Leakage-Resilient Cryptography with Key Derived from Sensitive Data - - PowerPoint PPT Presentation

Leakage-Resilient Cryptography with Key Derived from Sensitive Data

Konrad Durnoga, Stefan Dziembowski, Tomasz Kazana, Michał Zając, Maciej Zdanowicz

Estonian Computer Science Theory Days
 Jõeküla 
 2-4.10.2015

installs a virus retrieve some data

Computers can be infected by a mallware

The virus can:

• take control over the machine
• steal some secrets stored on the machine

Can we run any crypto on such a machine?

your secret key

retrieve = leak

What if a virus can download the whole data stored on a machine? We are HOPELESS - virus can just make a copy of the machine Let assume she cannot!

no virus installs a virus retrieve some data no virus installs a virus retrieve some data no virus installs a virus retrieve some data

We care only about the periods when machine is virus-free thus… When the virus controlls the machine nothing can be done

no virus installs a virus retrieve some data no virus installs a virus retrieve some data no virus installs a virus retrieve some data

This is called Bounded Retrieval Model (BRM)

installs a virus retrieve some data

Idea: Make secret data so big, that no adversary can retrieve it at whole. Considering modern Internet connection speeds, we should think about secrets a few GB long. But… how big should it be? Bounded Retrieval Model

Stupid idea: Let’s use RSA/ElGamal scheme with such a long key Problem: Reading a few GB of data into memory takes a lot of time

(doing mathematical operations takes even more…)

need to find a way around… Eg: use some random bits from the key, not the whole key How to work with huge secrets?

But this is still such a waste of space!

BRM is not very useful on mobile devices, because of its huge space requirements.

Idea: use data already stored on a device

Problem: this data is not random

How to measure randomness? Bad idea: use Shannon entropy Disk data is a random variable, and there is sth called entropy by example (1):

Let Enc be an encryption algorithm with the following key distribution: k = 000…0 with prob. ½ k randomly sampled from {0,1}n \ 0n

This cannot be secure, because we can guess k

How to measure randomness? Bad idea: use Shannon entropy Disk data is a random variable, and there is sth called entropy this output has a huge probability of occurence by example (2): but because other

• utputs are have very

small probability, the entropy of this variable is still quite big

Better idea: min-entropy

H∞(X) = − log max

x

P(X = x)

by definition: by example:

what is the probability of the most probable outcome? the most probable outcome

• ccurs with probability 2-k

H∞ ! = k

thus…

part of small min-entropy part of big min-entropy This is disk…

Idea transform this: into this:

using some smart bluring function

Tool 1: Random Oracle H(x) a random from {0,1}^n x ∈ {0,1}* On query x random oracle answers with random value H(x) For x = y the answer is the same, H(x) = H(y) (the answer doesn’t change for the same query)

You can tell nothing about H-1(x) from H(x)

D1 D2 D3 D`°2 D`°1 D` D0

1

D0

2

D0

3

D0

`°2

D0

`°1

D0

`

G ...

Tool 2: disperser graph We say that G is (k, δ, ɛ) left disperser if for any set of at least k left vertices is connected to at least (1 - ε)ℓ vertices on the right Say G is a δ-regular biparite graph with ℓ nodes on the left and on the right. Every big enough set on the left is connected to almost all vertices on the right

The bluring function* H(Di1, Di2, …, Did) = D’j H - random oracle from {0,1}dn to {0,1}n D - block of length n Di1 Di2 Di3 Did D’j Key Derivation Procedure — kdp

The result key derivation function, which is private (Output(A( )), ) ≈ε (Output(S(A)), ). We can construct a simulator S such that no distinguisher D can differentiate between simulator and adversary output, even if D sees private data

(key from kdp)

Privacy, idea of a proof Bad query: say q= b1,…, bd is a query to a random

• racle. We say that q is bad iff q = Di(1),…Di(d).

D1 D2 D3 D`°2 D`°1 D` D0

1

D0

2

D0

3

D0

`°2

D0

`°1

D0

`

G ...

One-wayness of Disperser: Let A be an adversary with leakage (from D and D’) λ and r queries to a random

• racle, then probability that A submits at least ℓe bad

queries is negligible. G is (ℓe, d, ɛ) left disperser

Privacy, idea of a proof Privacy: We construct simulator S such that S simulates perfectly, unless A makes at least ℓe bad queries, but this happens only with negligible probability.

(key from kdp)

(Output(A( )), ) ≈ε (Output(S(A)), ).

The result key derivation function, which is secure If adversary A breaks a security of a BRM protocol with probability at most ɛ then it breaks the same protocol with a key delivered by kdp with probability: ɛ + Probability that A makes at least ℓe bad queries

Security, idea of a proof secure If adversary A breaks a security of a protocol depending on she can break a security of a protocol depending on

(key obtained by a key derivation procedure) (uniformly random key)

The result Almost every BRM protocol can be made space efficient

Authetication Merkle tree for a, b - children of c,
 value(c) = H(value(a), value(b))

Authetication Merkle tree for a, b - children of c,
 value(c) = H(value(a), value(b)) H( , ) =

Authetication

value(root) — publicly known V sends a (fresh) random k P responds with a path from k-th leave up to the root V checks whether the path is

• correct. In such a case accepts,
• therwise rejects

Prover P wants to authenticate to verifier V

Putting things together 3 on challenge k sent a path from k-th leave up to the root 2 compute the value at the root and make it public 1 using key derivation procedure blur disk data

Time vs space tradeoff To make authentication faster we can remember some nodes of a Merkle tree

Thank you