The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.

Slides:



Advertisements
Similar presentations
Quantum Software Copy-Protection Scott Aaronson (MIT) |
Advertisements

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.
LEAKAGE and TAMPER Resilient Random Access Machine (LTRAM) Pratyay Mukherjee Aarhus University Joint work with Sebastian Faust, Jesper Buus Nielsen and.
REDUCTION-RESILIENT CRYPTOGRAPHY: PRIMITIVES THAT RESIST REDUCTIONS FROM ALL STANDARD ASSUMPTIONS Daniel Wichs (Charles River Crypto Day ‘12)
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Hybrid Signcryption with Insider Security Alexander W. Dent.
11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.
S EMANTICALLY - SECURE FUNCTIONAL ENCRYPTION : P OSSIBILITY RESULTS, IMPOSSIBILITY RESULTS AND THE QUEST FOR A GENERAL DEFINITION Adam O’Neill, Georgetown.
Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
A Designer’s Guide to KEMs Alex Dent
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Foundations of Network and Computer Security J J ohn Black Lecture #5 Sep 6 th 2005 CSCI 6268/TLEN 5831, Fall 2005.
Cryptography in Subgroups of Z n * Jens Groth UCLA.
Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group
Transforming out Timing Leaks (Agat’s approach) Terkel K. Tolstrup Informatics and Mathematical Modelling Technical University of.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
Hybrid Signcryption with Outsider Security
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
Building Better Signcryption Schemes with Tag-KEMs Tor E. Bjørstad and Alexander W. Dent University of Bergen, Norway Royal Holloway, University of London,
A Brief History of Provable Security and PKE Alex Dent Information Security Group Royal Holloway, University of London.
Leakage-Resilient Storage Francesco Davì Stefan Dziembowski Daniele Venturi SCN /09/2010 Sapienza University of Rome.
Foundations of Cryptography Rahul Jain CS6209, Jan – April 2011
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Quadratic Residuosity and Two Distinct Prime Factor ZK Protocols By Stephen Hall.
ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.
CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)
Digital signature in automatic analyses for confidentiality against active adversaries Ilja Tšahhirov, Peeter Laud.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
ON CONTINUAL LEAKAGE OF DISCRETE LOG REPRESENTATIONS Shweta Agrawal IIT, Delhi Joint work with Yevgeniy Dodis, Vinod Vaikuntanathan and Daniel Wichs Several.
Threshold PKC Shafi Goldwasser and Ran Canetti. Public Key Encryption [DH] A PKC consists of 3 PPT algorithms (G,E,D) - G(1 k ) outputs public key e,
Cryptography Lecture 9 Stefan Dziembowski
Utilizing Performance Monitors for Compromising keys of RSA on Intel Platforms Sarani Bhattacharya and Debdeep Mukhopadhyay Dept. of Computer Science and.
Class 5 Channels and Preview CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Public key ciphers 2 Session 6.
Multivariate Signature Scheme using Quadratic Forms Takanori Yasuda (ISIT) Joint work with Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ.)
Multivariate Signature Scheme using Quadratic Forms Takanori Yasuda (ISIT) Joint work with Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ.)
Cryptography Lecture 2 Arpita Patra. Summary of Last Class  Introduction  Secure Communication in Symmetric Key setting >> SKE is the required primitive.
CHES 2002 Presented at the workshop CHES 2002, August 13-15, 2002, Redwood Shores, California, USA.
1 Project Proposals for MAI from COSIC Oct. 6th, pm.
Sandrine AGAGLIATE, FTFC Power Consumption Analysis and Cryptography S. Agagliate Canal+Technologies P. Guillot Canal+Technologies O. Orcières Thalès.
1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.
Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.
A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,
Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland
Weaknesses in the Generic Group Model
Ryan Henry I 538 /B 609 : Introduction to Cryptography.
Randomness Leakage in the KEM/DEM Framework Hitoshi Namiki (Ricoh) Keisuke Tanaka (Tokyo Inst. of Tech.) Kenji Yasunaga (Tokyo Inst. of Tech.  ISIT) ProvSec.
Impossibility proofs for RSA signatures in the standard model Pascal Paillier Topics in Cryptology – CT-RSA 2007.
1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.
Cryptography Resilient to Continual Memory Leakage Zvika Brakerski Weizmann Institute Yael Tauman Kalai Microsoft Jonathan Katz University of Maryland.
Efficient Leakage Resilient Circuit Compilers
Group theory exercise.
Digital signatures.
Digital Signature Schemes and the Random Oracle Model
Cryptography Lecture 12.
Digital Signature Schemes and the Random Oracle Model
Topic 7: Pseudorandom Functions and CPA-Security
Foundations of Network and Computer Security
Provable Security at Implementation-level
Leakage-resilient Signatures
Cryptography Lecture 25.
Cryptography Lecture 23.
Presentation transcript:

The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol

2 Provable Security A proof of security provides a strong argument in favour of a scheme’s security. Most of the major types of cryptosystem have a generally accepted security model. Let us consider the security model for a signature scheme...

3 Provable Security: Signatures public key Signature Oracle m σ (m*,σ*) The forger wins if σ* is a valid signature for the message m* and the signature oracle did not return σ* when asked to sign message m*. F

4 Provable Security Black box model. Many practical implementations give out more information than just the signature. These “side-channels” include: – Timing information. – Power consumption information. – Electro-magnetic radiation information. – Error message information.

5 Physically Observable Security Micali-Reyzin model [TCC 2004]. Passive attackers only. Based on a series of informal axioms: – Only computation leaks information – Different computers leak different information. – Information leakage depends on measurement. – Information leakage is local. – Leaked information is efficiently computable.

6 Physically Observable Security public key Signature Oracle m σ (m*,σ *)

7 Physically Observable Security public key Signature Oracle m σ (m*,σ *) Leakage function leakage

8 Physically Observable Security Note that physically observable security is a physical assumption. I.e. it is only possible to consider whether a machine is secure and not a primitive. Micali-Reyzin approached POS from a “micro” perspective and concentrated on showing how secure components can be combined. We take a “macro” perspective.

9 Physically Observable Security public key Signature Oracle m σ (m*,σ *) Leakage function leakage

10 Security of Signature Schemes mσ leakage

11 Security of Signature Schemes mσ... sk 1 sk 2 sk 3 sk n

12 Security of Signature Schemes mσ... sk 1 sk 2 sk 3 sk n Simulator

13 Security of Signature Schemes If, for each “box”, there exists a polynomial- time algorithm that can simulate the leakage from the box in such a way that no polynomial- time attacker can distinguish it from the real leakage even when the attacker has access to the secret keys for all the other boxes......then the signature scheme is secure against physical attacks if and only if it is secure against black-box attacks.

14 Security of Signature Schemes If you can isolate each component of a signature scheme and effectively simulate all of the side-channel information it produces......then you don’t have to worry about (passive) side-channel attacks against the scheme. Note that “distinguishing” one set of side- channel information from another set of side- channel information is a physical problem.

15 Open problems A physically observable security model that models all passive attackers. A physically observable security model that models active attackers. Signature schemes with branching and looping, and/or with dependent secret keys. Other types of primitive? Encryption?

16 Conclusions We present a theoretical result that suggests that if a signature schemes is – secure in the black-box model, – and the leakage of the individual components of the scheme do not depend on any secret information then the signature scheme is physically secure.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.