Securing Circuits Against Constant-Rate Tampering Dana - - PowerPoint PPT Presentation

securing circuits
SMART_READER_LITE
LIVE PREVIEW

Securing Circuits Against Constant-Rate Tampering Dana - - PowerPoint PPT Presentation

Mar 29, 2024 346 likes •568 views

Securing Circuits Against Constant-Rate Tampering Dana Dachman-Soled Yael Tauman Kalai Microsoft Research Tamper-Resilient Circuits [Ishai-Prabhakaran-Sahai-Wagner06] wire tampering: Tamper with me toggle, set wire to 0/1 I will

slide-1
SLIDE 1

Securing Circuits Against Constant-Rate Tampering

Dana Dachman-Soled Yael Tauman Kalai Microsoft Research

slide-2
SLIDE 2

Tamper-Resilient Circuits

[Ishai-Prabhakaran-Sahai-Wagner06]

Tamper with me I will self destruct!

[IPSW06]: 1/size tampering rate Our work: 1/const tampering rate

wire tampering: toggle, set wire to 0/1

slide-3
SLIDE 3

Fault attacks

[Boneh-DeMillo-Lipton97, Biham-Shamir98, …]

Timing attacks

[Kocher96,…]

Power attacks [Kocher-Jaffe-Jun99,…] Acoustic attacks

[Shamir-Tromer]

Radiation Attacks

[Agrawal-Archambeault- Rao-Rohatgi02]

Physical Attacks

Cold-boot attack

[Halderman-Schoen- Heninger-Clarkson- Calandrino-Feldman- Appelbaum –Felten08]

slide-4
SLIDE 4

Fault attacks

[Boneh-DeMillo-Lipton97, Biham-Shamir98, …]

Timing attacks

[Kocher96,…]

Power attacks [Kocher-Jaffe-Jun99,…] Acoustic attacks

[Shamir-Tromer]

Cold-boot attack

[Halderman-Schoen- Heninger-Clarkson- Calandrino-Feldman- Appelbaum –Felten08]

Leakage attacks Tampering attacks

Radiation Attacks

[Agrawal-Archambeault- Rao-Rohatgi02]

slide-5
SLIDE 5

Leakage attacks Tampering attacks

[Rivest1997, Boyko1999, Canetti-Dodis- Halevi-Kushilevitz-Sahai2000, Ishai-Sahai- Wagner2003, Micali-Reyzin2004, Ishai- Prabhakaran-Sahai-Wagner2006, Dziembowski-Pietrzak2008, Pietrzak2009 , Akavia-Goldwasser-Vaikuntanathan2009, Dodis-K-Lovett2009, Naor-Segev2009, Katz- Vaikuntanathan2009, Alwen-Dodis- Wichs2009, Alwen-Dodis-Naor-Segev- Walfish-Wichs2009, Faust-Kiltz-Pietrzak- Rothblum2009, Faust-Rabin-Reyzin-Tromer- Vaikuntanathan2010, Dodis-Goldwasser-K- Peikert-Vaikuntanathan2010, Goldwasser-K- Peikert-Vaikuntanathan2010, Juma- Vahlis2010, Goldwasswer-Rothblum2010, Canetti-K-Mayank-Wichs2010, Dodis- Haralambiev-LopezAlt-Wichs2010, Brakerski-K-Katz-Vaikuntanathan2010, Boyle-Segev-Wichs2010, Dodis- Pietrzak2010, Braverman-Hassidim-K2010, Lewko-Waters2010, Lewko-Rouselakis- Waters2011, Lewko-Lewko-Waters2011, Jain-Pietrzak2011, Bitansky-Canetti-Halevi- Goldwasser-K-Rothblum2011, Bitansky- Canetti-Halevi2011, Garg-Jain-Sahai2011, Brakerski-K2011, Dodis-Lewko-Waters- Wichs2011,Boyle-Garg-Goldwasser-Jain- Sahai11…] [Bellare-Kohno2003, Gennaro-Lysyanskaya-Malkin- Micali-Rabin2004, Ishai-Prabhakaran-Sahai- Wagner2006, Applebaum-Harnik-Ishai2010, Dziembowski-Pietrzak-Wichs2010, Kalai-kanakhurthi- Sahai2011, , Choi-Kiayias-Malkin11, Kalai-Lewko- Rao2011, Liu-Lysyanskaya12]

slide-6
SLIDE 6

Our Results

Compiler “tamper resilient”

𝐷’ 𝐷

Need to define:

  • 1. Tampering model
  • 2. Security guarantee
slide-7
SLIDE 7

Theoretical Result

slide-8
SLIDE 8

Memory Secret 𝑡 Public input

𝑦𝑗

Inspired by [Ishai-Prabhakaran-Sahai-Wagner2006]

𝐷

input 𝑦𝑗 𝑦𝑗

Tampering Model

(tampering with individual wires)

tampering function

slide-9
SLIDE 9

Memory Secret 𝑡

𝑦𝑗

Tampering Model

(tampering with individual wires)

Inspired by [Ishai-Prabhakaran-Sahai-Wagner2006]

Public input

𝑦𝑗

Impossible!

[IPSW06]

input 𝑦𝑗 tampering function

slide-10
SLIDE 10

Memory Secret 𝑡𝑗

𝑦𝑗

Inspired by [Ishai-Prabhakaran-Sahai-Wagner2006]

Public input

𝑦𝑗

Tampering Model

(tampering with individual wires)

input 𝑦𝑗 tampering function

slide-11
SLIDE 11

Our Results

Compiler tamper resilient

𝐷’ 𝐷

Need to define:

  • 1. Tampering model
  • 2. Security guarantee
slide-12
SLIDE 12

Security Guarantee

there exists simulator 𝑇𝑗𝑛 s.t. For every

𝑇𝑗𝑛𝐷 ≈

𝑡𝑗

𝑦𝑗

, 𝑀(𝑡)

Only log bits

  • f leakage

When did self- destruct occur

slide-13
SLIDE 13

Our Results

Compiler

tamper resilient

𝐷’

𝐷

  • Resilient to constant tampering rate.
  • Information theoretic
slide-14
SLIDE 14

Comparison with [IPSW06]

[IPSW06] Our Work

Tampering rate <

1 𝑙

Tampering rate is const. Uses randomness gates or relies on computational assumptions Information theoretic no need for randomness No leakage log bits of leakage Persistent faults Non-persistent faults

slide-15
SLIDE 15

Other Related Work

  • Fault-tolerant computation

[VonNeumann56, . . ., KLM94, GZ95, KRL12]

  • Tampering only with the memory gates.

[Gennaro-Lysyanskaya-Malkin-Micali-Rabin2004, Applebaum- Harnik-Ishai2010, Dziembowski-Pietrzak-Wichs2010, Kalai- Kanakhurthi-Sahai2011 , Choi-Kiayias-Malkin11, Liu- Lysyanskaya12]

  • Tampering with the entire circuit:

[IPSW06, Faust-Pietrzak-Venturi11]

– [FPV11] logarithmic leakage. – [FPV11] tamper with wires, but random errors

slide-16
SLIDE 16

Overview of our Construction

Add tamper-detection component that erases memory if tampering is detected.

Starting point [IPSW06]:

tamper- resilient

Key: Tamper-detection component in 𝑂𝐷0

. . .

circuit of constant size

Tool: PCP of Proximity

[Ben-Sasson-Goldreich-Harsha-Sudan-Vadhan06]

slide-17
SLIDE 17

Overview of our Construction (Cont.)

Tool: PCP of Proximity

[Ben-Sasson-Goldreich-Harsha-Sudan-Vadhan06]

Compiler

𝐷

𝐷

PCPP for 𝐷(𝑦) = 𝑐

Memory Secret 𝑡 Public input 𝑦 Memory Secret 𝑡 Public input 𝑦

slide-18
SLIDE 18

Memory: S = ECC(s) Encoding

  • f Input

Circuit Computation PCPP Computation

˄ ˄

PCPP Verification 𝐻𝑑𝑏𝑡 𝐻𝑝𝑣𝑢 Error Cascade Output Input: x X = ECC(x) b 𝑐

slide-19
SLIDE 19

Summary

Compiler

tamper resilient

𝐷’

𝐷

  • Resilient to constant tampering rate.
  • Information theoretic
  • Extend to leakage + tampering (in the paper)
slide-20
SLIDE 20

Thank you!