challenges in leakage resilient symmetric cryptography
play

Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof - PowerPoint PPT Presentation

Apr 13, 2023 •34 likes •994 views

Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on Physical Attacks, Graz, November 28, 2012 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography Krzysztof Pietrzak Challenges

  1. Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on Physical Attacks, Graz, November 28, 2012 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  2. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  3. Provable Security Define “Breaking the Cryptosystem”. 1 Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  4. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures key Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  5. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures key Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  6. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures key Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  7. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures key Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  8. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures key Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  9. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures key Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  10. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures ? ? key breaks scheme if ? ? is a valid signature for a new message. Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  11. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures ? ? key breaks scheme if ? ? is a valid signature for a new message. Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Theorem No efficient adversary who breaks the scheme exists Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  12. Provable Security Define “Breaking the Cryptosystem”. 1 Example: Digital Signatures ? ? key breaks scheme if ? ? is a valid signature for a new message. Construct Cryptosystem. 2 Prove Cryptosystem Secure. 3 Theorem No efficient adversary who breaks the scheme exists if (factoring, SVP,. . . ) is hard. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  13. Provably secure cryptosystems get broken in practice. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  14. Provably secure cryptosystems get broken in practice. Problem: adversaries outside the anticipated model. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  15. Provably secure cryptosystems get broken in practice. Problem: adversaries outside the anticipated model. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  16. Black-Box Security Models vs. Reality key Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  17. Black-Box Security Models vs. Reality key Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  18. Black-Box Security Models vs. Reality key Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  19. Black-Box Security Models vs. Reality key E.g. can measure time to compute . Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  20. Black-Box Security Models vs. Reality key E.g. can measure time to compute . breaks RSA on smart cards [Kocher’95] Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  21. Black-Box Security Models vs. Reality key E.g. can measure time to compute . breaks RSA on smart cards [Kocher’95] Side-Channel Attack: Cryptanalytic attack exploring information leaked from a physical implementation of a cryptosystem. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  22. power analysis probing attacks cold-boot attacks cache attacks radiation, sound, heat,. . . Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  23. power analysis [Eisenbarth et al. CRYPTO’08] break wireless car keys probing attacks cold-boot attacks [Halderman et al. USENIX’08] break disc-encryption schemes cache attacks [Ristenpart et al. CCS’09] break cloud computing radiation, sound, heat,. . . Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  24. The Rise of Side-Channel Attacks Became major threat in the last few decades. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  25. The Rise of Side-Channel Attacks Became major threat in the last few decades. Ubiquitous computing: Light-weight crypto-devices are susceptible to side-channel attacks. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  26. The Rise of Side-Channel Attacks Became major threat in the last few decades. Ubiquitous computing: Light-weight crypto-devices are susceptible to side-channel attacks. Provable security: Side-channels became the weakest link. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  27. Side-channels are a physical phenomenon, how could theoretical cryptography be of help? Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  28. Side-channels are a physical phenomenon, how could theoretical cryptography be of help? Reductions in the context of side-channel attacks [MicRey’04] Construct schemes that remain provably secure in the presence of leakage. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  29. Leakage models: one-time vs. continuous key one-time f key continuous Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  30. Leakage models: one-time vs. continuous key one-time f ( key ) key continuous Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  31. Leakage models: one-time vs. continuous key one-time key continuous Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  32. Leakage models: one-time vs. continuous key one-time key continuous Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  33. Leakage models: one-time vs. continuous key one-time key continuous f 1 , Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  34. Leakage models: one-time vs. continuous key one-time key continuous f 1 ( key , coins ) , Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  35. Leakage models: one-time vs. continuous key one-time key continuous f 2 , Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  36. Leakage models: one-time vs. continuous key one-time key continuous f 2 ( key , coins ) , Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  37. Leakage models: one-time vs. continuous key one-time key continuous f 2 ( key , coins ) , Most side-channels like timing,power,. . . are continuous. Notable exception cold-boot. Security against continuous leakage is much harder to achieve. E.g. requires key-refreshing. Intermediate “Floppy model”. Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  38. Leakage models: dedicated vs. general dedicated leakage functions f models a particular side-channel timing: Make running time independent of input. probing: Private Circuits ([Ishai,Sahai,Wagner Crypto’03]) Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  39. Leakage models: dedicated vs. general dedicated leakage functions f models a particular side-channel timing: Make running time independent of input. probing: Private Circuits ([Ishai,Sahai,Wagner Crypto’03]) general leakage functions bounded: f ( key ) has length ℓ ≪ | key | bits. entropic: Entropy of key decreases by at most ℓ given f ( key ). auxiliary input: Computationally hard to compute key given f ( key ). Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

  40. One-Time Bounded/Entropic leakage key ∈ { 0 , 1 } n . Adv choses f and gets f ( key ). Bounded leakage: f must satisfy | f ( key ) | = ℓ ≪ n . 1 Entropic leakage: f must satisfy H ∞ ( key | f ( key )) ≥ n − ℓ . 2 Maurer’s bounded storage model, privacy amplification,. . . Intrusion resilience [Dzi’06,CDDLLW’07,. . . ] (symmetric) Memory attacks [AGV’09,NaoSeg’09,. . . ] (public-key) Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein University of Illinois at Chicago, Technische Universiteit Eindhoven CHES 2012 paper Practical leakage-resilient symmetric cryptography (Faust,

669 views • 30 slides
Leakage-Resilient (Symmetric) Cryptography Franois-Xavier Standaert UCL Crypto Group, Belgium

Leakage-Resilient (Symmetric) Cryptography Franois-Xavier Standaert UCL Crypto Group, Belgium

Leakage-Resilient (Symmetric) Cryptography Franois-Xavier Standaert UCL Crypto Group, Belgium Summer school on real-world crypto, 2016 Outline Starting point (link with previous lecture) Seed results (TCC 2004, FOCS 2008)

1.14k views • 111 slides
Leakage-Resilient Zero Knowledge Sanjam Garg Abhishek Jain Amit Sahai Leakage-Resilient

Leakage-Resilient Zero Knowledge Sanjam Garg Abhishek Jain Amit Sahai Leakage-Resilient

Leakage-Resilient Zero Knowledge Sanjam Garg Abhishek Jain Amit Sahai Leakage-Resilient Cryptography Traditional Cryptography: adv has only black-box access to a cryptosystem I O LR-Cryptography: open the black-box more

279 views • 25 slides
Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy

Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy

Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy Dodis, Daniel Wichs New York University Speaker: Daniel Wichs CRYPTO 09 Goal of Leakage-Resilient Crypto Model of Leakage Resilience

303 views • 29 slides
Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec. 5th 2018 1 / 55 Yu Chen 1 Yuyu Wang 2 Hong-Sheng Zhou 3 1 SKLOIS-IIE-CAS, UCAS 2 Tokyo Institute of Technology, IOHK, AIST 3 Virginia Commonwealth

1.29k views • 116 slides
Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec. 5th 2018 1 / 51 Yu Chen 1 Yuyu Wang 2 Hong-Sheng Zhou 3 1 SKLOIS-IIE-CAS, UCAS 2 Tokyo Institute of Technology, IOHK, AIST 3 Virginia Commonwealth

1.2k views • 104 slides
Leakage-Resilient Cryptography with Key Derived from Sensitive Data Konrad Durnoga, Stefan

Leakage-Resilient Cryptography with Key Derived from Sensitive Data Konrad Durnoga, Stefan

Leakage-Resilient Cryptography with Key Derived from Sensitive Data Konrad Durnoga, Stefan Dziembowski, Tomasz Kazana, Micha Zaj c , Maciej Zdanowicz Estonian Computer Science Theory Days Jekla 2-4.10.2015 Computers can be

542 views • 32 slides
Regular Lossy Functions and Applications in Leakage-Resilient Cryptography CT-RSA 2018 April

Regular Lossy Functions and Applications in Leakage-Resilient Cryptography CT-RSA 2018 April

Regular Lossy Functions and Applications in Leakage-Resilient Cryptography CT-RSA 2018 April 20th, 2018 1 / 41 Yu Chen 1 Baodong Qin 2 Haiyang Xue 1 1 SKLOIS, IIE, Chinese Academy of Sciences 2 Xian University of Posts and Telecommunication

1.92k views • 115 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of

Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of

Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of Science Israel Foundations of Cryptography Rigorous analysis of the security of cryptographic schemes Adversarial model Notion of security

428 views • 20 slides
LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov Gordon, Feng-Hao Lui, Adam, ONeill, and Hong-Sheng Zhou O UTLINE OF T ALK Leakage Models for PKE Bounded, Continual, and Continual w/ Leakage on

1.05k views • 102 slides
Leakage Resilient Masking Schemes Sebastian Faust Ruhr University Bochum 1 Modern cryptography

Leakage Resilient Masking Schemes Sebastian Faust Ruhr University Bochum 1 Modern cryptography

Leakage Resilient Masking Schemes Sebastian Faust Ruhr University Bochum 1 Modern cryptography Until 1970s: Design crypto algorithm secure against one attack Find attack C Find attack B Crypto Crypto algorithm A algorithm B secure against

631 views • 51 slides
LR 2 : LR : Le Leakage-Re Resilient La Layout t Ra Randomization fo for Mo Mobile

LR 2 : LR : Le Leakage-Re Resilient La Layout t Ra Randomization fo for Mo Mobile

LR 2 : LR : Le Leakage-Re Resilient La Layout t Ra Randomization fo for Mo Mobile Devices Kjell Braden , Stephen Crane, Lucas Davi , Michael Franz , Per Larsen , Christopher Liebchen , Ahmad- Reza Sadeghi

578 views • 38 slides
Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and

877 views • 28 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
SimBench A Portable Benchmarking Methodology for Full-System Simulators Harry Wagstaff Bruno

SimBench A Portable Benchmarking Methodology for Full-System Simulators Harry Wagstaff Bruno

SimBench A Portable Benchmarking Methodology for Full-System Simulators Harry Wagstaff Bruno Bodin Tom Spink Bjrn Franke Institute for Computing Systems Architecture University of Edinburgh ISPASS 2017 1 Motivation Instruction Set

1.05k views • 52 slides
NP04 Powercut Recovery and Cold Starts Pengfei Dine, Bonnie King, Geoff Savage DUNE DAQ meeting

NP04 Powercut Recovery and Cold Starts Pengfei Dine, Bonnie King, Geoff Savage DUNE DAQ meeting

NP04 Powercut Recovery and Cold Starts Pengfei Dine, Bonnie King, Geoff Savage DUNE DAQ meeting 29 July 2019 Power cut #1 July 23 Power cut with subsequent cooling failure brought down all servers except np04-srv-001 and np04-srv-004 (on

238 views • 6 slides
Restriction Access, Population Recovery & Partial Identification Avi Wigderson IAS,

Restriction Access, Population Recovery & Partial Identification Avi Wigderson IAS,

Restriction Access, Population Recovery & Partial Identification Avi Wigderson IAS, Princeton Joint with Zeev Dvir Anup Rao Amir Yehudayoff Restriction Access, A new model of Grey-box access Systems, Models, Observations From

751 views • 29 slides
Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security!

Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security!

Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security! Cryptography Passwords Information Flow Policies Privileged Rings ASLR Virtual Machines and confinement Javascript

891 views • 59 slides
TLV in LunD Introduction to Top Level Verification Presenter Shkelqim Lahi B.Sc.E. in

TLV in LunD Introduction to Top Level Verification Presenter Shkelqim Lahi B.Sc.E. in

TLV in LunD Introduction to Top Level Verification Presenter Shkelqim Lahi B.Sc.E. in Computer Engineering (Engineering College of Copenhagen 2004) M. SC. EE. In System on Chip (LTH 2006) Work experience EMP 2006

629 views • 37 slides
Miscellany! Lecture 20 The Last Lecture! Public-Key Crypto Maths Initially public-key crypto was

Miscellany! Lecture 20 The Last Lecture! Public-Key Crypto Maths Initially public-key crypto was

Miscellany! Lecture 20 The Last Lecture! Public-Key Crypto Maths Initially public-key crypto was based on hardness of problems in modular arithmetic and number theory (RSA/factoring, modular discrete log) Problems from several other areas, since

400 views • 17 slides
bersicht webEngineering LV-Nr.: 1896 Sommersemester 2001 Scharl A., PS WebEngineering 1.

bersicht webEngineering LV-Nr.: 1896 Sommersemester 2001 Scharl A., PS WebEngineering 1.

bersicht webEngineering LV-Nr.: 1896 Sommersemester 2001 Scharl A., PS WebEngineering 1. Einheit: Mo, 2001-05-28, 13:00: 2H316 [Abteilung fr Wirtschaftsinformatik] Termine webEngineering Zwischenprsentation: 11. Juni, 13:00

322 views • 16 slides
Introduction to Web Architecture SE2840 Web Application Design Jay Urbain, PhD Credits: See last

Introduction to Web Architecture SE2840 Web Application Design Jay Urbain, PhD Credits: See last

Introduction to Web Architecture SE2840 Web Application Design Jay Urbain, PhD Credits: See last slide for references Contact info Jay Urbain, PhD email: urbain@msoe.edu Office hours: http://jayurbain.com/msoe Course home:

1.08k views • 55 slides

More recommend