Leakage-resilient Signatures Vinod Vaikuntanathan (IBM) Jonathan Katz (IBM & Univ. of Maryland)

Leakage-resilient Crypto Crypto Device Secret-Memory Secret-Key L(SK) L(SM) =SK+… L: any polynomial-size circuit [MR’03,DP’08,P’09,AGV’09,…] What leaks? How much? L: smaller class of circuits [Riv’97,B’99,CDH+’00,ISW’03,FRT’09,RV’09] 2

Models of Leakage What leaks? How much? Bounded Continual Memory Leakage [HSH+’08, AGV’09] “All secret memory leaks” Computational Leakage [MR’03] “Only computation leaks information” How much? Bounded Continual Total leakage < α(|secret|) Leakage in any time-period < α(|secret|) 3

Models of Leakage Bounded Continual Memory Leakage [HSH+’08, AGV’09] [AGV’09, NS’09, ADW’09] This Work Computational Leakage [MR’03] [MR’03, DP’08, P’09,FKPR’09] Bounded Continual 4

Leakage-Resilient Signatures GMR-security against bounded α(.)-memory attacks For every PPT Adv, if |L(SK)| ≤ α(|SK|), Pr[Adv wins] is negligible. PK L Adv L(SK) m Sign(m) (m*,σ*) 5

Leakage-Resilient Signatures [ADW’09] Bounded (1/2-ε)n memory leakage, in random oracle model [FKPR’09] Continual α(n) comp. leakage, assuming 2α(n)-hardness Memory Leakage [ADW’09] Comp. Leakage [FKPR’09] Bounded Continual 6

Our Results Setting: bounded, memory leakage A New Scheme GMR-secure (1-ε) fraction leakage,∀ε>0 Assumption: Semantically secure enc. + NIZK More generally, I would like to come up with a Recipe An Old Scheme (+ tweaks) one-time signature (generally, t-time) ≈ 1/4 fraction leakage Assumption: One-way functions (and more…) 7

Our Results Theorem [FKPR’09] Bounded α(n) leakage ⇒ Continual α(n)/3 comp. leakage (3-time sig) (fully-secure sig) Computational Leakage Memory Bounded Continual This Work Theorem of FKPR This Work + [FKPR’09] 8

Leakage-resilient One-way Functions Definition: Hard to invert f given L(x), for any L s.t. |L(x)| ≤ α(n). Lemma: Any UOWHF is a leakage-resilient OWF. “Proof”: (for CRHFs) h:{0,1}n → {0,1}n/2 is a CRHF L:{0,1}n → {0,1}n/2-1 is any leakage function x has min-entropy ≥ 1 given h(x) and L(x) x has min-entropy n/2 given h(x) Given h(x) and L(x), an inverter returns x'≠x w.p ≥ 1/2 9

Fully-secure Signature UOWHF+ Public-key Encryption+ Simulation-sound NIZK [BFM,Sahai] Assumptions: x є {0,1}n SK: PK: (h, h(x), PKenc, CRSnizk) C = Enc(PKenc,(x,m)) Π = Proof in SS-NIZK that “∃x s.t PK contains h(x) and C is the enc. of (x,m)” Sign(m): Output (C, Π). 10

Proof of Security Three Ideas: Signature contains no (computational) info. on SK - NIZK proof Π is simulatable - Enc(x,m) ≈c Enc(0,m) PK=(h,h(x),…) L(x) Adv m σ=(Enc(0,m),Π) σ=(Enc(x,m),Π) (m*,σ*) 11

Proof of Security Three Ideas: Signature contains no (computational) info. on SK Forgery ⇒ extract a secret-key. - simulation-soundness PK=(h,h(x),…) L(x) Adv σ* contains Enc(x*,m*) where h(x*)=h(x) (m*,σ*) 12

Proof of Security Three Ideas: Signature contains no (computational) info. on SK Forgery ⇒ extract a secret-key. - simulation-soundness PK=(h,h(x),…) L(x) Adv x* s.t. h(x*)=h(x) 13

Proof of Security Three Ideas: Signature contains no (computational) info. on SK Forgery ⇒ extract a secret-key. UOWHF = Leakage-resilient OWF. Contradiction. PK=(h,h(x),…) L(x) Adv x* s.t. h(x*)=h(x) 14

A Recipe? Given signature scheme s.t. H∞[SK given Adv’s view] is non-zero Leakage-resilient Signature Forgery ⇒ extract a secret-key Finding two SK’s for a PK is an “attack” 15

One-time Signature xn,0 x1,0 x2,0 x1,1 … xn,1 x2,1 y1,0 y1,1 yn,0 yn,1 (based on Lamport’78) xn,0 x1,0 x2,0 Assumption: OWF f SK: PK: x1,1 … xn,1 x2,1 y1,0 y1,1 yn,0 yn,1 y2,0 y2,1 (where yi,j = f(xi,j)) (xi,j unif. random) Sign(m1…mn) = (x1,0 x2,1 … xn,0) =01…0 Q: Is Lamport leakage-resilient? 16

! One-time Signature x1,0 … xn,0 y1,0 y2,0 … yn,0 x2,0 x1,1 x2,1 … (based on Lamport’78) Assumption: OWF f x1,0 … xn,0 y1,0 y2,0 … yn,0 x2,0 SK: PK: x1,1 x2,1 … xn,1 y1,1 y2,1 … yn,1 Leakage Sign(01…0) + ! Sign(11…0) 17

One-time Signature xn,0 x1,0 x2,0 x1,1 … xn,1 x2,1 y1,0 y1,1 yn,0 yn,1 (based on Lamport’78) xn,0 x1,0 x2,0 Assumption: OWF f SK: PK: x1,1 … xn,1 x2,1 y1,0 y1,1 yn,0 yn,1 y2,0 y2,1 Sign'(m) = Sign(ECC(m)) 18

One-time Signature xn,0 x1,0 x2,0 x1,1 … xn,1 x2,1 y1,0 y1,1 yn,0 yn,1 (based on Lamport’78) xn,0 x1,0 x2,0 Assumption: OWF f SK: PK: x1,1 … xn,1 x2,1 y1,0 y1,1 yn,0 yn,1 y2,0 y2,1 Sign'(m) = Sign(ECC(m)) Still insecure: Consider f(x) that ignores 99% of x; outputs OWF(1% of x). Solution: Let f be a leakage-resilient OWF (=UOWHF) 19

One-time Signature xn,0 x1,0 x2,0 x1,1 … xn,1 x2,1 y1,0 y1,1 yn,0 yn,1 (based on Lamport’78) xn,0 x1,0 x2,0 Assumption: UOWHF h (=OWF [NY,R]) SK: PK: x1,1 … xn,1 x2,1 y1,0 y1,1 yn,0 yn,1 y2,0 y2,1 Sign'(m) = Sign(ECC(m)) 20

? An Open Question This Work: Bounded, memory leakage +FKPR’09: Continual, computational leakage Best of both worlds? ? Memory Leakage This Work Computational Leakage This Work + [FKPR’09] Bounded Continual 21

Thanks! 22