Transcript Public Key Crypto In the Bounded Retrieval Model and

RECENT PROGRESS
IN
LEAKAGE-RESILIENT
CRYPTOGRAPHY
Daniel Wichs (NYU)
(China Theory Week 2010)
Leakage Attacks

Cryptography relies on secrets.

Cryptographic devices:
input

Timing, power, radiation, heat, acoustics…
Natural response: Not our problem.


output
In reality, many “side-channels”!


Secret
keys
Blame the “engineers” – they should fix this!
Theory/Crypto can help!
Secrets can leak!
Cryptography With Leakage

Can we do cryptography with incomplete secrecy?

Need a way to model leakage first!

In this talk: Adv can learn arbitrary information about the
secret key as long as its amount is bounded. [AGV09]
specifies any poly-time function Leak : {0,1}* ! {0,1}L.
 Learns the output Leak(sk).
 Adv
Leak()
L = leakage bound
Leak(sk)
sk
Leakage Resilient Cryptography

Password Login and One-Way Functions.

Identification Schemes and Signatures.

Public-Key Encryption.
Password Login Scheme
pkBob
(pkBob, skBob )
accept
skBob
Prover Bob
Verifier Alice
Leakage Stage
pkBob
(pkBob, skBob )
Leak()
Leak(sk)
skBob
Impersonation Stage
pkBob
sk’
reject!
Using One-Way Functions
pkBob= y
(pkBob = f(x), skBob = x )
Prover Bob

Verifier Alice
Standard OWF: get y = f(x), hard to find any x’ 2 f-1(y).


x
Accept iff y = f(x)
Suffices for regular “password login” security
L-LR OWF: get y = f(x) & Leak(x), hard to find x’ 2 f-1(y).


Not satisfied by general OWFs (easy counter-examples).
… but can be constructed from general OWFs.
OWF ) LR-OWF

OWF: get y = f(x), hard to find any x’ 2 f-1(y).
Domain
Range
y=f(x)
OWF ) LR-OWF
OWF: get y = f(x), hard to find any x’ 2 f-1(y).
 L-LR OWF: also get L bits of leakage about x.

Domain
Range
x
y=f(x)
OWF ) LR-OWF
OWF: get y = f(x), hard to find any x’ 2 f-1(y).
 L-LR OWF: also get L bits of leakage about x.
 SPRF: get x, hard to find any x’ ≠ x s.t. f(x’)=f(x)



Non-triviality: input length n > output length k
Can build from any OWF for any n = poly(k) [Rom90]
Domain
x’
x
Range
y=f(x)
OWF ) SPRF ) LR-OWF
OWF: get y = f(x), hard to find any x’ 2 f-1(y).
 L-LR OWF: also get L bits of leakage about x.
 SPRF: get x, hard to find any x’ ≠ x s.t. f(x’)=f(x)



Non-triviality: input length n > output length k
Can build from any OWF for any n = poly(k) [Rom90]
Theorem [ADW09,KV09]: Any SPRF f : {0,1}n → {0,1}k is
an L-LR OWF for L ¼ n - k.
Proof: Any SPRF is LR-OWF
Theorem [ADW09,KV09]: Any SPRF f : {0,1}n → {0,1}k is
an L-LR-OWF for L ¼ n – k.
Assume: Can break L-LR-OWF. There is an efficient A s.t.
A( f(x), Leak(x) ) = x’ s.t. f(x’) = f(x)
Conclude: Can break SPR. Let B(x) = A( f(x) , Leak(x) )
B succeeds if (1) A succeeds (2) A does not return x’ = x.
A has too little info about x.
|f(x)| + |Leak(x)| = k + L
Pr[A guesses x] < 2k+L - n
x
y=f(x)
Proof: Any SPRF is LR-OWF
Theorem [ADW09,KV09]: Any SPRF f : {0,1}n → {0,1}k is
an L-LR-OWF for L ¼ n – k.
Corollary: If OWF exist then L-LR-OWF exist with L = (1-o(1))n.
Open Question: Can we get LR-OWF that are Permutations?
Leakage Resilient Cryptography

Password Login and One-Way Functions.

Identification Schemes and Signatures.

Public-Key Encryption.
Identification Schemes
pkBob
(pkBob, skBob )
Prover Bob
Verifier Alice
Learning Stage
(pkBob, skBob )
accept
pkBob
Impersonation Stage
pkBob
reject!
Leakage-Resilient Identification [ADW09]

Bob’s key can leak !!!
(during learning stage, not afterward)
Learning Stage
(pkBob, skBob )
pkBob
Impersonation Stage
pkBob
reject!
Tool: Zero-Knowledge Proof of Knowledge
NP relation R
Verifier
Instance
y
Prover
witness
x
Accept/Reject
– Witness Indistinguishable (WI): Even if V dishonest, cannot
tell which x is being used by the prover.
– Proof of Knowledge (PoK): Even if P dishonest, can extract
some valid witness x’ for y from P.
ID Schemes from ZK-PoK

Assume: f : {0,1}n → {0,1}k is SPR and  is ZK-PoK for y = f(x).
Thm [ADW09]:
 is a secure L-LR ID scheme for L ¼ n-k.
Pf: Assume Adv breaks ID security.
ID Schemes from ZK-PoK

Assume: f : {0,1}n → {0,1}k is SPR and  is ZK-PoK for y = f(x).
Thm [ADW09]:
 is a secure L-LR ID scheme for L ¼ n-k.
Pf: Assume Adv breaks ID security.
Learning Stage
(y, x )
y
x
Impersonation Stage
y
ID Schemes from ZK-PoK

Assume: f : {0,1}n → {0,1}k is SPR and  is ZK-PoK for y = f(x).
Thm [ADW09]:
 is a secure L-LR ID scheme for L ¼ n-k.
Pf: Assume Adv breaks ID security.
Learning Stage
Sees:
Witness Ind.
y = f(x)
Leakage,
interaction with P(x)
only k + L < n bits of info on x.
K bits
L bits
0 bits
Impersonation Stage
y
ID Schemes from ZK-PoK

Assume: f : {0,1}n → {0,1}k is SPR and  is ZK-PoK for y = f(x).
Thm [ADW09]:
 is a secure L-LR ID scheme for L ¼ n-k.
Pf: Assume Adv breaks ID security.
Learning Stage
Sees:
Witness Ind.
y = f(x)
Leakage,
interaction with P(x)
only k + L < n bits of info on x.
Impersonation Stage
Proof-of-Knowledge
Extract x’ 2 f-1(y)
x’  x
ID Schemes from ZK-PoK

Assume: f : {0,1}n → {0,1}k is SPR and  is ZK-PoK for y = f(x).
Thm [ADW09]:
 is a secure L-LR ID scheme for L ¼ n-k.
Pf: Assume Adv breaks ID security.
To break SPR:
Simulate “Learning Stage” to Adv with x.
Extract x’  x.
LR Signatures

[ADW09,KV09,DHLW09,BSW10]
Similar to ID schemes with two big differences:
 Cannot
have interaction.
 Need to bind each execution to a message.


Solution: use Non-Interactive ZK-PoK for x.
Various techniques to bind proofs to messages (tricky):
 Rand
Oracles [ADW09]
 “Simulation-Sound” Proofs [KV09]
 CCA Encryption [DHLW10]
Leakage Resilient Cryptography

Password Login and One-Way Functions.

Identification Schemes and Signatures.

Public-Key Encryption.
LR Public-Key Encryption [AGV09, NS09]
Leakage on the decryption key
prior to seeing the ciphertext.
Hash Proof Enc Scheme [AGV09, NS09]

Enc scheme with sk = x, pk = f(x) for some SPRF f.
Public Key Space
PK
Secret Key
space
Hash Proof Enc Scheme [AGV09, NS09]

Enc scheme with sk = x, pk = f(x) for some SPRF f.
M
PK
ENC
DEC
C
SK
M
Hash Proof Enc Scheme [AGV09, NS09]

Enc scheme with sk = x, pk = f(x) for some SPRF f.
DEC
M
PK
ENC
C
Hash Proof Enc Scheme [AGV09, NS09]

Enc scheme with sk = x, pk = f(x) for some SPRF f.
 Correctness
 All x 2 f-1(pk) decrypt C to the correct M.
DEC
M
PK
ENC
C
M
M
M
Hash Proof Enc Scheme [AGV09, NS09]

Enc scheme with sk = x, pk = f(x) for some SPRF f.
 Correctness

 All x 2 f-1(pk) decrypt C to the correct M.
Fake Encryption: C= Fake(pk). Decryption depends on x.
 Can’t
distinguish C from C
(even given x).
DEC
M
PK
Real
ENC
C
M1
M2
M3
≈
PK
Fake
ENC
C
Proof: Hash Proof Enc is LR [AGV09, NS09]
“Fake World”
World”
≈ “Real
DEC
M1
M
PK
Fake
Real
ENC
M2
C
M3
?
PK = y
L(SK)
Back to Bigger Picture…
Criticism/Extensions

Q: What if leakage depends on complexity?
Bad: more resilience ) more complexity ) more leakage.
 Fix: Bounded Retrieval Model [Dzi06,…,ADW09, ADNSWW10]

[Complexity does not grow with resilience!]

Q: Why is leakage bounded overall? Should “leak-per-use”!


Continuous Leakage with “Key Updates” [DHLW10, BKKV10]
Q: Why measure leakage in output “bits”?
Noisy Leakage: use “entropy loss” [NS09, DHLW10]
 Auxiliary Input: use “hardness of inverting” [DKL09,DGK+10]

Conclusions
Many more models/results (esp. in last 2 years)...
Riv97, Boy99, CDH+00, DSS01, KZ03, ISW03, MR04,
DP08, GKR08, Pie09, AGV09, ADW09, DKL09, ADN+10,
DGK+10, GKPV10, FKPR10, DHLW10a, FRRTV10, JRV10,
GR10, DHLW10b, BKKV10, WL10, BSW10,…
Many open questions, much still left to do!