Download presentation

Presentation is loading. Please wait.

Published byAvery Pilgrim Modified over 3 years ago

1
Private Circuits Protecting Circuits Against Side-Channel Attacks Yuval Ishai Technion & UCLA Based on joint works with Manoj Prabhakaran, Amit Sahai, David Wagner

2
A Live Demonstration Can you keep secrets? … and now?

3
Talk Overview The goal Security definition Overview of results and techniques Open questions

4
The Goal s m AES(s,m) s’ m AES(s,m) Same I/O functionality Keeps s secret even in the presence of side-channel attacks. - leakage - tampering

5
Comparison with Related Work Protecting general, reactive circuits –vs. realizing a specific task [DP08] –vs. a one-time computation [GKR08] Continuous and adaptive leakage/tampering –vs. bounded leakage [AGV09] Entire circuit susceptible to leakage/tampering –vs. “only computation leaks information” [MR04] –vs. “algorithmic tamper-proof security” [GLM+04]

6
INPUT OUTPUT CIRCUIT MEMORY The Model In each cycle: –Adv chooses input –Adv chooses an admissible (t-bounded) attack Leakage and/or tampering from a specified class –Adv observes output + leakage –Memory state is updated

7
INPUT OUTPUT CIRCUIT MEMORY Circuit Transformers T=(T C,T s ), on inputs k,t, maps C to C’ and s 0 to s 0 ’. T s must be randomized –Otherwise initial state s 0 is revealed by probing C’ can be either randomized or (better yet) deterministic. C INPUT OUTPUT CIRCUIT MEMORY T C’ s0s0 s0’s0’

8
INPUT OUTPUT CIRCUIT MEMORY Security Definition T respects functionality: C[s 0 ] C’[s 0 ’] T protects privacy: C Sim t-bounded Adv s 0 Sim Adv,C[s0] view of Adv attacking C’[s 0 ’] –Even in case of tampering, only privacy is required C INPUT OUTPUT CIRCUIT MEMORY T C’ s0s0 s0’s0’

9
INPUT OUTPUT CIRCUIT MEMORY Relation with Obfuscation C’[s 0 ’] should act like a “virtual black-box” for C[s 0 ]. –Even in the presence of side-channel attacks Negative results for obfuscation [BGI+01,GK05] restrict classes of attacks that can be tolerated –Can’t probe all wires in a single cycle –Can’t leak an arbitrary predicate of the state [BGI+01,GK05,DP06] –Can’t freely “edit” gates and wires C INPUT OUTPUT CIRCUIT MEMORY T C’ s0s0 s0’s0’

10
Results: Passive Attacks I-Sahai-Wagner03: probing attacks –Adv probes t wires in each cycle –Several circuit transformers |C’|=O(t 2 ) |C|, randomized |C’|=O(t 2 ) |C|+poly(t,k), deterministic |C’|=O~(|C|), t= ~(width(C)) probes can’t be added within a cycle –Randomized routing technique Faust-Rabin-Reyzin-Tromer-Vaikuntanathan10: –constant depth leakage (e.g., AC 0 ) with t-bit output |C’|=O((t+k) 2 ) |C| –noisy leakage: each bit flipped with prob. p |C’|=O(k 2 ) |C| –both require tamper-proof, randomized “opaque gates”

11
Results: Tampering Attacks I-Prabhakaran-Sahai-Wagner 06: –Permanent Reset attacks, unbounded |C’|=O(k 2 ) |C| –Permanent Set/Reset/Toggle, up to t per cycle |C’|=poly(k,t) |C| Requires AND gates of fan-in O(kt) –Both constructions can be made deterministic

12
Probing Attacks and MPC Standard MPC Client-Server MPC Input clients Servers Output clients [BGW88,CCD88]: Unconditional security if t<n/2 parties are passively corrupted. Unconditional security if t<n/2 servers are corrupted.

13
Probing Attacks and MPC Client-Server MPC Input clients Servers Output clients Unconditional security if t<n/2 servers are corrupted. Further extending MPC model: -Reactive functionalities -Mobile adversary [OY91] -No online randomness [CH94]

14
MPC on Silicon xixi yiyi S2S2 output client input client initializer s0s0 S1S1 S3S3 S2S2 S1S1 S3S3 S2S2 S1S1 S3S3 S2S2 S1S1 S3S3 Conversely: Private circuit MPC T C =protocol compiler T s = initializer algorithm

15
MPC on Silicon? Very different optimization goals –Typical MPC: maximize resilience / #parties –Private circuits: maximize resilience / computation Ideally: many tiny parties, constant fractional resilience Using MPC protocols from the literature –BGW88: Based on Shamir’s secret sharing 2t+1 servers, O~(t 2 )|C| computation, nontrivial field arithmetic –“GMW-lite” [GMW87,GV87,GHY87]: Based on additive (XOR) secret sharing t+1 servers O(t 2 )|C| computation in OT-hybrid model Implement OT calls via additional servers! ISW03 construction is an optimized version of this approach s0’s0’

16
Concrete ISW03 Implementation Secrets additively shared into m=2t+1 shares Given shares of a=a 1 … a m, b=b 1 … b m –Compute shares of Not(a) : apply NOT to a 1 –Compute shares c i of a AND b : Let z i,j, i<j, be random independent bits Let z j,i =(z i,j a i b j ) a j b i Let c i =a i b i j i z i,j Randomness gates eliminated by using 2t+1 copies of a PRG s0’s0’

17
Tampering Attacks Recall model –adversary can permanently set, reset, toggle t wires in each cycle –eventually, all wires can be tampered with! –can’t use standard MPC, error-correction, signatures… Idea: “self-destruct” if tampering is detected –How to implement if even self-destruction mechanism can be tampered with? Idea: randomized mine-field –Any tampering attempt can trigger a mine –Few lucky tampering attempts do not harm

18
The High Level Approach Consider (unbounded) Reset attacks Encode each value in C by a pair of values –0 01 –1 10 –00, 11 interpreted as A Reset can either leave a value unchanged or turn it to Propagate to outputs and memory (self-destruct) Still need to worry about correlation between secrets and Solution: Use ISW03 to get “k-wise independence” –Adv should get lucky k times to violate privacy –Being unlucky even a single time causes self-destruction General Set/Reset/Toggle attacks handled via longer encodings

19
The Low-Level Details A hacker’s paradise…

20
The Low-Level Details A hacker’s paradise…

21
Further Research: Leakage Extend feasibility to other classes of leakage –other realistic leakage classes (power analysis, …) –“only computation leaks information” –… anything that does not imply obfuscation –leakage-resilient MPC? Probing attacks –improve efficiency and resilience –motivates new MPC complexity questions –potential application for “MPC-friendly codes” [CC06,…] Constant-depth leakage –eliminate “opaque gates” and randomness –is [ISW03] secure?

22
Interactive Compression [FRRTV10] Compression algorithm for f [HN06]: unbounded “solver” f(x) compression algorithm x y Shares of state Leakage function Observed leakage Adversary’s computation

23
Interactive Compression [FRRTV10] Can parity be compressed? –[Håstad]: Circuits of depth d and size 2^k 1/d can’t compute XOR k compression to k 1/d bits is hard for such circuits –[DI06]: even compression to k.99 bits is hard! constant-depth leakage with t= k.99 is safe Previous compression model doesn’t handle adaptive attacks –reduction to non-adaptive case yields poor bounds –motivates study of “interactive compression”

24
Communication Complexity Game Weak Strong X=01000100111010 Parity(X) Circuit complexity: Weak sends one bit Compression: Weak sends t bits in one message Interactive compression: Weak sends t bits overall Challenge: good lower bounds for interactive compression

25
Further Research: Tampering Tolerate an unbounded number of attacks –Possible using tamper-proof components of size k –Open: use components of size O(1) Tolerate wider classes of tampering + leakage Develop a general theory –Apply general non-malleable codes [DPW10] –Tamper-resilient MPC

26
Conclusion Bottomless pool of open questions Motivate independently interesting theoretical questions –Leakage- and tamper-resilient MPC –Feasibility of relaxed obfuscation –Hardness of compression Relevance to practice?

Similar presentations

OK

On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA),

On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA),

© 2018 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google