1 / 39

Leakage-Resilient Signatures

Leakage-Resilient Signatures. TCC 2010, Zurich, Switzerland. Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton. Security against leakage. Bounded total leakage. Continuous leakage.

elroy
Télécharger la présentation

Leakage-Resilient Signatures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Leakage-Resilient Signatures TCC 2010, Zurich, Switzerland Sebastian FaustKU Leuven Joint work with EikeKiltzCWI Krzysztof PietrzakCWI Guy RothblumPrinceton

  2. Security against leakage Bounded total leakage Continuous leakage Introduced in context of cold boot attacks [AGV09] Models many side-channel attacks Leakage function is PPT Leakage function is PPT Leakage bounded per observation Leakage bounded in total Leakage can depend on complete state Only computation leaks Stream cipher: DP08, P09 This work: Signatures Results: NS09, ADW09, KV09,…

  3. Digital Signatures • Threealgorithms: k KeyGen Sign Verify sk pk pk,sk

  4. Standard Security Definition (q-times,є)-secure: (q-times,є)-secure: probability є that adversary outputs forgery (pk,sk) pk • … repeat q times How to extend this definition to leakage setting? Valid forgery: Verification succeeds and message has never been queried before

  5. Leakage Setting Security against leakage (pk,sk) pk f1 • … fq f2 f1(sk,r1) fq(sk,rq) f2(sk,r2) Arbitrary leakage functions? No! Leakage function can output complete key Solution: Bound amount of leakage

  6. Bounded Total Leakage (q,є,λT)-secure against total leakage probability є that adversary outputs forgery (pk,sk) pk f1 • … fq f2 f1(sk) fq(sk) f2(sk) • Total leakage λT = ∑ |fi(sk)| • < |sk|

  7. Instantiations Every signature scheme is secure against bounded total leakage • (q, 2λє, λ)-secure against total leakage • (q,є)-secure Sig Sig Drawback: exponential security loss in λ Can we do without this loss? Yes! e.g.: [AlwenDodisWichs09], [KatzVai09]: Okamoto-Schnorr signatures are secure even if constant fraction of key is leaked

  8. Continuous leakage Bounded total leakage insufficient in practice Continuous leakage: bounded amount per observation ( total leakage >> |sk|) Problem:leakage function can output key Idea: use key-evolution Signature scheme has to be stateful

  9. Stateful Digital Signatures k KeyGen Sign Verify ski-1 pk ski pk,sk0 • All signatures can be verified with same pk

  10. Second Assumption Axiom of [MR04]: “Only computation leaks” In other words: Leakage is independent of untouched memory Divide state in two parts active passive S+ S- f(S+)

  11. Security against continuous leakage (q,є,λ)-secure against continuous leakage probability є that adversary outputs forgery (pk,sk) pk f1 • … fq f2 f1(sk0+) fq(skq+) f2(sk1+) sk0- sk0+ Can simulate all intermediate results & leak about them f1 Bound in round: • λbits < |sk|

  12. Security against continuous leakage (q,є,λ)-secure against continuous leakage probability є that adversary outputs forgery (pk,sk) pk f1 • … fq f2 f1(sk0+) fq(skq+) f2(sk1+) • upd • upd sk0- sk0+ sk1- sk1+ • … f1 f2 Bound in round: • λbits < |sk| • λbits • Total leakage >> |sk|

  13. Leakage-resilient signatures Main theorem: • (3, є, λ)-secure against total leakage • (q, qє, λ/3)-secure against continuous leakage Sig Sig’ λ bits of total leakage λ/3 bits per invocation Basic idea: Use tree based scheme [NaorYung],[Lam],[Merkle]

  14. Tree based signatures SIG’ (pk,sk0) ← KeyGen(rand) R • … • … dsdff Public key of Sig’ is assigned to root w dsdff For now:assume existence of physical randomness: w1 i.e. device that outputs randomness w0 dsdff dsdff can be eliminated with leakage resilient stream cipher!

  15. Tree based signatures SIG’ (pk,sk0) ← KeyGen(rand) R • … • … dsdff Public key of Sig’ is assigned to root w dsdff Visit nodes in depth-first traversal At each node that is visited: w1 w0 • generate new keys • sign new pk with parent key • sign a message dsdff dsdff

  16. Tree based signatures SIG’ • Current state in round i Sign i-th message m: R (pk,sk0) dsdff • … • … (pkw,skw) w dsdff w1 w0 dsdff dsdff

  17. Tree based signatures SIG’ Sign i-th message m: R (pkR,skR) dsdff • … • … (pkw,skw) 1. Generate keys for current node 2. Sign new public key pkw1 with secret key skw of parent node w Sign(skw,pkw1) dsdff 3. Sign m with new secret key skw1 Sign(skw1,m) w1 w0 dsdff dsdff (pkw1,skw1) ← KeyGen(rand)

  18. Tree based signatures SIG’ Sign i-th message m with Sig’: R (pkR,skR) dsdff • … • … (pkw,skw) 1. Generate keys for current node 2. Sign new public key pkw1 with secret key skw of parent node w Sign(skw,pkw1) dsdff 3. Sign m with new secret key skw1 Sign(skw1,m) w1 w0 dsdff dsdff 4. Return sig chain to root and signature on message 4. Return sig chain to root (pkw1,skw1)

  19. Tree based signatures SIG’ Verify i-th signature with Sig’: • Verify signature chain from i-th node to root R dsdff • … • Verify signature of m w dsdff Accept signature, if verification was ok! w1 w0 dsdff dsdff

  20. Security Proof Theorem: • (3, є, λ)-secure against total leakage • (q, qє, λ/3)-secure against continuous leakage Sig Sig’ λ bits of total leakage λ/3 bits per invocation

  21. Security Proof Proof by reduction: Sig Sig’ total λ bits λ/3 per observation ‘ simulate tree structure forgery forgery

  22. Security Proof 1. Guess target node w R dsdff • … • … • use target public key here w dsdff w1 w0 dsdff dsdff

  23. Security Proof 2. Generate keys for all other nodes (online) R dsdff • … • … w dsdff w1 w0 dsdff dsdff

  24. Security Proof 3. Simulate environment R f dsdff ‘ • … • … w f() dsdff compute leakage yourself w1 w0 dsdff dsdff

  25. Security Proof 3. Simulate environment R Sig dsdff f • … • … f ‘ w f() f() dsdff w1 w0 use target oracle dsdff dsdff

  26. Security Proof can only ask for λ bits leakage? But: Observation: each secret key is touched at most 3 times: only computation leaks  sk leaks 3 times (pkw,skw) Since we allow only λ/3 bits of leakage per invocation this will be sufficient! • Twice to certify children Sign(skw,m) • Once to sign message w dsdff w1 w0 dsdff dsdff

  27. Security Proof ‘ perfect simulation outputs forgery with probє outputs forgery for Sig with probє/q forgery of A’ can only be used if it was for node w

  28. Summary First leakage-resilient public-key primitive • Generic transformation from any signature scheme • Leakage: const fraction of secret key, if instantiated with Okamoto • Efficiency: all parameters are log. in q or constant Eliminate physical randomness: Use leakage-resilient stream cipher [DP08,P09] • Generic for any leakage resilient signature scheme: loose security exponentially in leakage • For our signature scheme instantiated with Okamoto: variant that has no loss in security!

  29. Thank you!

  30. Eliminate physical randomness Generic from any leakage resilient stream cipher Problem: Output D of stream cipher has n-λ HILL pseudo entropy, but reduction needs uniform randomness! Some intuition: E is true with prob ½-λ Є-close D U|E D’ real experiment: HILL: n-λ min-entropy: n-λ uniform Back in the “old” world

  31. Single Observation Sign sk f f(sk)

  32. Bounded Leakage Bounded total leakage total leakage < |sk| Bounded leakage per observation: total leakage >> |sk|

  33. Security against continuous leakage How to prevent pre-computation attack? Idea 1: use physical randomness for key evolution Idea 2: axiom of [MR04]: “Only computation leaks” Divide state in two parts active passive S+ S- f(S+)

  34. Security against continuous leakage Is key evolution sufficient? No, if key evolution is deterministic and fi is PPT Why? Pre-computation attack [DP08]! fi Sign ski-1 fi(ski-1) precompute state and leak i-th bit of skt

  35. Leakage Resilience Continuous leakage: • Any PPT function f • Leakage bounded per observation •  totally can be very large • Only computation leaks (later more) • Earlier results in this model: • DP08, P09: Stream ciphers • In this work: Digital signatures

  36. Security against continuous leakage (q,є,λ)-secure against continuous leakage probability є that adversary outputs forgery (pk,sk) pk f1 • … fq f2 f1(sk0+) fq(skq+) f2(sk1+) • upd sk0- sk0+ sk1- sk1+ f1 Update may leak! Bound in round: • λbits < |sk|

  37. Beautiful Theory… Security studied in black box model Inputs/Outputs are known, but no information on internal state

  38. The Ugly Reality probing optical power electromagnetic acoustic cache

  39. Motivation Many black-box secure cryptosystems get broken by physical attacks May not imply secure implementation! Goal: Digital signature schemeprovably secure against side-channel attacks!

More Related