protecting circuits from leakage
Post on 24-Feb-2016
36 Views
Preview:
DESCRIPTION
TRANSCRIPT
Default
Protecting Circuits from LeakageSebastian Faust
@ Rome La Sapienza, January 18, 2009
Joint work withKU LeuvenTal RabinLeo ReyzinEran TromerVinod VaikuntanathanIBM ResearchBoston UniversityMITIBM Research1Beautiful Theory
3. Prove that no adversary existsAdversarial Model
Security Definition
3
The Ugly Reality
electromagneticacousticprobingcacheopticalpower
4MotivationMany provably secure cryptosystems can be broken by side-channel attacks4The great tragedy of Science the slaying of a beautiful hypothesis by an ugly fact. Thomas Henry Huxley Bloodshed!5Engineering approachAd-hoc countermeasures typically tailored to defeat specific attacksBut security only if protection againstall known side channel attacksall new attacks during thedevice's lifetime.
56Cryptographic approachFace the music: computational devices are not black-box.
Cryptosystem should protect already at algorithmic-level against side-channel attacks
Prove security against well-defined class of resource-bounded adversaries
6Related Work[CDHKS00]: Canetti, Dodis, Halevi, Kushilevitz, Sahai: Exposure-Resilient Functions and All-Or-Nothing Transforms[ISW03]: Ishai, Sahai, Wagner: Private Circuits: Securing Hardware against Probing Attacks[MR04]: Micali, Reyzin: Physically Observable Cryptography[GTR08]: Goldwasser, Tauman-Kalai, Rothblum: One-Time Programs[DP08]: Dziembowski, Pietrzak: Leakage-Resilient Cryptography in the Standard Model[Pie09]: Pietrzak: A leakage-resilient mode of operation[AGV09]: Akavia, Goldwasser, Vaikuntanathan: Simultaneous Hardcore Bits and Cryptography against Memory Attacks [ADW09]: Alwen, Dodis, Wichs: Leakage-Resilient Public-Key Cryptography in the Bounded Retrieval Model[FKPR09]: Faust, Kiltz, Pietrzak, Rothblum: Leakage-Resilient Signatures[DHT09]: Dodis, Lovett, Tauman-Kalai: On Cryptography with Auxiliary Input[SMY09]: Standaert, Malkin, Yung: A Unified Framework for the Analysis of Side-Channel Key-Recovery Attacks...
778MXYAny boolean circuit
Circuit transformation
Transformed circuit
t-wireprobing
Y
Xblack-box
indistinguishable[Ishai Sahai Wagner 03]9
Our goalAllow much stronger leakage.10
Our main constructionA transformation that makes any circuit resilient againstGlobal adaptive leakageMay depend on whole state and intermediate results, and chosen adaptively by a powerful on-line adversary.Arbitrary total leakage Bounded just per observation.[DP08]
But we must assume something:Leakage function is computationally weak[MR04]A simple leak-free component[MR04]
11
antennas are dumb
computationally weak
can be powerful
Computationally-weak leakageAssumption: the observed leakage is a computationally-weak functionof the devices internal wires.12
Secure against global leakageWe do not assume spatial locality, such as:
t wires [ISW03]Only computation leaks information [MR04][DP08][Pie09][FKPR09]
13Leak-free components
Secure memory[GKR08]
Secure processor[G89][GO95]
Here: simple component that samples from a fixed distribution, e.g:securely draw strings with parity 0.No stored secrets or stateNo input, so can be precomputed Can be relaxed13Secure memory: reasonable for software attacks, less so for hardware attacksSecure processor: nontrivial crypto functionality; for simple circuits, as hard as the original problem14Computation modelSecurity modelCircuit transformationProof approachExtensions
Rest of this talk15
Original circuitOriginal circuit C of arbitrary functionality(e.g., crypto algorithms), with state M,over a finite field K.Example: AES encryption with secret key M.C[M]XY
151516Allowed gates in C:+$MC1Multiply in K:Add in K:Coin:Const:Copy:Memory:(Boolean circuits are easily implemented.)
Original circuit161617Transformed circuitC [M ]XYSame underlying gates as in C, plus opaque gate (later).Soundness: for any X,M: C[M](X) = C [M ](X)Transformed state
18
XMModel: single observation in leakage class LY
wiresf(wires)19X0f0 L
Y0f0(wires0)M1M2M3Refreshed stateRefreshed staterefresh state allows total leakage to grow
Model: adaptive observationsX1f1 L
Y1f1(wires1)
X2f2 L
Y2f2(wires2)
20Simulation:
Real:Miindistinguishable
Model: L-secure transformationAdversary learns no more than by black-box access:Xifi LYifi (wiresi)Actual definition little bit more complicated
Simulation:Mi
Xi
Yi202021MMProblem: Adversary learns one bit of the stateSolution: Share each value over many wires [ISW03, generalized]Every value encoded by a linear secret sharing scheme (Enc,Dec)with security parameter t:
Motivating example1-wire probingEnc: K Kt (probabilistic)Dec: Kt K (surjective linear function)
212122b R {0,1}
x0Pr[b = b] - neglfor all x0,x1 K:(Enc,Dec) is L-leakage-indistinguishable ifbLeakage: L-leakage-indistinguishability
Consequence: Leakage functions in L cannot decode
Enc(xb)x122Slow down to absorb notation23For any linear encoding scheme that isL-leakage indistinguishablewe present an L -secure transformationfor any circuit and stateffL Simple functionsThm: transformed circuit can tolerate these leakage functionsAssumption: encoding can tolerate these leakage functionsL Main construction24f
?Enc(x)f AC0? f AC0
DecParitySome known circuit lower bounds imply L-leakage-indistinguishability of encodingshard for AC0depth: 2 size: O(t2)Theoremconst depth and poly size circuits
Unconditional resilience against AC0 leakage
24Similar to encryption indistinguishability security (semantic security)24Is this practical?Not really AC0 not very realistic class of leakage functions sec parameter t has to be large (blow up t2)But AC0 can approximate hamming weight Very powerful adversary (adaptive, statistical security) Make reasonable assumption on power of leakage functions (very important future work!)26C[M]C [M]
Transformation: high levelThe state is encoded: M = Enc(M)Circuit topology is preservedEvery wire is encodedInputs are encoded; outputs are decodedEvery gate is converted into a gadget operating on encodings
27
+
f(wires)Easy to attackNotation:
Computing on encodingsfirst attempt28+
+
f(wires)???
Works well for a single gate... but does not compose.Exponential security loss (for AC0).Computing on encodingssecond attempt use linearity
29MXYSince f can verify arbitrary gates in circuit, wires must be consistent with X and Y.Problem: simulator does not know the state M, so hard to simulate internal wires!Solution: to fool the adversary, introduce a non-verifiable atomic gate.X, fY, f (wires)
Intuition: wire simulation
MYfXwires292930Fool adversary:gate is non-verifiable by functions in L.Opaque gate:Enc(0)Samples from a fixed distribution.No inputsOpaque gate303031Wire simulators advantage:can change output of opaque without getting noticed(L-leakage-indistinguishable)
Using the opaque gateFull transformationfor gate:+
???
Enc(0)
So can simulate this gate independentof all others gates.313132Other gatesSimilar transformation for other gates.The challenging case is the non-linear gate: multiplication.Hard to make leak-resilient; standard MPC doesnt work.Trick: give wire simulator enough degrees of freedom.
Enc(0)
Enc(0)Enc(0)+DecDecDecEnc(0)+
BS
33This property (suitably defined)composes!
If every gadgethas a (shallow) wire simulatorthen the whole transformed circuithas a (shallow) wire simulator.
Wire simulator composability
Security for 1 round follows easily.
For multiple rounds theres extra work due to adaptivity of the leakage and inputs.34Summary of (positive) resultsLinear encoding +leakage classwhich cant decode +leak-free Enc(0) gatesAC0 / ACC0[q] leakage +leak-free 0-parity gatesAny encoding +leakage classwhich cant decode +leak-free gates (relaxed)Noisy leakage +leak-free encoding gates
Public-key encryption + Gen+Dec+Enc gadgets35AchievedNew model for side-channel leakage, which allows global leakage ofunbounded total sizeConstructions for generic circuit transformation,for example, against all leakage in AC0 or noisy leakages.General proof technique + several additional applications.Open problemsMore leakage classes: find a reasonable assumption on the power of leakage functions!Smaller leak-free componentsProof/falsify black-box necessity conjectureCircumvent necessity result (e.g., non-blackbox constructions)Conclusionshttp://eprint.iacr.org/2009/379
top related