protecting circuits from leakage the computationally bounded and noisy cases
DESCRIPTION
Protecting Circuits from Leakage the computationally bounded and noisy cases . Eurocrypt 2010, Nice. KU Leuven. Sebastian Faust. Joint work with. Tal Rabin. IBM Research. Leo Reyzin. Boston University. Eran Tromer. MIT. Vinod Vaikuntanathan. IBM Research. Th e Dilemma… . - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/1.jpg)
Protecting Circuits from Leakage
the computationally bounded and noisy cases Sebastian Faust
Eurocrypt 2010, Nice
Joint work with
KU Leuven
Tal RabinLeo ReyzinEran TromerVinod Vaikuntanathan
IBM ResearchBoston UniversityMITIBM Research
![Page 2: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/2.jpg)
2
The Dilemma…
KX Y
Standard security analysis:
Controls inputs/outputs, e.g. CPAComputation completely unknown
KX Y
Attacking the implementation:
inputkey
output
Adversary obtains leakage
Use physical observations: e.g. power consumption, timing,… Completely break crypto schemes!
implement
![Page 3: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/3.jpg)
3
Countermeasures?
Hot topic:ISW03, MR04, DP08, P09, AGV09, ADW09, KV09, DKL09,… Many more citations in the paper
• We may try to defeat specific attacks, e.g. power analysis, timing attacks,…
• Or we can try to go for a broad class!
Most other work: Security of specific schemeThis work: How to securely implement any scheme?
![Page 4: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/4.jpg)
4
How to extend the standard model?K
Modeled by a leakage function fAdversary obtains leakage f(state)
Real-life leakages don’t leak complete key
Power consumption: e.g. f(st) ≈ Hamming weight of wires in circuit
Arbitrary leakage function? No… e.g.: f(st) = K means no securitySome restrictions are necessary
X Y
Probing: f(st) = some bits of state
![Page 5: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/5.jpg)
5
Restrictions: Bounded leakage
Bounded total leakageK
…f(st)
K
f(st)
K
f(st)
e.g. used to model cold boot attacks
Continuous leakage
Amount of leakage << length of key K Bounded per observation , but:
total leakage >> |K|
![Page 6: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/6.jpg)
6
Restrictions: Bounded leakage
Bounded total leakageK
…f(st)
K1
f(st1)
Kn
f(stn)
Bounded per observation, but: total leakage >> |K|
e.g. power analysis
Continuous leakage
requires refreshing of key: K Kie.g. used to model cold boot attacks
Amount of leakage << length of key K
![Page 7: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/7.jpg)
7
Restrictions: Local vs. Global
Local leakage Global leakage
e.g. probing: leakage is oblivious to most of the computation
e.g. power analysis: power consumption
depends on all computation
![Page 8: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/8.jpg)
8
Restrictions: Weak/Noisy vs. PPT (requires bounded leakage)
Weak or Noisy leakageK
f є L = {computationally weak functions}Leakage can be described by “simple” aggregated functionIs this reasonable? Yes! E.g. probing, power consumption…
f(st)weak
![Page 9: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/9.jpg)
9
Weak or Noisy leakageK
f(st)
K
f(st)
f є L = {Noisy functions}:Leakage is a noisy function of the secret key
Restrictions: Weak/Noisy vs. PPT (requires bounded leakage)
weaknoisy
![Page 10: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/10.jpg)
10
Weak or Noisy leakageK
f(st)
K
f(st)
Powerful!Powerful!
Restrictions: Weak/Noisy vs. PPT (requires bounded leakage)
weaknoisy
![Page 11: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/11.jpg)
11
Weak or Noisy leakageK
f(st)
K
f(st)
Polynomial-time leakageK
f(st)
f є L = {PPT functions} Leakage is arbitrary PPT function
Restrictions: Weak/Noisy vs. PPT (requires bounded leakage)
Powerful!Powerful!
weaknoisy PPT
Probably stronger than leakage in reality
![Page 12: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/12.jpg)
12
Q: Is there computation that can be protected against global, continuous, but
weak or noisy leakage?
A challenge…
A: Any Computation!If we have a simple leak-free component
Reduce some complex computation to very simple shielded component [MR04]
![Page 13: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/13.jpg)
13
Earlier work: Ishai, Sahai, Wagner ‘03
Main drawback: No proof of security for global functions, e.g. Hamming Weight
Q: Is there computation that can be protected against global, continuous, but
weak or noisy leakage?
A: Any Computation!
localprobing
![Page 14: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/14.jpg)
14
1.Circuit Compilers2.Our Result
Rest of this talk…
![Page 15: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/15.jpg)
15
Circuit compiler:
C‘ with K‘ has same functionality as C with K
K
X YC
YX
K’C’
Circuit compilers
Is resistant to continuous leakages from some large function class L (Security Definition by Simulation)
Input: description of arbitrary circuit C and key K
Functionality preserving:
Uses same gates as CTransformed circuit C‘:
+ leak-free gate (later more)
Output: description of transformed circuit C‘ and key K‘
![Page 16: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/16.jpg)
16
Our Result
Theorem 1: A compiler that makes any circuit resilient to computationally weak leakages.
Set of leakage functions L can be large, but they cannot compute a certain linear functionOne example:
AC0 = Const depth and poly size circuits of Λ or V gates.
What does this mean?
L = AC0 L cannot compute linear function parity!
![Page 17: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/17.jpg)
17
Our Result
Theorem 2: A compiler that makes any circuit resilient to noisy leakages.
What does this mean?
Leakages are {wirei + noise ƞi}- ƞi = 0, with probability 1-p - ƞi = 1, with probability p
Both compilers assume leak-free gates in transformed circuit!
![Page 18: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/18.jpg)
18
Leak-free gates
Leak-free processor: oblivious RAM(1)
Many previous usages in leakage-resilience:
Leak-free memory: “only computation leaks”, one-time programs(2)
Our leak-free gate is: Small & simple: Much smaller than size of Stateless: No secrets are stored Computation independent: No inputs
For Theorem 1: random t-bit string (b1,…,bt) with parity 0
(1) [G89,GoldOstr95], (2) [MicRey04], [DziPie08], [GoldKalRoth08]
For Theorem 2: above properties, but a bit more complicated
![Page 19: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/19.jpg)
19
Compiler: high-level
C
M
● +
●
● +
C●
MCircuit topology is preserved
1. Memory: Encoded memoryBit b e.g. “Parity” encoding”:
uniform t-bit string (b1…bt) with parity b
![Page 20: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/20.jpg)
20
Compiler: high-level
C
M
● +
●
● +
C●
M
2. Each wire w Wire bundle that carries the encoding of w, e.g. a t-bit string with parity w
![Page 21: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/21.jpg)
21
Two key properties of our encoding
Let (a1,…at) and (b1,…bt) be bit strings with parity 0 and 1 (resp.)
f(a1,…at) or f(b1,…bt)
2. Noise indistinguishable [XOR Lemma]
(a1+ƞ1,+…at+ƞt) or (b1+ƞ1,…bt+ƞt) ??
in AC0in AC0
Flip each bit with prob. p
1. L=AC0 indistinguishable [Has86,DubrovIshai06]
??
![Page 22: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/22.jpg)
22
Compiler: high-level
C
M
● +
●
● +
C●
M
3. Gates Gadgets: built from normal gates and leak-free gates and operate on encodings
Properties of the encoding do not suffice for security!
![Page 23: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/23.jpg)
23
Conclusion
Two circuit compilers ….
global leakages: i.e. leakage can depend on all the computation, all intermediate results,…
continuous leakage: the amount of leakage over time is unbounded
- eliminate leak-free gates
compile any circuit
Open problems:
- For security parameter t: blow-up ≈ t2
![Page 24: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/24.jpg)
24
Thank you!
![Page 25: Protecting Circuits from Leakage the computationally bounded and noisy cases](https://reader036.vdocuments.us/reader036/viewer/2022062812/56816379550346895dd4580d/html5/thumbnails/25.jpg)
25
Simulation: Real:
indistinguishable
L-Security: Simulation [ISW03]
Intuition: Adversary learns no more than by input/output access
X1f1 ∈L
Y1f1 (wires1)
Simulation:K1
X1Y1
…
K’1
Xnfn ∈L
Ynfn (wiresn)
K’n
…
refresh key
Can e.g. be some low complexity function class