private circuits a modular approach

Private Circuits A Modular Approach Yuval Amit Prabhanjan Ishai - PowerPoint PPT Presentation

Oct 02, 2022 •107 likes •966 views

Private Circuits A Modular Approach Yuval Amit Prabhanjan Ishai Sahai Ananth Surveillance Devices Credit card details SSN number Passwords PGP keys Surveillance Devices Credit card details SSN number Passwords PGP keys

  1. Private Circuits A Modular Approach Yuval Amit Prabhanjan Ishai Sahai Ananth

  2. Surveillance Devices Credit card details SSN number Passwords PGP keys …

  3. Surveillance Devices Credit card details SSN number Passwords PGP keys … Side Channel Attacks Adversary can obtain partial information (leakage) about the computation

  4. Leakage-Resilient Cryptography GOAL Protecting cryptographic schemes against side-channel attacks

  5. This Work: Leakage-Resilient Circuit Compilers [ISW03]

  6. ̂ Circuit Compilers C C Compile

  7. ̂ ̂ ̂ ̂ Circuit Compilers C C Compile x x Encode $$ C ( C ( x ) x ) Decode

  8. ̂ Remarks • , contain NAND gates C C

  9. ̂ ̂ Remarks • , contain NAND gates C C - other bases for : results can be adapted C

  10. ̂ ̂ Remarks • , contain NAND gates C C - other bases for : results can be adapted C • Circuit compilation is deterministic

  11. ̂ ̂ Remarks • , contain NAND gates C C - other bases for : results can be adapted C • Circuit compilation is deterministic - compiled circuit is reusable; no trapdoors

  12. ̂ ̂ ̂ Remarks • , contain NAND gates C C - other bases for : results can be adapted C • Circuit compilation is deterministic - compiled circuit is reusable; no trapdoors • can contain random-bit gates C

  13. Leakage-Resilient Circuit Compilers

  14. ̂ ̂ Leakage-Resilient Circuit Compilers 1 NAND 1 0 NAND NAND 0 1 1 1 . . . . . . C ( x )

  15. ̂ ̂ ̂ ̂ Leakage-Resilient Circuit Compilers 1 NAND 1 0 … … Leak NAND NAND Bounded Leakage 0 1 1 1 . . . . . . C ( x ) Leakage on computation of on x C

  16. What is Leak ? • Global leakage: Leak is function of entire computation - low-complexity leakage classes [FRRTV11,Rot12] • Local leakage: adversary has partial view of computation - Wire-probing attacks [ISW03,…] - Split-state leakage-resilient compiler [GR12,…]

  17. What is Leak ? • Global leakage: Leak is function of entire computation - low-complexity leakage classes [FRRTV11,Rot12] • Local leakage: adversary has partial view of computation - Wire-probing attacks [ISW03,…] - Split-state leakage-resilient compiler [GR12,…]

  18. What is Leak ? • Global leakage: Leak is function of entire computation - low-complexity leakage classes [FRRTV11,Rot12] • Local leakage: adversary has partial view of computation - Wire-probing attacks [ISW03,…] - Split-state leakage-resilient compiler [MR03,DP08,GR12,…]

  19. What is Leak ? • Global leakage: Leak is function of entire computation - low-complexity leakage classes [FRRTV11,Rot12] • Local leakage: adversary has partial view of computation This Work! - Wire-probing attacks [ISW03,…] - Split-state leakage-resilient compiler [MR03,DP08,GR12,…]

  20. Wire-probing attacks [ISW03, …] ? 1 NAND NAND ? 0 1 0 … … Leak NAND NAND NAND NAND ? 1 ? ? 0 1 1 1 . . . . . . . . . . . . Subset of values in the computation leaked

  21. Leakage-Resilience: Wire-probing attacks [ISW03,…] Worst Case Leakage: threshold t - Any t wires are leaked - Perfect simulation given t bits of input

  22. Leakage-Resilience: Wire-probing attacks [ISW03,…] Worst Case Leakage: threshold t - Any t wires are leaked - Perfect simulation given t bits of input Following [ISW03], several works study this setting… [RP10,KHL11,GM11,CPR13,CGPQR12,…] MPC on Silicon Applying MPC techniques to design secure hardware

  23. Leakage-Resilience: Wire-probing attacks [ISW03,…] Worst Case Leakage: threshold t - Any t wires are leaked - Perfect simulation given t bits of input Recent years: focus on randomness complexity [IKLOPSZ13,BBPPTV16,BBPPTV17]

  24. Randomness Complexity Randomness Complexity = # of random-bit gates

  25. Randomness Complexity Randomness Complexity = # of random-bit gates How many random bit-gates are needed?

  26. Randomness Complexity Randomness Complexity = # of random-bit gates How many random bit-gates are needed? [IKLOPSZ13] random bit-gates sufficient, for any t 3+ ε ε > 0

  27. Randomness Complexity Randomness Complexity = # of random-bit gates How many random bit-gates are needed? [IKLOPSZ13] random bit-gates sufficient, for any t 3+ ε ε > 0 t 3+ ε Q: Is tight?

  28. Randomness Complexity Randomness Complexity = # of random-bit gates How many random bit-gates are needed? [IKLOPSZ13] random bit-gates sufficient, for any t 3+ ε ε > 0 t 3+ ε Q: Is tight? NO!

  29. Results: Worst-Case Probing Leakage resilient compilers for -sized circuits and threshold t s

  30. Results: Worst-Case Probing Leakage resilient compilers for -sized circuits and threshold s t - secure against -wire probing attacks t

  31. Results: Worst-Case Probing Leakage resilient compilers for -sized circuits and threshold s t - secure against -wire probing attacks t - compiled circuit has size s ⋅ poly ( t )

  32. Results: Worst-Case Probing Leakage resilient compilers for -sized circuits and threshold s t - secure against -wire probing attacks t - compiled circuit has size s ⋅ poly ( t ) t 1+ ε - randomness complexity = , for any ε > 0

  33. Leakage-Resilience: Random Wire-probing attacks [ISW03,Ajtai10,ADF16]

  34. ̂ ̂ Leakage-Resilience: Random Wire-probing attacks [ISW03,Ajtai10,ADF16] Probabilistic Leakage: parameterized by (p,e) Real World Ideal World C ( Simulate leakage Every wire in x ) just given C leaked with probability p ≈ e

  35. ̂ ̂ Leakage-Resilience: Random Wire-probing attacks [ISW03,Ajtai10,ADF16] Probabilistic Leakage: parameterized by (p,e) Real World Ideal World C ( Simulate leakage Every wire in x ) just given C leaked with probability p ≈ e Related to Noisy Leakage Model: [CJJR99,FRRTV10,DDF15,…]

  36. Prior works: Random Wire-Probing Attacks p = constant, e = negligible

  37. Prior works: Random Wire-Probing Attacks p = constant, e = negligible • [Ajtai10]: - highly complex

  38. Prior works: Random Wire-Probing Attacks p = constant, e = negligible • [Ajtai10]: - highly complex • [ADF16]: - simplifies Ajtai’s result - still uses heavy machinery (AG codes and expanders)

  39. Results: Random-Wire Probing Leakage-resilient circuit compiler against (p,e) -random probing attacks - for some 0 < p < 1 - e negligible in circuit size

  40. Results: Random-Wire Probing Leakage-resilient circuit compiler against (p,e) -random probing attacks - for some 0 < p < 1 - e negligible in circuit size p = 0.000065

  41. Results: Random-Wire Probing Leakage-resilient circuit compiler against (p,e) -random probing attacks - for some 0 < p < 1 - e negligible in circuit size - Simple composition-based approach; uses only elementary tools

  42. Results: Random-Wire Probing Leakage-resilient circuit compiler against (p,e) -random probing attacks - for some 0 < p < 1 - e negligible in circuit size Large gates: construction with p close to 1

  43. Leakage Tolerance

  44. ̂ ̂ ̂ Leakage Tolerance x = x C ( x ) = C ( x ) Input encoding and Output decoding algorithms are identity functions

  45. ̂ ̂ ̂ Leakage Tolerance x = x C ( x ) = C ( x ) Input encoding and Output decoding algorithms are identity functions This implies leakage-resilience!

  46. Security Notions A fraction of input and output will be leaked • Worst-case: parameterized by t

  47. Security Notions A fraction of input and output will be leaked • Worst-case: parameterized by t Leakage simulatable given - t bits of input - t bits of output

  48. Security Notions A fraction of input and output will be leaked • Probabilistic: parameterized by (p, p’ ,e) Leakage simulatable given - every bit of input x w/ probability p’ - every bit of output C(x) w/ probability p’

  49. Results: Leakage Tolerance Worst Case: t-wire probing attacks t 1+ ε • construction: randomness complexity • lower bound: require at least t random-bit gates

  50. Results: Leakage Tolerance Probabilistic Case: ( p , p’ ,e)-random probing attacks 0 1 p p < 0.00006, any p’ > p p > 0.8, any p’ > p Exists! Doesn’t exist

  51. Techniques

  52. Goal for this talk - Leakage-resilient circuit compiler - (p,e) -random probing attacks

  53. ̂ Starting Point: t-out-n Secure MPC C Π ( C ) x 1 x 2 x n x 1 x 2 x n P 1 P 2 … P n P 1 P 2 … P n

  54. ̂ Starting Point: t-out-n Secure MPC C Π ( C ) x 1 x 2 x n x 1 x 2 x n ≡ P 1 P 1 … P n P 1 P 2 … P n Passive Leak State of P2 Corruption of P2

  55. ̂ Leakage-Resilient Circuit Compiler C = Π ( C ′ � ) C’ Input: shares of x Output: shares of C(x) - reconstruct x - compute C(x) - share C(x)

  56. Leakage-Resilient Circuit Compiler Security?

  57. Leakage-Resilient Circuit Compiler Security? If at most t wires leaked then the leakage can be simulated

  58. Leakage-Resilient Circuit Compiler If at most t wires leaked then the leakage can be simulated Probability that more than t wires are leaked = Simulation error e 12poly( | C | ) ⋅ p ) ≤ exp ( Simulation − (1 + t ) 2 Error (by Chernoff) e

Recommend

Modular Budgets Modular Budgets Modular Budgets Modular Budgets OSPA NANO Session 10/25/06

Modular Budgets Modular Budgets Modular Budgets Modular Budgets OSPA NANO Session 10/25/06

Modular Budgets Modular Budgets Modular Budgets Modular Budgets OSPA NANO Session 10/25/06 OSPA NANO Session 10/25/06 Proposals Team Proposals Team What is a Modular Budget? What is a Modular Budget? What is a Modular Budget? What is a

386 views • 7 slides
Stevenage Circuits Group Incorporating: Stevenage Circuits Tru-Lon Printed Circuits March 2011

Stevenage Circuits Group Incorporating: Stevenage Circuits Tru-Lon Printed Circuits March 2011

Stevenage Circuits Group Incorporating: Stevenage Circuits Tru-Lon Printed Circuits March 2011 The Organisation Stevenage Circuits formed 1971 Tru-Lon integrated into the Stevenage site March 2011 Group privately owned 11m

1.26k views • 67 slides
Lecture 14: Boolean Circuits I Arijit Bishnu 17.04.2010 Introduction Boolean Circuits and P

Lecture 14: Boolean Circuits I Arijit Bishnu 17.04.2010 Introduction Boolean Circuits and P

Introduction Boolean Circuits and P Uniformly Generated Circuits Turing Machines that take Advice / poly Lecture 14: Boolean Circuits I Arijit Bishnu 17.04.2010 Introduction Boolean Circuits and P Uniformly Generated Circuits Turing Machines

1.08k views • 71 slides
1 TEMPORARY MODULAR HOUSING Meeting Purpose Learn how Temporary Modular Housing will allow

1 TEMPORARY MODULAR HOUSING Meeting Purpose Learn how Temporary Modular Housing will allow

TEMPORARY MODULAR HOUSING Temporary Modular Housing Community Information Session 7430 7460 Heather Street ( formerly 650 West 57 th Avenue) ) 1 TEMPORARY MODULAR HOUSING Meeting Purpose Learn how Temporary Modular Housing will allow

701 views • 32 slides
Modular Applications, Loose Coupling, and the NetBeans Lookup API The Need for Modular

Modular Applications, Loose Coupling, and the NetBeans Lookup API The Need for Modular

Modular Applications, Loose Coupling, and the NetBeans Lookup API The Need for Modular Applications Certified Engineer Course The Need for Modular Applications Certified Engineer Course The Need for Modular Applications Applications get

649 views • 36 slides
Managing Modular Software for your NuGet, C++ and Java Development Agenda Modular software

Managing Modular Software for your NuGet, C++ and Java Development Agenda Modular software

Managing Modular Software for your NuGet, C++ and Java Development Agenda Modular software why? Building modular software in Java in C++ in .NET Whos talking? @jbaruch 3 WTF IS MODULE? Module Modular

1.87k views • 158 slides
Introduction to Synchronous Sequential Introduction to Synchronous Sequential Circuits Circuits

Introduction to Synchronous Sequential Introduction to Synchronous Sequential Circuits Circuits

Introduction to Synchronous Sequential Introduction to Synchronous Sequential Circuits Circuits 1 Zvi Kohavi and Niraj K. Jha Sequential Circuits and Finite Sequential Circuits and Finite- -state state Machines Machines Machines

661 views • 15 slides
Lecture 14: Sequential Circuits, FSM Todays topics: Sequential circuits Finite

Lecture 14: Sequential Circuits, FSM Todays topics: Sequential circuits Finite

Lecture 14: Sequential Circuits, FSM Todays topics: Sequential circuits Finite state machines 1 Sequential Circuits Until now, circuits were combinational when inputs change, the outputs change after a while (time = logic

435 views • 19 slides
resources T M Modular Gold Plant MGP Environmentally Friendly True Modular

resources T M Modular Gold Plant MGP Environmentally Friendly True Modular

SPECIALISTS IN ADVANCED GOLD PROCESSING PLANTS resources T M Modular Gold Plant MGP Environmentally Friendly True Modular Construction Physical Recovery Process High Gold Recovery resources T M Modular Gold Plant

569 views • 21 slides
Modular Robots Modular Robots by D. Dibbern and A. Werdermann by D. Dibbern and A. Werdermann

Modular Robots Modular Robots by D. Dibbern and A. Werdermann by D. Dibbern and A. Werdermann

Modular Robots Modular Robots by D. Dibbern and A. Werdermann by D. Dibbern and A. Werdermann by D.Dibbern and A. Werdermann Introduction to modular robots Introduction Definition History General Research Challenges

616 views • 40 slides
WELCOME Temporary Modular Housing Community Information Session Thank you for joining us!

WELCOME Temporary Modular Housing Community Information Session Thank you for joining us!

TEMPORARY MODULAR HOUSING TEMPORARY MODULAR HOUSING WELCOME Temporary Modular Housing Community Information Session Thank you for joining us! During this session you will: Learn how Temporary Modular Housing will allow us to help people

375 views • 12 slides
Modular Home Virginia Building Solutions For Home Owners: Variety Modular homes look like

Modular Home Virginia Building Solutions For Home Owners: Variety Modular homes look like

Modular Home Virginia Building Solutions For Home Owners: Variety Modular homes look like any other homes. Today's technology has allowed modular manufacturers to build almost any style of house, from a simple ranch to a highly customized

522 views • 15 slides
Modular Program and Modular Design for LARP Quadrupoles A research program and magnet design

Modular Program and Modular Design for LARP Quadrupoles A research program and magnet design

Superconducting Magnet Division Modular Program and Modular Design for LARP Quadrupoles A research program and magnet design based on flat racetrack coil modules Ramesh Gupta May 4, 2005 (Revised June 14, 2005) Ramesh Gupta, BNL Modular

478 views • 26 slides
Efficient and secure modular operations using the Polynomial Modular Number System (Part 1)

Efficient and secure modular operations using the Polynomial Modular Number System (Part 1)

The Polynomial modular number system (PMNS) Randomisation with the PMNS Internal randomisation using the Montgomery-like method Efficient and secure modular operations using the Polynomial Modular Number System (Part 1) ephane Didier 1 , Fangan

758 views • 26 slides
Lecture 14. Outline. Modular Arithmetic Fact and Secrets There exists a polynomial... Modular

Lecture 14. Outline. Modular Arithmetic Fact and Secrets There exists a polynomial... Modular

Lecture 14. Outline. Modular Arithmetic Fact and Secrets There exists a polynomial... Modular Arithmetic Fact: Exactly 1 degree d polynomial with arithmetic modulo prime p contains d + 1 pts. Modular Arithmetic Fact: There is exactly 1

168 views • 4 slides
Grid.java public public class class Grid { private private final final int int width;

Grid.java public public class class Grid { private private final final int int width;

Grid.java public public class class Grid { private private final final int int width; private private final final int int height; private private final final Status[][] grid; private private boolean boolean empty = true true;

355 views • 4 slides
Quantum Computation Lecture 27 And that s all we got time for! 1 State 2 State State of

Quantum Computation Lecture 27 And that s all we got time for! 1 State 2 State State of

Quantum Computation Lecture 27 And that s all we got time for! 1 State 2 State State of a classical computer labeled by (say) bit strings 2 State State of a classical computer labeled by (say) bit strings e.g. 2-bit states: 00, 01, 10

1.57k views • 110 slides
UDT 2020 Lithium-Ion Batteries for Submarines: development and operational benefits Marie

UDT 2020 Lithium-Ion Batteries for Submarines: development and operational benefits Marie

UDT 2020 UDT Extended Abstract Presentation/Panel UDT 2020 Lithium-Ion Batteries for Submarines: development and operational benefits Marie LEVEQUE 1 , Herv FERAL 2 and Anthony COVARRUBIAS 3 1 Lithium-Ion Batteries Project Director, NAVAL

417 views • 4 slides
Going from A to G Star=ng with a full tank, we can

Going from A to G Star=ng with a full tank, we can

7/20/10 Going from A to G Star=ng with a full tank, we can drive 350 miles before we need to gas up, minimize the number of CS420

1.15k views • 17 slides
CS145: INTRODUCTION TO DATA MINING 1: Introduction Instructor: Yizhou Sun yzsun@cs.ucla.edu

CS145: INTRODUCTION TO DATA MINING 1: Introduction Instructor: Yizhou Sun yzsun@cs.ucla.edu

CS145: INTRODUCTION TO DATA MINING 1: Introduction Instructor: Yizhou Sun yzsun@cs.ucla.edu January 6, 2019 Course Information Course homepage: http://web.cs.ucla.edu/~yzsun/classes/2019Wi nter_CS145/index.html Class Schedule

736 views • 59 slides
Sarnak-Xue and Applications Amitay Kamber joint work with Konstantin Golubev 11/09/2018 Amitay

Sarnak-Xue and Applications Amitay Kamber joint work with Konstantin Golubev 11/09/2018 Amitay

Sarnak-Xue and Applications Amitay Kamber joint work with Konstantin Golubev 11/09/2018 Amitay Kamber Sarnak-Xue Density and Applications 11/09/2018 1 / 15 Introduction We will describe some generalizations and applications of the work of

309 views • 15 slides
Plugin Mechanisms in GCC Uday Khedker (www.cse.iitb.ac.in/uday) GCC Resource Center,

Plugin Mechanisms in GCC Uday Khedker (www.cse.iitb.ac.in/uday) GCC Resource Center,

Plugin Mechanisms in GCC Uday Khedker (www.cse.iitb.ac.in/uday) GCC Resource Center, Department of Computer Science and Engineering, Indian Institute of Technology, Bombay 13 June 2014 EAGCC-PLDI-14 Plugins: Outline 1/27 Outline

945 views • 49 slides
On the Exact Lower Bounds of Encoding Circuit Sizes of Hamming codes and Hadamard codes Zhengrui

On the Exact Lower Bounds of Encoding Circuit Sizes of Hamming codes and Hadamard codes Zhengrui

On the Exact Lower Bounds of Encoding Circuit Sizes of Hamming codes and Hadamard codes Zhengrui Li, Sian-Jheng Lin and Yunghsiang S. Han presented by Zhengrui Li ISIT2020 Lets consider a simple problem: How many additions (XORs) are

444 views • 27 slides
The Atmospheric Monitoring system of the JEM-EUSO telescope Simona Toscano for the JEM-EUSO

The Atmospheric Monitoring system of the JEM-EUSO telescope Simona Toscano for the JEM-EUSO

The Atmospheric Monitoring system of the JEM-EUSO telescope Simona Toscano for the JEM-EUSO Collaboration ISDC Data Centre for Astrophysics - University of Geneva (simona.toscano@unige.ch) 1 Tuesday, June 11, 13 Outline General

522 views • 30 slides

More recommend