tink a cryptographic library
play

Tink: a cryptographic library Bartosz Przydatek joint work with - PowerPoint PPT Presentation

Feb 22, 2023 •271 likes •657 views

slides from presentation at Real World Crypto 2019 Tink: a cryptographic library Bartosz Przydatek joint work with Daniel Bleichenbacher and Thai Duong with contributions by Haris Andrianakis , Thanh Bui , Thomas Holenstein , Charles Lee , Erhan

  1. slides from presentation at Real World Crypto 2019 Tink: a cryptographic library Bartosz Przydatek joint work with Daniel Bleichenbacher and Thai Duong with contributions by Haris Andrianakis , Thanh Bui , Thomas Holenstein , Charles Lee , Erhan Nergiz, Quan Nguyen , Veronika Slívová , and others 1 Confidential + Proprietary Confidential + Proprietary

  2. Motivation ● cryptography is useful... ● ... but often difficult to use correctly ● complex APIs need in-depth expertise to be used safely ● focus of non-crypto developers is usually not on crypto ● simple mistakes can have serious consequences Tink: a cryptographic library 2 Confidential + Proprietary

  3. Motivation: complex APIs: OpenSSL int EVP_EncryptInit_ex ( EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, unsigned char *key, unsigned char *iv); int EVP_EncryptUpdate ( EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_EncryptFinal_ex ( EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); Tink: a cryptographic library Tink: a cryptographic library 3 Confidential + Proprietary

  4. Motivation: complex APIs: OpenSSL int EVP_EncryptInit_ex ( EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, unsigned char *key, unsigned char *iv); int EVP_EncryptUpdate ( EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_EncryptFinal_ex ( EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); Tink: a cryptographic library Tink: a cryptographic library 4 Confidential + Proprietary

  5. Motivation: complex APIs: Crypto API NG NTSTATUS BCryptEncrypt ( BCRYPT_KEY_HANDLE hKey, PUCHAR pbInput, ULONG cbInput, VOID *pPaddingInfo, PUCHAR pbIV, ULONG cbIV, PUCHAR pbOutput, ULONG cbOutput, ULONG *pcbResult, ULONG dwFlags ); Tink: a cryptographic library Tink: a cryptographic library 5 Confidential + Proprietary

  6. Motivation: complex APIs: Java JCE SecureRandom secureRandom = new SecureRandom(); byte[] key = new byte[16]; secureRandom.nextBytes(key); SecretKey secretKey = SecretKeySpec(key, "AES"); byte[] iv = new byte[IV_SIZE]; secureRandom.nextBytes(iv); GCMParameterSpec parameterSpec = new GCMParameterSpec(128, iv); Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey, parameterSpec); // continued... Tink: a cryptographic library Tink: a cryptographic library 6 Confidential + Proprietary

  7. Motivation: complex APIs: Java JCE SecureRandom secureRandom = new SecureRandom(); byte[] key = new byte[16]; secureRandom.nextBytes(key); SecretKey secretKey = SecretKeySpec(key, "AES"); byte[] iv = new byte[IV_SIZE]; secureRandom.nextBytes(iv); GCMParameterSpec parameterSpec = new GCMParameterSpec(128, iv); Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey, parameterSpec); // continued... Tink: a cryptographic library 7 Confidential + Proprietary

  8. Motivation: complex APIs: Java JCE (cont.) // continued... byte[] ciphertext = new byte[IV_SIZE + plaintext.length + TAG_SIZE]; System.arraycopy(iv, 0, ciphertext, 0, IV_SIZE); if (associatedData != null) { cipher.updateAAD(associatedData); } cipher.doFinal(plaintext, 0, plaintext.length, ciphertext, IV_SIZE); return ciphertext; Tink: a cryptographic library 8 Confidential + Proprietary

  9. Motivation: complex APIs: Java JCE (cont.) // continued... byte[] ciphertext = new byte[IV_SIZE + plaintext.length + TAG_SIZE]; System.arraycopy(iv, 0, ciphertext, 0, IV_SIZE); if (associatedData != null) { cipher.updateAAD(associatedData); } cipher.doFinal(plaintext, 0, plaintext.length, ciphertext, IV_SIZE); return ciphertext; Tink: a cryptographic library 9 Confidential + Proprietary

  10. Motivation: ambiguous yet inextensible APIs C++ Keyczar: Keyczar object can do “everything” class Keyczar { virtual bool Sign (...); virtual bool AttachedSign (...); virtual bool Verify (...); virtual bool AttachedVerify (...); virtual bool Encrypt (...); virtual bool Decrypt (...); // ... virtual bool IsAcceptablePurpose ( KeyPurpose purpose); } … yet this might still be not enough! Tink: a cryptographic library 10 Confidential + Proprietary

  11. Motivation: ambiguous yet inextensible APIs Java Keyczar: one Encrypter for all encryption public class Encrypter extends Keyczar { public byte[] encrypt (byte[] input) { /*...*/ } @Override boolean isAcceptablePurpose (KeyPurpose purpose) } ● Mixes public-key encryption and numerous flavours of symmetric encryption ● Bound to a global KeyPurpose-enum Tink: a cryptographic library 11 Confidential + Proprietary

  12. Outline ● Tink design goals ● User’s perspective : primitives and keyset handles ● Tink core : keys, key managers, keysets, registry ● Key management features ● Readability & Auditability : security guarantees and configs ● Extensibility : custom implementations & custom primitives ● Current status and future plans Tink: a cryptographic library 12 Confidential + Proprietary

  13. Tink design goals ● Security ○ hard-to-misuse API reuse of proven and well-tested libraries (project Wycheproof) ○ ● Usability ○ simple & easy-to-use API ○ user can focus on the desired functionality Tink: a cryptographic library 13 Confidential + Proprietary

  14. Tink design goals (cont.) ● Readability and Auditability ○ functionality “visible” in code, ○ control over employed cryptographic schemes ● Extensibility ○ easy to add new functionalities, schemes, formats ○ support for local customizations Tink: a cryptographic library 14 Confidential + Proprietary

  15. Tink design goals (cont.) ● Agility ○ built-in key rotation ○ support for deprecation of obsolete/broken schemes ● Interoperability ○ available in many languages and on many platforms ○ integration with external services (e.g. KMS) Tink: a cryptographic library 15 Confidential + Proprietary

  16. User’s perspective: Primitives Primitive : an abstract representation of a crypto functionality ● defines functionality in a form of an interface ● not bound to any specific implementation or a global enum ● (official) implementations come with security guarantees Tink: a cryptographic library 16 Confidential + Proprietary

  17. User’s perspective: MAC primitive Message Authentication Code (MAC) public interface Mac { byte[] computeMac (final byte[] data) throws … void verifyMac (final byte[] mac, final byte[] data) throws … } Tink: a cryptographic library 17 Confidential + Proprietary

  18. User’s perspective: AEAD primitive Authenticated Encryption with Associated Data (AEAD) public interface Aead { byte[] encrypt (final byte[] plaintext, final byte[] associatedData) throws … byte[] decrypt (final byte[] ciphertext, final byte[] associatedData) throws … } Tink: a cryptographic library 18 Confidential + Proprietary

  19. User’s perspective: Streaming AEAD primitive public interface StreamingAead { OutputStream newEncryptingStream (OutputStream ciphertextDestination, byte[] associatedData) throws … InputStream newDecryptingStream (InputStream ciphertextSource, byte[] associatedData) throws … /* ... */ } Tink: a cryptographic library 19 Confidential + Proprietary

  20. User’s perspective: AEAD primitive in action import com.google.crypto.tink.Aead; import com.google.crypto.tink.KeysetHandle; // 1. Generate or retrieve the key material. KeysetHandle keysetHandle = ...; // 2. Get the primitive. Aead aead = keysetHandle. getPrimitive (Aead.class); // 3. Use the primitive to encrypt a plaintext, byte[] ciphertext = aead . encrypt (plaintext, aad); Tink: a cryptographic library 20 Confidential + Proprietary

  21. User’s perspective: AEAD primitive in action import com.google.crypto.tink.Aead; import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.aead.AeadKeyTemplates; // 1. Generate or retrieve the key material. KeysetHandle keysetHandle = KeysetHandle. generateNew (AeadKeyTemplates.AES128_GCM); // 2. Get the primitive. Aead aead = keysetHandle. getPrimitive (Aead.class); // 3. Use the primitive to encrypt a plaintext, byte[] ciphertext = aead . encrypt (plaintext, aad); Tink: a cryptographic library 21 Confidential + Proprietary

  22. User’s perspective: AEAD primitive in action import com.google.crypto.tink.Aead; import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.integration.android.AndroidKeysetManager; // 1. Generate or retrieve the key material. AndroidKeysetManager keysetManager = AndroidKeysetManager. Builder ()...; KeysetHandle keysetHandle = keysetManager. getKeysetHandle (); // 2. Get the primitive. Aead aead = keysetHandle. getPrimitive (Aead.class); // 3. Use the primitive to encrypt a plaintext, byte[] ciphertext = aead . encrypt (plaintext, aad); Tink: a cryptographic library 22 Confidential + Proprietary

  23. Tink core: keys Key : a container for cryptographic key material and params ● identified by a string: key type (a.k.a. type url ), e.g. "type.googleapis.com/google.crypto.tink.AesGcmKey" ● implemented as a protocol buffer: message AesGcmKey { uint32 version; bytes key_value; } Tink: a cryptographic library 23 Confidential + Proprietary

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The security impact AES-128, RSA-2048, etc. of a new cryptographic library are widely accepted

The security impact AES-128, RSA-2048, etc. of a new cryptographic library are widely accepted

The security impact AES-128, RSA-2048, etc. of a new cryptographic library are widely accepted standards. D. J. Bernstein, U. Illinois Chicago Obviously infeasible to break & T. U. Eindhoven by best attacks in literature. Tanja Lange, T.

1.65k views • 142 slides
The security impact of a new cryptographic library D. J. Bernstein, U. Illinois Chicago Joint

The security impact of a new cryptographic library D. J. Bernstein, U. Illinois Chicago Joint

The security impact of a new cryptographic library D. J. Bernstein, U. Illinois Chicago Joint work with: Tanja Lange, T. U. Eindhoven Peter Schwabe, Academia Sinica http://xkcd.com/538/ AES-128, RSA-2048, etc. are widely accepted standards.

603 views • 38 slides
The security impact of a new cryptographic library D. J. Bernstein, U. Illinois Chicago Joint

The security impact of a new cryptographic library D. J. Bernstein, U. Illinois Chicago Joint

The security impact of a new cryptographic library D. J. Bernstein, U. Illinois Chicago Joint work with: Tanja Lange, T. U. Eindhoven Peter Schwabe, National Taiwan U. http://xkcd.com/538/ AES-128, RSA-2048, etc. are widely accepted

641 views • 35 slides
Improvement of a JavaScript cryptographic library performance with big numbers Master Semester

Improvement of a JavaScript cryptographic library performance with big numbers Master Semester

Improvement of a JavaScript cryptographic library performance with big numbers Master Semester Project Julien von Felten Supervisor: Gaylor Bosson Responsible: Prof. Bryan Ford DEDIS, EPFL January 2020 1/11 Table of Contents Introduction

430 views • 11 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
A New Kid on the Block: CLINT - a Cryptographic Library for the INternet of Things Mike Scott

A New Kid on the Block: CLINT - a Cryptographic Library for the INternet of Things Mike Scott

A New Kid on the Block: CLINT - a Cryptographic Library for the INternet of Things Mike Scott CertiVox Ltd Real World Crypto, London, January 2014 A problem Academic Cryptographers ? Real Real World Crypto Figure: Communication Problem

632 views • 13 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views • 37 slides
How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

Department of Informatics Security and Privacy Maximilian Blochberger How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic pitfalls by design Goal Raise awareness of cryptographic misuse Disclaimer

910 views • 29 slides
Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017 Vincent Cheval Equipe Pesto, INRIA, Nancy 1 Cryptographic protocols Communication on public network Cryptographic protocols: Concurrent programs

946 views • 69 slides
Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth M.D.Ryan@cs.bham.ac.uk research@bensmyth.com Cryptoforma 7th April 2010 Cryptographic protocols A cryptographic protocol is a distributed procedure that employs

698 views • 46 slides
New cryptographic goals Data privacy is not the only important cryptographic goal CS 4803

New cryptographic goals Data privacy is not the only important cryptographic goal CS 4803

New cryptographic goals Data privacy is not the only important cryptographic goal CS 4803 It is also important that a receiver is assured Computer and Network Security that the data it receives has come from the sender and has not been

617 views • 5 slides
Presentation 7.3b: Multiple linear regression Murray Logan 09 Aug 2016 library (GGally) library

Presentation 7.3b: Multiple linear regression Murray Logan 09 Aug 2016 library (GGally) library

Presentation 7.3b: Multiple linear regression Murray Logan 09 Aug 2016 library (GGally) library (ggplot2) library (gridExtra) library (dplyr) library (coda) library (brms) library (rstan) library (car) Preparations g e s c k a P a a D

180 views • 14 slides
Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes,

Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes,

Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes, CNRS, IRISA, France Thursday, July 12th, 2018 Cryptographic protocols everywhere ! Cryptographic protocols small programs designed to secure

849 views • 80 slides
Library RMR Project Renovate, Modernize, Reorganize Library Serves Patrons of Every Age This

Library RMR Project Renovate, Modernize, Reorganize Library Serves Patrons of Every Age This

Library RMR Project Renovate, Modernize, Reorganize Library Serves Patrons of Every Age This Library is Well-Used! Community Feedback Verified Strategic Plan Posted on library website November 2015 Plans displayed at library December

420 views • 19 slides
The Standard C Library 1 The C Standard Library 2 The C Standard Library I/O stdio.h

The Standard C Library 1 The C Standard Library 2 The C Standard Library I/O stdio.h

The Standard C Library 1 The C Standard Library 2 The C Standard Library I/O stdio.h printf, scanf, puts, gets, open, close, read, write, fprintf, fscanf, fseek, Memory and string operations string.h memcpy, memcmp, memset,

1.02k views • 54 slides
The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley,

The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley,

Introduction tcpcrypt Performance Conclusion 1/25 The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley, David Mazi` eres, and Dan Boneh Stanford and UCL August 13, 2010 Goals Introduction

615 views • 42 slides
Interstitial lung disease: diagnosis and testing Professor Joanna Porter, Consultant in

Interstitial lung disease: diagnosis and testing Professor Joanna Porter, Consultant in

RCGP accredited until 1 st April 2020 RCN accredited until 2 nd July 2020 Accreditation applies only to the educational content and not to any product RCN cannot confirm competence of any practitioner Interstitial lung disease: diagnosis and

320 views • 12 slides
How to get all women involved: communica2on and outreach

How to get all women involved: communica2on and outreach

How to get all women involved: communica2on and outreach Diane M Harper, MD, MPH, MS Director, Gynecologic Cancer Preven2on Research Group Professor,

499 views • 26 slides
Search for Majorana neutrinos and double beta decay experiments Xavier Sarazin Laboratoire de

Search for Majorana neutrinos and double beta decay experiments Xavier Sarazin Laboratoire de

Search for Majorana neutrinos and double beta decay experiments Xavier Sarazin Laboratoire de lAcclrateur Linaire (CNRS-IN2P3, Univ. Paris-Sud 11) Majorana Neutrino Neutrino is the only fermion with Q = 0 Neutrino might be a

660 views • 40 slides
Cryptanalysis of the Knapsack Generator Simon Knellwolf Willi Meier FHNW, Switzerland FSE 2011,

Cryptanalysis of the Knapsack Generator Simon Knellwolf Willi Meier FHNW, Switzerland FSE 2011,

Cryptanalysis of the Knapsack Generator Simon Knellwolf Willi Meier FHNW, Switzerland FSE 2011, February 14-16, Lyngby, Denmark. 1 / 15 Knapsack Generator n -bit integers w 0 , . . . , w n 1 ( weights ) n -bit LFSR sequence u 0 , u 1 , u 2

337 views • 15 slides
CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record

CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record

Implementing scalable CAN Security with CANcrypt by Olaf Pfeiffer CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record and re-play messages Can trigger desired actions Re-engineering

320 views • 21 slides
Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen

Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen

Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen Gauravaram 1 , Ga eten Leurent 2 , Florian Mendel 3 , Mar a Naya-Plasencia 4 , Thomas Peyrin 5 , Christian Rechberger 6 , Martin Schl affer 3 , 1

822 views • 45 slides
Introduction to Cryptography Slide 1 Definition process data into unintelligible form,

Introduction to Cryptography Slide 1 Definition process data into unintelligible form,

1 Introduction to Cryptography Slide 1 Definition process data into unintelligible form, reversibly, without data loss typically digitally usually one-to-one in size $ compression analog cryptography: voice changers, shredder

331 views • 10 slides

More recommend