[PPT] - How to Sign with White-Boxed AES Latincrypt 2019 Marc Fischlin PowerPoint Presentation

SLIDE 1

13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1

How to Sign with White-Boxed AES

Latincrypt 2019

Marc Fischlin joint work with Helene Haagh

SLIDE 2

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 2

Obfuscation

alert('Hello, World!') eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c-- ){d[c]=k[c]||c}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c-- ){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('0(\'1, 2!\')',3,3,'alert|Hello|World'.split('|'),0,{}))

„unintelligible“ but functionally equivalent program

bfuscator

program

SLIDE 3

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 3

White-Boxing AES

„unintelligible“ but functionally equivalent program

bfuscator

program

AESk() WBAESk()

In particular, white-box version shall hide the secret key Chow, Eisen, Johnson, van Oorschot (SAC 2002)

SLIDE 4

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 4

White-Boxing is hard… …but not the topic of this talk

Instead: How to use a good white-boxing WhibOx Contests in 2017 and 2019: Competitors only lasts days or weeks Even unclear if theoretical solutions exist at all

SLIDE 5

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 5

When to White-Box?

schemes based on shared symmetric key k WBAESk() AESk() protects key k against leakage on device AESk() WBAES-1

k()

fast signing with key k on device slow(er) verification on server AESk(), WBAES-1

k()

= secret-public key pair

SLIDE 6

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 6

How not to Sign with White-boxed AES

SLIDE 7

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 7

CBC-MAC as Signature Scheme?

AES k

m1

…

c1

AES k

m2 c2

AES k

mn cn IV=0…0

  

signature s=cn

here: fixed-length, block-aligned messages

SLIDE 8

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 8

Verification with WBAES

WBAES-1

k

m1

…

c1

WBAES-1

k

m2 c2

WBAES-1

k

mn cn IV=0…0

  

verification succeeds if „computing backwards“ yields m1

given signature s=cn and message m

SLIDE 9

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 9

Security?

WBAES-1

k

m1

…

c1

WBAES-1

k

m2 c2

WBAES-1

k

mn cn IV=0…0

  

verification succeeds if „computing backwards“ yields m1 Adversary knows public WBAES-1

k and

thus gets to see all intermediate results!

SLIDE 10

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 10

Breaking CBC

here: with two message blocks

goal: create forgery for m1||m2 with probability 1

1. get signature for m1||x2, compute intermediate result AESk(m1)
2. get signature for x1||0..0, compute intermediate result AESk(x1)
3. get signature for x1|| (m2  AESk(m1)  AESk(x1))

This is also a valid signature for the (fresh) message m1||m2

WBAES-1k

m1 c1

WBAES-1k

m2 c2 IV=0…0

 

SLIDE 11

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 11

Signing with Full-Domain-Hashing

SLIDE 12

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 12

Full-Domain-Hash Signatures for WBAES

AESk() = secret signing key WBAES-1

k()= public verification key

AES k

H(m) s H = Hash function truncated to 128 Bits

WBAES-1

k

y s H(m) ? =

SLIDE 13

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 13

Security Results for FDH-Signatures

Adv(Forge)  qs Adv(Unpred)

AESk

WBAES-1

k(),

random r xr

AESk(x) AESk(r)

Delerablee, Lepoint, Paillier, Rivain Unpredictability game (SAC 2013):

Coron (Crypto 2000): Problem: trivial attack strategy against unpredictability, wins with prob 2-64 after 264 WBAES evaluations and no AES queries Other problem: proof requires random oracle programming guarantees for 128-bit AES?

qs=#signature queries

SLIDE 14

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 14

CBC-Signatures with Random Oracles

Adv(Forge)  qH Adv(Unpred) + qH(qH+ qs) 2-128 CBC with Random-Oracle-Hashing: Problem with unpredictability inherent due to restricted input size of AES!

qH=#random oracle queries

Revisiting idea of CBC-Signing, but this time using random oracle: Signature s=CBCk(H(m)) for H outputting multiple of 128 bits Verification: compute CBC backwards using H(m)

SLIDE 15

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 15

Correlation Intractability

SLIDE 16

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 16

Correlation Intractability

AESk

WBAES-1

k()

r1,..,rR x

AESk(x) correlated r1, r2,…, rR and AESk(r1),AESk(r2),…,AESk(rR)

according to some fixed (non-trivial) correlation criteria like r1,r2,..rR are equal on leading 128-log R bits example: R=4 with qAES=264 yields probability of less than 2-128 Suzuki, Tonien, Kurosawa, Toyota (ICISC’06): generic upper bound (no WBAES input) of (qAES) R  2-128(R-1) after qAES AES queries

SLIDE 17

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 17

Correlation Intractability vs. Unpredictability

Correlation intractability (for R=2) Unpredictability



Correlation intractability Unpredictability



for general block ciphers, unclear for AES

SLIDE 18

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 18

Signing with Chaining and Correlation Intractability

SLIDE 19

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 19

ROChain: Signing

x 00

R=4

x 01 x 10 x 11 x = H(0|m) truncated to 125 bits s=(AESk(x|000),…,AESk(x|011)) X 00 1 X 01 1 X 10 1 X 11 1 X = H(1|s|m) truncated to 125 bits S= (AESk(X|100),…,AESk(X|111))

signature = ( s, S )

SLIDE 20

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 20

Verification

x 00

R=4

x 01 x 10 x 11 x = H(0|m) truncated to 125 bits s=(AESk(x|000),…,AESk(x|011)) X 00 1 X 01 1 X 10 1 X 11 1 X = H(1|s|m) truncated to 125 bits S= (AESk(X|100),…,AESk(X|111))

recompute x and X, check each AES value, & that pre-images in s resp. S are correlated signature = ( s, S )

SLIDE 21

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 21

Security (Idea)

x 00 x 01 x 10 x 11 x = H(0|m) truncated to 125 bits s=(AESk(x|000),…,AESk(x|011)) X 00 1 X 01 1 X 10 1 X 11 1 X = H(1|s|m) truncated to 125 bits S= (AESk(X|100),…,AESk(X|111)) cannot query about valid s for new x by corr.intractability needs to re-use x from signing query or one of very few collisions (26qs) most likely X* for m* different from all previous values, infeasbile to find valid S* by corr.intr.

SLIDE 22

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 22

Security bound for ROChainSign

Adv(Forge)  2 Adv(Corr.Intr.) + qs

2 2-113 + 3 2-128

Security bound for ROChainSign:

in the non-programmable random oracle model

SLIDE 23

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 23

Extensions

Correlation intractability can be used to give counter-based and nonce-based construction without random oracles but signatures become larger than in ROChainSig Example (R=4, signing 256-bit messages)

Scheme Signature Size Random Oracle? ROChainSign 8 AES values non-programmable CountSign (using counter) 16 AES values no, but stateful NonceSign (using nonces) 32 AES values no, stateless

SLIDE 24

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 24

Conclusion

SLIDE 25

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 25

Conclusion (I)

similar to iterations in password-based hashing Slowing down WBAES-1

k() computations hinders attacks

SLIDE 26

Marc Fischlin | Latincrypt 2019 | October 3rd, 2019 | 26

Conclusion (II)

Limited block length of AES causes trouble bypassing problems by switching to correlation intractability assumption constructions with reasonable bounds in non-programmable random oracle model and in standard model with nonces (larger signatures)