Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland."— Presentation transcript:

1 Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland

2 2 Bounded total leakage Introduced in context of cold boot attacks [AGV09] Continuous leakage Models many side-channel attacks Security against leakage Leakage function is PPT Leakage bounded in total Leakage can depend on complete state Results: NS09, ADW09, KV09,… Leakage function is PPT Leakage bounded per observation Only computation leaks Stream cipher: DP08, P09 This work: Signatures

3 3 Digital Signatures Three algorithms: KeyGen Sign k pk,sk sk Verify pk

4 4 Standard Security Definition (pk,sk) … (q-times,є)-secure: probability є that adversary outputs forgery How to extend this definition to leakage setting? pk Valid forgery: Verification succeeds and message has never been queried before repeat q times

5 5 Leakage Setting pk … f1f1 f 1 (sk,r 1 ) f2f2 f 2 (sk,r 2 ) fqfq f q (sk,r q ) (pk,sk) Security against leakage Arbitrary leakage functions? No! Leakage function can output complete key Solution: Bound amount of leakage

6 pk … f1f1 f 1 (sk) f2f2 f 2 (sk) fqfq f q (sk) (pk,sk) (q,є,λ T )-secure against total leakage probability є that adversary outputs forgery Bounded Total Leakage Total leakage λ T = ∑ |f i (sk)| 6 < |sk|

7 7 Instantiations Every signature scheme is secure against bounded total leakage Can we do without this loss? Yes! e.g.: [AlwenDodisWichs09], [KatzVai09]: Okamoto-Schnorr signatures are secure even if constant fraction of key is leaked Drawback: exponential security loss in λ Sig (q, 2 λ є, λ)-secure against total leakage (q,є)-secure Sig

8 8 Continuous leakage Idea: use key-evolution Problem: leakage function can output key Continuous leakage: bounded amount per observation (  total leakage >> |sk|) Signature scheme has to be stateful Bounded total leakage insufficient in practice

9 9 Stateful Digital Signatures KeyGen Sign k pk,sk 0 sk i-1 Verify pk sk i All signatures can be verified with same pk

10 10 Second Assumption Axiom of [MR04]: “Only computation leaks” S+S+ S-S- active passive Divide state in two parts f(S + ) In other words: Leakage is independent of untouched memory

11 11 pk … f1f1 f 1 (sk 0 + ) f2f2 f 2 (sk 1 + ) fqfq f q (sk q + ) (pk,sk) Security against continuous leakage (q,є,λ)-secure against continuous leakage probability є that adversary outputs forgery sk 0 + sk 0 - f1f1 λ bits < |sk| Bound in round: Can simulate all intermediate results & leak about them

12 12 pk … f1f1 f 1 (sk 0 + ) f2f2 f 2 (sk 1 + ) fqfq f q (sk q + ) (pk,sk) Security against continuous leakage (q,є,λ)-secure against continuous leakage probability є that adversary outputs forgery sk 0 + sk 0 - f1f1 λ bits < |sk| sk 1 + sk 1 - f2f2 λ bits … Total leakage >> |sk| Bound in round: upd

13 13 Leakage-resilient signatures λ bits of total leakage Sig Sig’ λ/3 bits per invocation Main theorem: Use tree based scheme [NaorYung],[Lam],[Merkle] Basic idea: (3, є, λ)-secure against total leakage (q, qє, λ/3)-secure against continuous leakage

14 14 Tree based signatures SIG’ w w0 … … w1 R Public key of Sig’ is assigned to root (pk,sk 0 ) ← KeyGen(rand) For now: assume existence of physical randomness: i.e. device that outputs randomness can be eliminated with leakage resilient stream cipher!

15 15 w w0 … … w1 R Visit nodes in depth-first traversal At each node that is visited: Public key of Sig’ is assigned to root (pk,sk 0 ) ← KeyGen(rand) generate new keys sign new pk with parent key sign a message Tree based signatures SIG’

16 16 Sign i-th message m: w w0 (pk,sk 0 ) … … w1 Current state in round i R (pk w,sk w ) Tree based signatures SIG’

17 17 Sign i-th message m: w w0 (pk R,sk R ) … R … w1 (pk w1,sk w1 ) ← KeyGen(rand) 2. Sign new public key pk w1 with secret key sk w of parent node 1. Generate keys for current node Sign(sk w,pk w1 ) Sign(sk w1,m) 3. Sign m with new secret key sk w1 (pk w,sk w ) Tree based signatures SIG’

18 18 Sign i-th message m with Sig’: w w0 (pk R,sk R ) … R … w1 (pk w1,sk w1 ) 2. Sign new public key pk w1 with secret key sk w of parent node 1. Generate keys for current node Sign(sk w,pk w1 ) 3. Sign m with new secret key sk w1 4. Return sig chain to root (pk w,sk w ) Sign(sk w1,m) 4. Return sig chain to root and signature on message Tree based signatures SIG’

19 19 Verify i-th signature with Sig’: w w0 … w1 R Verify signature chain from i-th node to root Verify signature of m Accept signature, if verification was ok! Tree based signatures SIG’

20 20 Security Proof λ bits of total leakage SigSig’ λ/3 bits per invocation Theorem: (3, є, λ)-secure against total leakage (q, qє, λ/3)-secure against continuous leakage

21 21 Security Proof SigSig’ Proof by reduction: observation λ/3 per total λ bits simulate tree structure forgery ‘

22 22 w w0 … … w1 R Security Proof 1. Guess target node w use target public key here

23 23 w w0 … … w1 R Security Proof 2. Generate keys for all other nodes (online)

24 24 w w0 f … … w1 R Security Proof 3. Simulate environment f ( ) compute leakage yourself ‘

25 25 w w0 f … … w1 R Security Proof 3. Simulate environment f f ( ) use target oracle ‘ Sig

26 26 w w0 w1 But: Observation: each secret key is touched at most 3 times: Security Proof (pk w,sk w ) Twice to certify children Once to sign message Sign(sk w,m) can only ask for λ bits leakage? Since we allow only λ/3 bits of leakage per invocation this will be sufficient! only computation leaks  sk leaks 3 times

27 27 Security Proof perfect simulation outputs forgery with prob є outputs forgery for Sig with prob є/q ‘ forgery of A’ can only be used if it was for node w

28 28 Summary First leakage-resilient public-key primitive Generic transformation from any signature scheme Leakage: const fraction of secret key, if instantiated with Okamoto Efficiency: all parameters are log. in q or constant Eliminate physical randomness: Use leakage-resilient stream cipher [DP08,P09] Generic for any leakage resilient signature scheme: loose security exponentially in leakage For our signature scheme instantiated with Okamoto: variant that has no loss in security!

29 29 Thank you!

30 30 Eliminate physical randomness Generic from any leakage resilient stream cipher Problem: Output D of stream cipher has n-λ HILL pseudo entropy, but reduction needs uniform randomness! Some intuition: D D’ U|E real experiment: HILL: n-λ min-entropy: n-λ uniform Є-close E is true with prob ½ -λ Back in the “old” world

31 31 Single Observation Sign sk f f (sk)

32 32 Bounded Leakage 1.Bounded total leakage 2.Bounded leakage per observation: total leakage < |sk| total leakage >> |sk|

33 33 Security against continuous leakage How to prevent pre-computation attack? Idea 1: use physical randomness for key evolution Idea 2: axiom of [MR04]: “Only computation leaks” S+S+ S-S- active passive Divide state in two parts f(S + )

34 Security against continuous leakage Is key evolution sufficient? 34 No, if key evolution is deterministic and f i is PPT Why? Pre-computation attack [DP08]! Sign sk i-1 f i (sk i-1 ) fifi precompute state and leak i-th bit of sk t

35 35 Leakage Resilience Continuous leakage: Any PPT function f Leakage bounded per observation  totally can be very large Only computation leaks (later more) Earlier results in this model: DP08, P09: Stream ciphers In this work: Digital signatures

36 36 pk … f1f1 f 1 (sk 0 + ) f2f2 f 2 (sk 1 + ) fqfq f q (sk q + ) (pk,sk) Security against continuous leakage (q,є,λ)-secure against continuous leakage probability є that adversary outputs forgery sk 0 + sk 0 - f1f1 λ bits < |sk| sk 1 + sk 1 - Bound in round: upd Update may leak!

37 Beautiful Theory… Security studied in black box model Inputs/Outputs are known, but no information on internal state 37

38 38 The Ugly Reality electromagneticacoustic probing cache optical power

39 39 Motivation Many black-box secure cryptosystems get broken by physical attacks Goal: Digital signature scheme provably secure against side-channel attacks! May not imply secure implementation!

Download ppt "Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland."

Similar presentations

Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.

Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
Protecting Circuits from Leakage Sebastian Rome La Sapienza, January 18, 2009 Joint work with KU Leuven Tal Rabin Leo Reyzin Eran Tromer Vinod.

Protecting Circuits from Leakage Sebastian Rome La Sapienza, January 18, 2009 Joint work with KU Leuven Tal Rabin Leo Reyzin Eran Tromer Vinod.
Quantum Money from Hidden Subspaces Scott Aaronson and Paul Christiano.

Quantum Money from Hidden Subspaces Scott Aaronson and Paul Christiano.
REDUCTION-RESILIENT CRYPTOGRAPHY: PRIMITIVES THAT RESIST REDUCTIONS FROM ALL STANDARD ASSUMPTIONS Daniel Wichs (Charles River Crypto Day ‘12)

REDUCTION-RESILIENT CRYPTOGRAPHY: PRIMITIVES THAT RESIST REDUCTIONS FROM ALL STANDARD ASSUMPTIONS Daniel Wichs (Charles River Crypto Day ‘12)
11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.

11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
Public Key Cryptography in the Bounded Retrieval Model Based on joint works with Joël Alwen, Moni Naor, Gil Segev, Shabsi Walfish and Daniel Wichs Crypto.

Public Key Cryptography in the Bounded Retrieval Model Based on joint works with Joël Alwen, Moni Naor, Gil Segev, Shabsi Walfish and Daniel Wichs Crypto.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
RECENT PROGRESS IN LEAKAGE-RESILIENT CRYPTOGRAPHY Daniel Wichs (NYU) (China Theory Week 2010)

RECENT PROGRESS IN LEAKAGE-RESILIENT CRYPTOGRAPHY Daniel Wichs (NYU) (China Theory Week 2010)
Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.

Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.
Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.

Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.
TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)

TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)
1 An Efficient Strong Key-Insulated Signature Scheme and Its Application 5 th European PKI Workshop June 16-17, 2008 NTNU, Trondheim, Norway Go Ohtake.

1 An Efficient Strong Key-Insulated Signature Scheme and Its Application 5 th European PKI Workshop June 16-17, 2008 NTNU, Trondheim, Norway Go Ohtake.
The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.

The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.

Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Authenticating streamed data in the presence of random packet loss March 17th, 2000. Philippe Golle, Stanford University.

Authenticating streamed data in the presence of random packet loss March 17th, Philippe Golle, Stanford University.
1 © IBM, 2003-2004 A Reactively Secure Dolev-Yao-style Cryptographic Library DIMACS, June 2004 Michael Backes, Birgit Pfitzmann, Michael Waidner IBM Research,

1 © IBM, A Reactively Secure Dolev-Yao-style Cryptographic Library DIMACS, June 2004 Michael Backes, Birgit Pfitzmann, Michael Waidner IBM Research,

Similar presentations

Ads by Google