s, e)  Correctness: u 1 x1 u 2 = (g 1 x1 g 2 x2 ) r = h r x2 13

Security of the Simple Scheme ≈ log(p) bits Theorem: The scheme is resilient to any leakage of λ half the size of sk Proof by reduction: Adversary for the Algorithm for DDH: encryption scheme (g 1 , g 2 , g 1r , g 2r ) or (g 1 , g 2 , g 1r1 , g 2r2 ) 14

The Reduction (g 1 , g 2 , u 1 , u 2 ) pk = (g 1 , g 2 , h=g 1 x1 g 2 x2 ) sk = (x 1 , x 2 ) f f(sk) If b’ b  m 0 , m 1 output YES u 1 , u 2 , s otherwise NO b’ Ext(u 1 u 2 x2 , s) ⊕ m b x1 Case 1: u 1 = g 1 r & u 2 = g 2 r u 1 x1 u 2 = (g 1 x1 g 2 x2 ) r = h r x2 Simulation is identical to actual attack  By assumption Pr[b’ = b] > 1/2 + 1/poly  15

The Reduction (g 1 , g 2 , u 1 , u 2 ) pk = (g 1 , g 2 , h=g 1 x1 g 2 x2 ) sk = (x 1 , x 2 ) f f(sk) If b’ b  m 0 , m 1 output YES u 1 , u 2 , s otherwise NO b’ Ext(u 1 u 2 x2 , s) ⊕ m b x1 Case 2: u 1 = g 1 & u 2 = g 2 r1 r2 u 1 x1 u 2 is uniform in G x2 Challenge independent of b bits of leakage ⇒ λ  H ∞ (u 1 x1 u 2 x2 ) ≥ log(p) - Pr[b’ = b] = 1/2 λ  16

Hash Proof Systems Key-encapsulation mechanisms with an additional property: Knowing sk , can encapsulate in two modes computationally Valid: Encapsulated key can be recovered  indistinguishable Invalid: Encapsulated key is random  Leakage reduces the min-entropy by at most λ , extract and mask the message Our general construction: Hash proof system + strong extractor Key-encapsulation mechanism resilient to key leakage 17

Hash Proof Systems Key-encapsulation mechanisms with an additional property: Knowing sk , can encapsulate in two modes computationally Valid: Encapsulated key can be recovered  indistinguishable Invalid: Encapsulated key is random  Leakage reduces the min-entropy by at most λ , extract and mask the message Known instantiations: Decisional Diffie-Hellman  Linear family (bilinear groups)  Quadratic residuosity  Composite residuosity (Paillier)  18

Extensions Satisfied By Our Schemes Noisy leakage Leakage not necessarily of bounded length  H ∞ (sk | pk, leakage) > H ∞ (sk | pk) - λ Leakage of intermediate values Once the keys are generated, are all intermediate values erased?  Leakage depends on the random bits used for generating the keys  Crucial for security under composition  Weak random source Keys generated using a low-entropy adversarially chosen source  Need only a min-entropy guarantee for sk  19

Conclusions & Open Problems We can meaningfully model various forms of leakage  We can build efficient schemes that resist them  Leakage-resilient encryption from general assumptions?  From any CPA-secure scheme?  Dealing with “iterative’’ leakage and refreshed keys?  As in leakage-resilient stream-ciphers [DP08, P09]  Other primitives? Other side channels?  Signature Scheme [KV09]  Bounded Retrieval Model [ADW09]  Hard-to-invert leakage [DKL09, KV09]  20