leakage-resilient signatures sebastian faust ku leuven joint work with eike kiltz cwi krzysztof...
Post on 19-Dec-2015
223 views
TRANSCRIPT
![Page 1: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/1.jpg)
Leakage-Resilient Signatures
Sebastian Faust KU Leuven
Joint work with Eike Kiltz CWI
Krzysztof Pietrzak CWI
Guy Rothblum Princeton
TCC 2010, Zurich, Switzerland
![Page 2: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/2.jpg)
2
Bounded total leakage
Introduced in context of cold boot attacks [AGV09]
Continuous leakage
Models many side-channel attacks
Security against leakage
Leakage function is PPT
Leakage bounded in total
Leakage can depend on complete state
Results: NS09, ADW09, KV09,…
Leakage function is PPT
Leakage bounded per observation
Only computation leaks
Stream cipher: DP08, P09
This work: Signatures
![Page 3: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/3.jpg)
3
Digital Signatures
Three algorithms:
KeyGen Sign
k
pk,sk
sk Verifypk
![Page 4: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/4.jpg)
4
Standard Security Definition
(pk,sk)
…
(q-times,є)-secure:(q-times,є)-secure:probability є that adversary outputs forgery
How to extend this definition to leakage setting?
pk
Valid forgery: Verification succeeds and message has never been
queried before
repeat q times
![Page 5: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/5.jpg)
5
Leakage Setting
pk …f1 f1(sk,r1) f2 f2(sk,r2) fq fq(sk,rq)
(pk,sk)Security against leakage
Arbitrary leakage functions? No!Leakage function can output complete key
Solution: Bound amount of leakage
![Page 6: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/6.jpg)
pk …f1 f1(sk) f2 f2(sk) fq fq(sk)
(pk,sk)(q,є,λT)-secure against total leakage
probability є that adversary outputs forgery
Bounded Total Leakage
Total leakage λT = ∑ |fi(sk)|
6
< |sk|
![Page 7: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/7.jpg)
7
Instantiations
Every signature scheme is secure against bounded total leakage
Can we do without this loss? Yes!
e.g.: [AlwenDodisWichs09], [KatzVai09]: Okamoto-Schnorr signatures are secure even if constant fraction of key is leaked
Drawback: exponential security loss in λ
Sig
(q, 2λє, λ)-secure against total leakage (q,є)-secure
Sig
![Page 8: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/8.jpg)
8
Continuous leakage
Idea: use key-evolution
Problem: leakage function can output key
Continuous leakage: bounded amount per observation ( total leakage >> |sk|)
Signature scheme has to be stateful
Bounded total leakage insufficient in practice
![Page 9: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/9.jpg)
9
Stateful Digital Signatures
KeyGen Sign
k
pk,sk0
ski-1 Verifypk
ski
All signatures can be verified with same pk
![Page 10: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/10.jpg)
10
Second Assumption
Axiom of [MR04]: “Only computation leaks”
S+ S-
active passive
Divide state in two parts
f(S+)
In other words:
Leakage is independent of untouched memory
![Page 11: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/11.jpg)
11
pk …f1 f1(sk0+) f2 f2(sk1
+) fq fq(skq+)
(pk,sk)
Security against continuous leakage
(q,є,λ)-secure against continuous leakage probability є that adversary outputs forgery
sk0+sk0
-
f1
λ bits < |sk|Bound in round:
Can simulate all intermediate results &
leak about them
![Page 12: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/12.jpg)
12
pk …f1 f1(sk0+) f2 f2(sk1
+) fq fq(skq+)
(pk,sk)
Security against continuous leakage
(q,є,λ)-secure against continuous leakage probability є that adversary outputs forgery
sk0+sk0
-
f1
λ bits < |sk|
sk1+sk1
-
f2
λ bits
…
Total leakage >> |sk|
Bound in round:
upd upd
![Page 13: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/13.jpg)
13
Leakage-resilient signatures
λ bits of total leakage
Sig Sig’
λ/3 bits per invocation
Main theorem:
Use tree based scheme [NaorYung],[Lam],[Merkle]Basic idea:
(3, є, λ)-secure against total leakage
(q, qє, λ/3)-secure against continuous leakage
![Page 14: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/14.jpg)
14
Tree based signatures SIG’
dsdff
dsdff
dsdff
w
w0……
w1
dsdff
R
Public key of Sig’ is assigned to root
(pk,sk0) ← KeyGen(rand)
For now: assume existence of physical randomness:
i.e. device that outputs randomness
can be eliminated with leakage resilient stream cipher!
![Page 15: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/15.jpg)
15
dsdff
dsdff
dsdff
w
w0……
w1
dsdff
R
Visit nodes in depth-first traversal
At each node that is visited:
Public key of Sig’ is assigned to root
(pk,sk0) ← KeyGen(rand)
• generate new keys
• sign new pk with parent key
• sign a message
Tree based signatures SIG’
![Page 16: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/16.jpg)
16
Sign i-th message m:
dsdff
dsdff
dsdff
w
w0
(pk,sk0)……
w1 Current state
in round i
dsdff
R
(pkw,skw)
Tree based signatures SIG’
![Page 17: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/17.jpg)
17
Sign i-th message m:
dsdff
dsdff
dsdff
w
w0
(pkR,skR)
…dsdff
R
…
w1
(pkw1,skw1) ← KeyGen(rand)
2. Sign new public key pkw1 with secret key skw of parent node
1. Generate keys for current node
Sign(skw,pkw1)
Sign(skw1,m)
3. Sign m with new secret key skw1
(pkw,skw)
Tree based signatures SIG’
![Page 18: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/18.jpg)
18
Sign i-th message m with Sig’:
dsdff
dsdff
dsdff
w
w0
(pkR,skR)
…dsdff
R
…
w1
(pkw1,skw1)
2. Sign new public key pkw1 with secret key skw of parent node
1. Generate keys for current node
Sign(skw,pkw1)
3. Sign m with new secret key skw1
4. Return sig chain to root
(pkw,skw)
Sign(skw1,m)
4. Return sig chain to root and signature on message
Tree based signatures SIG’
![Page 19: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/19.jpg)
19
Verify i-th signature with Sig’:
dsdff
dsdff
dsdff
w
w0
…
w1
dsdff
R• Verify signature chain from i-th node to root
• Verify signature of m
Accept signature, if verification was ok!
Tree based signatures SIG’
![Page 20: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/20.jpg)
20
Security Proof
λ bits of total leakage
Sig Sig’
λ/3 bits per invocation
Theorem:(3, є, λ)-secure
against total leakage (q, qє, λ/3)-secure against
continuous leakage
![Page 21: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/21.jpg)
21
Security Proof
Sig Sig’
Proof by reduction:
obse
rvat
ion
λ/3 p
erto
tal
λ bit
s
simulate tree structure
forgeryforgery
‘
![Page 22: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/22.jpg)
22
dsdff
dsdff
dsdff
w
w0
……w1
dsdff
R
Security Proof
1. Guess target node w
use target public key here
![Page 23: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/23.jpg)
23
dsdff
dsdff
dsdff
w
w0
……w1
dsdff
R
Security Proof
2. Generate keys for all other nodes (online)
![Page 24: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/24.jpg)
24
dsdff
dsdff
dsdff
w
w0
f
……w1
dsdff
R
Security Proof
3. Simulate environment
f( )
compute leakage yourself
‘
![Page 25: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/25.jpg)
25
dsdff
dsdff
dsdff
w
w0
f……
w1
dsdff
R
Security Proof
3. Simulate environment
ff( )
f( )
use target oracle
‘
Sig
![Page 26: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/26.jpg)
26
dsdff
dsdff
dsdff
w
w0 w1
But:
Observation: each secret key is touched at most 3 times:
Security Proof
(pkw,skw)• Twice to certify children• Once to sign messageSign(skw,m)
can only ask for λ bits leakage?
Since we allow only λ/3 bits of leakage per invocation this will be sufficient!
only computation leaks sk leaks 3 times
![Page 27: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/27.jpg)
27
Security Proof
perfect simulation
outputs forgery with prob є
outputs forgery for Sig with prob є/q
‘
forgery of A’ can only be used if it was for node w
![Page 28: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/28.jpg)
28
Summary
First leakage-resilient public-key primitive• Generic transformation from any signature scheme
• Leakage: const fraction of secret key, if instantiated with Okamoto
• Efficiency: all parameters are log. in q or constant
Eliminate physical randomness:Use leakage-resilient stream cipher [DP08,P09]
• Generic for any leakage resilient signature scheme: loose security exponentially in leakage
• For our signature scheme instantiated with Okamoto: variant that has no loss in security!
![Page 29: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/29.jpg)
29
Thank you!
![Page 30: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/30.jpg)
30
Eliminate physical randomness
Generic from any leakage resilient stream cipher
Problem: Output D of stream cipher has n-λ HILL pseudo entropy, but reduction needs uniform randomness!
Some intuition:
D D’ U|E
real experiment: HILL: n-λ
min-entropy: n-λ uniform
Є-closeE is true with
prob ½-λ
Back in the “old” world
![Page 31: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/31.jpg)
31
Single Observation
Signsk
ff (sk)
![Page 32: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/32.jpg)
32
Bounded Leakage
1. Bounded total leakage
2. Bounded leakage per observation:
total leakage < |sk|
total leakage >> |sk|
![Page 33: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/33.jpg)
33
Security against continuous leakage
How to prevent pre-computation attack?
Idea 1: use physical randomness for key evolution
Idea 2: axiom of [MR04]: “Only computation leaks”
S+ S-
active passive
Divide state in two parts
f(S+)
![Page 34: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/34.jpg)
34
Security against continuous leakage
Is key evolution sufficient? No, if key evolution is deterministic and fi is PPT
Why? Pre-computation attack [DP08]!
Signski-1
fi(ski-1)
fi
precompute state and leak i-th bit of skt
![Page 35: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/35.jpg)
35
Leakage Resilience
Continuous leakage:• Any PPT function f
• Leakage bounded per observation
totally can be very large
• Only computation leaks (later more)Earlier results in this model:
• DP08, P09: Stream ciphers
• In this work: Digital signatures
![Page 36: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/36.jpg)
36
pk …f1 f1(sk0+) f2 f2(sk1
+) fq fq(skq+)
(pk,sk)
Security against continuous leakage
(q,є,λ)-secure against continuous leakage probability є that adversary outputs forgery
sk0+sk0
-
f1
λ bits < |sk|
sk1+sk1
-
Bound in round:
upd
Update may leak!
![Page 37: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/37.jpg)
Beautiful Theory…
Security studied in black box
modelInputs/Outputs are known, but no
information on internal state
37
![Page 38: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/38.jpg)
38
The Ugly Reality
electromagnetic acoustic
probing
cache
optical
power
![Page 39: Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649d2e5503460f94a04ede/html5/thumbnails/39.jpg)
39
Motivation
Many black-box secure
cryptosystems get broken by
physical attacksGoal: Digital signature scheme
provably secure against side-
channel attacks!
May not imply secure
implementation!