Provable Security at Implementation-level

Slides:



Advertisements
Similar presentations
Quantum Software Copy-Protection Scott Aaronson (MIT) |
Advertisements

Protecting Circuits from Leakage Sebastian Rome La Sapienza, January 18, 2009 Joint work with KU Leuven Tal Rabin Leo Reyzin Eran Tromer Vinod.
Its Not The Assumption, Its The Reduction GMfest13c Assumptions Panel Presentation Ran Canetti.
Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.
PRATYAY MUKHERJEE Aarhus University Joint work with
Private Circuits Protecting Circuits Against Side-Channel Attacks Yuval Ishai Technion & UCLA Based on joint works with Manoj Prabhakaran, Amit Sahai,
LEAKAGE and TAMPER Resilient Random Access Machine (LTRAM) Pratyay Mukherjee Aarhus University Joint work with Sebastian Faust, Jesper Buus Nielsen and.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.
Achieving Byzantine Agreement and Broadcast against Rational Adversaries Adam Groce Aishwarya Thiruvengadam Ateeq Sharfuddin CMSC 858F: Algorithmic Game.
Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.
PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 28. MARCH 2014 NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014.
TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)
Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.
The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
CS555Spring 2012/Topic 41 Cryptography CS 555 Topic 4: Computational Approach to Cryptography.
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
Leakage-Resilient Storage Francesco Davì Stefan Dziembowski Daniele Venturi SCN /09/2010 Sapienza University of Rome.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions J. Buchmann, E. Dahmen, A. Hülsing | TU Darmstadt |
Digital signature in automatic analyses for confidentiality against active adversaries Ilja Tšahhirov, Peeter Laud.
1 CIS 5371 Cryptography 3. Private-Key Encryption and Pseudorandomness B ased on: Jonathan Katz and Yehuda Lindel Introduction to Modern Cryptography.
Cryptography on Non-Trusted Machines Stefan Dziembowski.
Cryptography and Network Security (CS435) Part One (Introduction)
1 Project Proposals for MAI from COSIC Oct. 6th, pm.
1 Reasoning about Concrete Security in Protocol Proofs A. Datta, J.Y. Halpern, J.C. Mitchell, R. Pucella, A. Roy.
1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.
Lecture 2: Introduction to Cryptography
1 Message authentication codes, modes of operation, and indifferentiability Kan Yasuda (NTT, Japan) ASK 2011 Aug. 31, Singapore.
1 Information Security – Theory vs. Reality , Winter Lecture 13: Cryptographic leakage resilience (cont.) Eran Tromer Slides credit:
Protecting Cryptographic Memory against Tampering Attack PRATYAY MUKHERJEE PhD Dissertation Seminar Supervised by Jesper Buus Nielsen October 8, 2015.
The RC5 Encryption Algorithm: Two Years On Lisa Yin RC5 Encryption –Ron Rivest, December 1994 –Fast Block Cipher –Software and Hardware Implementations.
Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland
TRUSTED FLOW: Why, How and Where??? Moti Yung Columbia University.
1 CIS 5371 Cryptography 1.Introduction. 2 Prerequisites for this course  Basic Mathematics, in particular Number Theory  Basic Probability Theory 
1 Information Security – Theory vs. Reality , Winter Lecture 9: Leakage resilience (continued) Lecturer: Eran Tromer.
CMSC 414 Computer (and Network) Security Lecture 3 Jonathan Katz.
Bounded key-dependent message security
Secret Key Cryptography
Efficient Leakage Resilient Circuit Compilers
Security of Digital Signatures
The Exact Round Complexity of Secure Computation
Carmit Hazay (Bar-Ilan University, Israel)
Attacks on Public Key Encryption Algorithms
Overview on Hardware Security
Key Substitution Attacks on Some Provably Secure Signature Schemes
History and Background Part 3: Polyalphabetic Ciphers
Information and Network Security
Topic 14: Random Oracle Model, Hashing Applications
Dude, where’s that IP? Circumventing measurement-based geolocation
Cryptographic Hash Functions Part I
Cryptography Lecture 13.
A Tamper and Leakage Resilient von Neumann Architecture
Janardhan Rao (Jana) Doppa, Alan Fern, and Prasad Tadepalli
Phillipa Gill University of Toronto
Cryptography Lecture 19.
Unknown Input Attacks in the Parallel Setting Improving the Security of the CHES 2012 Leakage Resilient PRF Marcel Medwed François-Xavier Standaert Ventzislav.
Objective of This Course
PART VII Security.
Cryptography and Network Security
Masayuki Fukumitsu Hokkaido Information University, Japan
Cryptographic Hash Functions Part I
Cryptography Lecture 5.
Cryptography Lecture 13.
Cryptanalysis Network Security.
Cryptography and Network Security
Presentation transcript:

Provable Security at Implementation-level 011011001010010010100110010111100101101010001010100100101100101000101001010101010100011010010101010010001010010111100111101001101001001010101000101010101001010101010100101001010101010100101001110010010010001010000010101100001001010001001111010010101001010010101011100101000001011101001011011001010010010100110010111100101101010001010100100101100101000101001010101010100011001001010010100100010100100101000101010101001010101010100101001010101010100101001110010010010001010000010101100001001010001001111010010101001010010010101010001010100001011100101001010101010100101001010101010100110010010110010100010100101010000101110110000110110011010001101100101001001010011001011110010110101000101010010010110010100010100101010101010001101001010101001000101001011110011110100110100100101010100010101010100101010101010010100101010101010010100111001001001000101000001010110000100101000100111101001010100101001010101110010100000101110100101101100101001001010011001011110010110101000101010010010110010100010100101010101010001100100101001010010001010010010100010101010100101010101010010100101010101010010100111001001001000101000001010110000100101000100111101001010100101001001010101000101010000101110010100101010101010010100101010101010011001001011001010001010010101000010111011000011011001101000110110010100100101001100101111001011010100010101001001011001010001010010101010101000110100101010100100010100101111001111010011010010010101010001010101010010101010101001010010101010101001010011100100100100010100000101011000010010100010011110100101010010100101010111001010000010111010010110110010100100101001100101111001011010100010101001001011001010001010010101010101000110010010100101001000101001001010001010101010010101010101001010010101010101001010011100100100100010100000101011000010010100010011110100101010010100100101010100010101000010111001010010101010101001010010101010101001100100101100101000101001010100001011101100001101100110100011011001010010010100110010111100101101010001010100100101100101000101001010101010100011010010101010010001010010111100111101001101001001010101000101010101001010101010100101001010101010100101001110010010010001010000010101100001001010001001111010010101001010010101011100101000001011101001011011001010010010100110010111100101101010001010100100101100101000101001010101010100011001001010010100100010100100101000101010101001010101010100101001010101010100101001110010010010001010000010101100001001010001001111010010101001010010010101010001010100001011100101001010101010100101001010101010100110010010110010100010100101010000101110110000110110011010011011001010010010100110010111100101101010001010100100101100101000101001010101010100011010010101010010001010010111100111101001101001001010101000101010101001010101010100101001010101010100101001110010010010001010000010101100001001010001001111010010101001010010101011100101000001011101001011011001010010010100110010111100101101010001010100100101100101000101001010101010100011001001010010100100010100100101000101010101001010101010100101001010101010100101001110010010010001010000010101100001001010001001111010010101001010010010101010001010100001011100101001010101010100101001010101010100110010010110010100010100101010000101110110000110110011010001101100101001001010011001011110010110101000101010010010110010100010100101010101010001101001010101001000101001011110011110100110100100101010100010101010100101010101010010100101010101010010100111001001001000101000001010110000100101000100111101001010100101001010101110010100000101110100101101100101001001010011001011110010110101000101010010010110010100010100101010101010001100100101001010010001010010010100010101010100101010101010010100101010101010010100111001001001000101000001010110000100101000100111101001010100101001001010101000101010000101110010100101010101010010100101010101010011001001011001010001010010101000010111011000011011001101001101100101001001010011001011110010110101000101010010010110010100010100101010101010001101001010101001000101001011110011110100110100100101010100010101010100101010101010010100101010101010010100111001001001000101000001010110000100101000100111101001010100101001010101110010100000101110100101101100101001001010011001011110010110101000101010010010110010100010100101010101010001100100101001010010001010010010100010101010100101010101010010100101010101010010100111001001001000101000001010110000100101000100111101001010100101001001010101000101010000101110010100101010101010010100101010101010011001001011001010001010010101000010111011000011011001101000110110010100100101001100101111001011010100010101001001011001010001010010101010101000110100101010100100010100101111001111010011010010010101010001010101010010101010101001010010101010101001010011100100100100010100000101011000010010100010011110100101010010100101010111001010000010111010010110110010100100101001100101111001011010100010101001001011001010001010010101010101000110010010100101001000101001001010001010101010010101010101001010010101010101001010011100100100100010100000101011000010010100010011110100101010010100100101010100010101000010111001010010101010101001010010101010101001100100101100101000101001010100001011101100001101100110100110110010100100101001100101111001010100101111001111010011010010010101010001010101010010101010101001010010101010101001010011100100100100010100000101011000010010100010011110100101010010100000010111010010110110010101010010101010101001100100101100101000101001010100001011101100001101100110100011011001010010010100110010111100101101010001010 010100101111001111010011010010010101010001010101010010101010101001010010101010101001010011100100100100010100000101011000010010100010011110100101010010100000010111010010110110010101010010101010101001100100101100101000101001010100001011101100001101100110100011011001010010010100110010111100101101010001010 Provable Security at Implementation-level Sebastian Faust sfaust@esat.kuleuven.be Provable Security Provable security has nowadays become the standard way of designing cryptographic protocols. The idea is to first develop an adversarial model, defining the security of the protocol, and then to rigorously prove that no such adversary can exist. Traditional provable security treats cryptographic algorithms as black boxes: an adversary may have access to inputs and outputs, but the computation within the box stays secret. The Challenge The black box model does not match reality if there are more powerful attacks on the algorithm's implementation. An important example in this context are side-channel attacks. The goal of this project is to develop theoretical models that allow for provable security guarantees on the implementation-level. Cipher message ciphertext Adversarial Model The adversarial model specifies the abilities of the adversary. It has been shown that some limitation of the adversaries’ power is necessary. One of the main challenges of this project is to develop reasonable restrictions such that practical attacks are still taken into account. State of the Art Micali & Reyzin presented a generic model, in which each step of the computation is associated with a leakage function. They show how to build more complex schemes out of physically secure primitives under a set of axioms specifying the physical world. Reality Model A different approach was taken by Ishai et. al. They analyze boolean circuits and study their security against probing and tampering adversaries. Recent Research The M&R model is not suitable for the analysis of cryptographic schemes because for each construction a new tailored assumption needs to be introduced. While the model of Ishai et. al studies invasive adversaries, in practice non-invasive opponents are a bigger threat. Thus, we analyze circuit transformations in the power-analysis model. Remarkably, the constructions from Ishai et. al fail to provide security. Future Research Further restrictions to the MR04 model (e.g. constant or bounded leakage functions) Continue analysis in the power analysis model. Study instruction set as used in smart cards and search for program transformations.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.