Upload
kedem
View
27
Download
1
Embed Size (px)
DESCRIPTION
Public-Key Encryption in the Bounded-Retrieval Model. Speaker: Daniel Wichs. Joël Alwen, Yevgeniy Dodis , Moni Naor , Gil Segev , Shabsi Walfish , Daniel Wichs. Motivation: Leakage-Resilient Crypto. Security proofs in crypto assume idealized adversarial model . - PowerPoint PPT Presentation
Citation preview
PUBLIC-KEY ENCRYPTION IN
THE BOUNDED-
RETRIEVAL MODELJoël Alwen, Yevgeniy Dodis, Moni Naor,
Gil Segev, Shabsi Walfish, Daniel Wichs
Speaker: Daniel Wichs
Motivation: Leakage-Resilient Crypto
Security proofs in crypto assume idealized adversarial model. e.g. adversary sees public-keys, ciphertexts but not secret-
keys.
Reality: schemes broken using “key-leakage attacks”. Side-channels: timing, power consumption, heat, acoustics,
radiation. The cold-boot attack. Hackers, Malware, Viruses.
Usual Crypto Response: Not our problem. Blame the Electrical Engineers, OS programmers…
Leakage-Resilient Crypto: Let’s try to help. Primitives that provably allow some leakage of secret key. Assume leakage is arbitrary but incomplete.
f(sk)
Models of Leakage Resilience
Adversary can learn any efficiently computable function f : {0,1}* {0,1}L of the secret key. L = Leakage Bound.
Relative Leakage Model [AGV09, DKL09, NS09,…].
“Standard” cryptosystem with small keys (e.g. 1,024 bits).
Leakage L is a large portion of key size. (e.g. 50% of key size).
Bounded Retrieval Model [Dzi06,…,ADW09]: Leakage L is a parameter. Can be large.
(e.g. few bits or many Gigabytes).
Increase sk size to allow L bits of leakage. System must remain efficient as L grows:
Public keys, ciphertexts, encryption/decryption times should be small, independent of L.
sk
leak
Why design schemes for the BRM?
Security against Hackers/Malware/Viruses: Attacker can download arbitrary info from compromised
system. Leakage is large, but still bounded (e.g. < 10 GB).
Bandwidth too low, Cost too high, System security may detect. Protect against such attacks by making secret key large.
OK since storage is cheap. Everything else needs to remain efficient!
Security against side-channel attacks: After many physical measurements, overall leakage may
be large. Still may be reasonable that it is bounded on absolute scale. How “bounded” is it? Varies! (few Kb – few Mb).
Prior Work on Leakage Resilience
Restricted classes of leakage functions. Individual bits of memory [CDH+00, DSS01,KZ03]. Individual wires of
comp [ISW03] “Only Computation Leaks Information” [MR04, DP08, Pie09] Low Complexity functions [FRT09]
Does not seem applicable to e.g. hacking/malware attacks. Relative Leakage Model.
Symmetric-Key Authenticated Encryption [DKL09] Public-Key ID, Signatures, AKA [ADW09, KV09] Public-Key Encryption [AGV09, NS09]
Bounded Retrieval Model. Symmetric-Key Identification, Authenticated Key Agreement
[Dzi06,CDD+07] Public-Key ID, “Entropic” Sigs, AKA [ADW09]
This work: Public-Key Encryption (and IBE) in the BRM.
Definition of Leakage-Resilient PKE in BRM
Relative Leakage: 9 L = L(s) for which scheme secure. L should be “relatively large”: maximize ratio of L to|sk|.
BRM: Secure 8 polynomial L = L(s). KeyGen depends on L. Efficiency: 9 polynomial p(s) 8 polynomial L(s):
{pk size, cipher text size, encryption/decryption times} ≤ p(s) Relative Leakage: also maximize ratio of L to |sk|.
Adversary
Challenger(pk,sk) Ã
KeyGen(1s ) pk
f : {0,1}* ! {0,1}L
f(sk)
m0, m1
bà {0,1} cÃEncrypt(mb,pk)
cOutput b’
, L
|Pr[b = b’]- ½| is negligible
Outline of Talk
A template for constructing BRM schemes in 3 easy steps. Explains connection of Public-Key Encryption in BRM to IBE. Highlights main ideas, but is incomplete.
Define Hash Proof Systems (HPS) and Identity-Based HPS. HPS ) leakage-resilient PKE in relative-leakage model [NS09]. IB-HPS ) leakage-resilient IBE in relative-leakage model.
Brief overview of IB-HPS constructions and parameters.
Show how IB-HPS naturally extends to the BRM. Get PKE and IBE schemes in the BRM.
Assume: Have scheme resilient to L’ bits of leakage. Given L, construct scheme resilient to L bits of leakage.
Answer 1: Inflate the security parameter s until L’(s) > L. Answer 2: Parallel-Repetition. Take n copies of the scheme.
Choose n pairs (pk1,sk1),…,(pkn,skn). Set PK = (pk1,…,pkn ) , SK = (sk1,…,skn)
To encrypt under PK: n-out-of-n “secret-share” message: SS(m) = (m1,…,mn). Encrypt each share mi separately ci = Enc(mi, pki). Send C = (c1,…,cn).
Intuition: Scheme should tolerate L = nL’ bits of leakage. If leakage on SK is < L = nL’ bits then leakage on some ski is < L’
bits.
• Wait! That’s not how leakage works!• Learning f(sk’) with L = nL’ bit output NOT the same as learning gi(ski) with L’ bit output.
• Q: Does parallel-repetition amplify leakage-resilience?• A1: No general black-box reduction is possible.• A2: Works if original PKE has extra properties.
• What about efficiency? Does not satisfy BRM.
Template for BRM Schemes:1. Leakage Amplification (via Parallel-Repetition)
Template for BRM Schemes:2. Efficiency via Random-Subset Selection
Encryption Decryption
sk1
sk2
sk3
skn
…
SKPKpk1
pk2
pk3
pkn
…
sk4
sk5
pk4
pk5
n-out-of-n “secret-share” message: SS(m) = (m1,…,mn).Encrypt each share mi under pki.
c1 = Enc(m1, pk1)
cn = Enc(mn, pkn)
c2 = Enc(m2, pk2)c3 = Enc(m3, pk3)c4 = Enc(m4, pk4)c5 = Enc(m5, pk5)
Scheme from last slide
Template for BRM Schemes:2. Efficiency via Random-Subset Selection
Encryption Decryption
sk1
sk2
sk3
skn
…
SKPKpk1
pk2
pk3
pkn
…
sk4
sk5
pk4
pk5
Choose t random key-pairs and only use these to encrypt.
keys={2,4,…,n}
Template for BRM Schemes:2. Efficiency via Random-Subset Selection
Encryption Decryption
sk1
sk2
sk3
skn
…
SKPKpk1
pk2
pk3
pkn
…
sk4
sk5
pk4
pk5
ct = Enc(mt, pkn)
c1 = Enc(m1, pk2)
c2 = Enc(m2, pk4)
Choose t random key-pairs and only use these to encrypt.
t-out-of-t “secret-share” message: SS(m) = (m1,…,mt).Encrypt each share mi under the i th chosen public-key.
Hope: t can be much smaller than n, only proportional to s.Leakage < εL’n means only ε fraction of secret-keys “badly compromised”.
keys={2,4,…,n}
…
Encryption Decryption
sk1
sk2
sk3
skn
…
SKPK = MPK
sk4
sk5
ct = Enc(mt, ID = n)
c1 = Enc(m1, ID=1)
c2 = Enc(m2, ID=4)
keys={2,4,…,n}
…
Template for BRM Schemes:3. Adding a Master Public Key.
• Use Identity-Based Encryption (IBE).• The component secret keys ski correspond to secret-keys for identities i.• The master-secret-key msk of the IBE is only used to generate SK.
Encryption Decryption
sk1
sk2
sk3
skn
…
SKPK = MPK
sk4
sk5
keys={2,4,…,n}
…
Template for BRM Schemes:3. Adding a Master Public Key.
• Scheme meets the efficiency requirements of the BRM.
• Security?• Does not amplify leakage-resilience in general
(counterexample).• Rest of talk: making it work with “special” IBE
constructions.
ct = Enc(mt, ID = n)
c1 = Enc(m1, ID=1)
c2 = Enc(m2, ID=4)
A template for constructing BRM schemes in 3 easy steps. Highlights main ideas, but is incomplete. Explains connection of Public-Key Encryption in BRM to IBE.
Define Hash Proof Systems (HPS) and Identity-Based HPS. HPS ) leakage-resilient PKE in relative-leakage model [NS09]. IB-HPS ) leakage-resilient IBE in relative-leakage model.
Brief overview of IB-HPS constructions and parameters.
Show how IB-HPS naturally extends to the BRM. Use IB-HPS to get PKE and IBE schemes in the BRM.
Outline of Talk
Hash Proof Systems
Simplified presentation as a key-encapsulation scheme: (pk, sk)ÃKeyGen(1s) (c, k)ÃEncap(pk) k’ Ã Decap(c, sk)
Correctness: k = k’ (with overwhelming prob). KEM Security: (pk, c, k) ¼c (pk, c, $)
HPS is a special way to prove KEM security.
Hash Proof Systems
Simplified presentation as a key-encapsulation scheme: (pk, sk)ÃKeyGen(1s) (c, k)ÃEncap(pk) (valid encapsulation) c* Ã Encap*(pk) (invalid encapsulation) k’ Ã Decap(c, sk)
Correctness: k = k’ (with overwhelming prob). KEM Security: (pk, c, k) ¼c (pk, c, $)
HPS is a special way to prove KEM security.
Hash Proof Systems Simplified presentation as a key-encapsulation scheme:
(pk, sk)ÃKeyGen(1s) (c, k)ÃEncap(pk) (valid encapsulation) c* Ã Encap*(pk) (invalid encapsulation) k’ Ã Decap(c, sk)
Correctness: k = k’ (with overwhelming prob). Valid/invalid indistinguishability given sk: (pk, sk, c) ≈c (pk, sk, c*) Decapsulation of an invalid ciphertext c* has statistical entropy:
(m, ½)-Universality: Conditioned on fixed value of pk: H1(sk) ¸ m. 8 sk sk’ Prc*[Decap(c*, sk) = Decap(c*, sk’)] · ½.
Smoothness: for fixed pk, (c*, k*) ¼s (c*, $) where k* Ã Decap(c*, sk). L-Leakage-smoothness: (c*, k*, f(sk)) ¼s (c*, $, f(sk)) where |f(sk)|=L.
Hash Proof Systems
Simplified presentation as a key-encapsulation scheme: (pk,sk)ÃKeyGen(1s) (c, k)ÃEncap(pk) (valid encapsulation) c* Ã Encap*(pk) (invalid encapsulation) k’ Ã Decap(c, sk)
Correctness: k = k’ (with overwhelming prob). Valid/invalid indistinguishability given sk: (pk, sk, c) ≈c (pk, sk,
c*) Decapsulation of an invalid ciphertext c* has statistical entropy:
(m, ½)-Universality: Conditioned on fixed value of pk: H1(sk) ¸ m. 8 sk sk’ Prc*[Decap(c*, sk) = Decap(c*, sk’)] · ½.
Smoothness: for fixed pk, (c*, k*) ¼s (c*, $) where k* Ã Decap(c*, sk). L-Leakage-smoothness: (c*, k*, f(sk)) ¼s (c*, $, f(sk)) where |f(sk)|=L.
Relationship Between Universality/Smoothness/Leakage
• An (m, ½)-Universal HPS with k 2 {0,1}v is “L-Leakage smooth” when L < m – v – (s) , ½ < (1/2v)(1 + negl(s)).
• Any “smooth” HPS with k 2 {0,1}v can be composed with an extractor to get “L-leakage smooth” HPS with L = v - (s).
HPS ) Leakage-Resilient PKE [NS09]
Theorem : A smooth HPS is a good KEM (standard). A L-leakage-smooth HPS is a L-leakage-resilient KEM:
(pk, f(sk), c, k) ¼c (pk, f(sk), c, $) where (c, k) Ã Encap(pk)
Proof:(pk, f(sk), c, k) ¼s (pk, f(sk), c, k’) where (c, k) Ã Encap(pk)
k’ Ã Decap(c, sk) ¼c (pk, f(sk), c*, k’) where c* Ã Encap*(pk)
k’ Ã Decap(c*, sk)
¼s (pk, f(sk), c*, $)
¼c (pk, f(sk), c, $)
Correctness
Valid/Invalid Indistinguishability
Valid/Invalid Indistinguishability
L-Leakage-Smoothness
Example Based on DDH
Params: prime p, group G of order p, generators (g, h)
KeyGen: sk = (a, b) pk = ga hb
Encap(pk): c = (gx, hx) k = (pk)x = gaxhbx
Decap(c, sk): Parse c = (u,v) k’ = uavb Encap*(pk): c* = (gx, hy)
Correctness: If u=gx, v=hx then k’ = (gx)a(hx)b = k. Valid/Invalid indistinguishability follows from DDH. (m,½)-universal for m= log(p), ½ = 1/p. Also smooth.
Need an extractor to get L-leakage-smoothness for L ¼ log(p), L/|sk| ¼ ½.
Generalizes to t generators: m = (t-1)log(p), ½ = 1/p. No extractor! Construction is L-Leakage-smooth for L ¼ (t-2)log(p),
L/|sk| ¼ (1- 2/t) ¼ (1- ²).
Identity-Based HPS (IB-HPS) (mpk, msk) Ã ParamGen(1s) skID Ã KeyGen(ID, msk) (c, k)ÃEncap(ID, mpk) (valid encapsulation) c* Ã Encap*(ID, mpk) (invalid encapsulation) k’ Ã Decap(c, skID)
Valid/Invalid indistinguishability holds for all ID, even if adversary sees “all” identity-secret keys skID (but not msk).
Decapsulation of an invalid ciphertext c* has statistical entropy: (m, ½)-Universality:
Conditioned on fixed value of mpk, msk, ID: H1(skID) ¸ m.
8 skID skID’ Prc*[Decap(c*, skID) = Decap(c*, skID’)] · ½.
L-leakage smoothness: for fixed mpk, msk, ID (f(skID), c*, k*) ¼s (f(skID), c*, $) if |f(sk)|=L.
IB-HPS: Valid/Invalid Indistinguishability
(mpk, msk) Ã ParamGen(1s )
skID
bà {0,1} If b=0, c à Encap(ID)else c à Encap*(ID)
c
Output b’
mpk
ID
Challenge ID
skID
ID
|Pr[b = b’]- ½| is negligible
Identity-Based HPS (IB-HPS)
(mpk, msk) Ã ParamGen(1s) skID Ã KeyGen(ID, msk) (c, k)ÃEncap(ID, mpk) (valid encapsulation) c* Ã Encap*(ID, mpk) (invalid encapsulation) k’ Ã Decap(c, skID)
Valid/Invalid indistinguishability holds for all ID, even if adversary sees the identity-secret keys skID (but not msk).
Decapsulation of an invalid ciphertext c* has statistical entropy: (m, ½)-Universality:
Conditioned on fixed value of mpk, msk, ID: H1(skID) ¸ m.
8 skID skID’ Prc*[Decap(c*, skID) = Decap(c*, skID’)] · ½.
L-leakage smoothness: for fixed mpk, msk, ID (f(skID), c*, k*) ¼s (f(skID), c*, $) if |f(sk)|=L.
IB-HPS ) Leakage-Resilient IBE
Theorem: A “smooth” IB-HPS is a IB-KEM. A “L-leakage-smooth” IB-HPS is a “L-leakage-resilient” IB-KEM.
Allows leakage from secret-keys of all identities, but not the master secret key.
Allows us to construct leakage-resilient IBE.
Proof is analogous to the non-identity-based setting.
A template for constructing BRM schemes in 3 easy steps. Highlights main ideas, but is incomplete. Explains connection of Public-Key Encryption in BRM to IBE.
Define Hash Proof Systems (HPS) and Identity-Based HPS. HPS ) leakage-resilient PKE in relative-leakage model [NS09]. IB-HPS ) leakage-resilient IBE in relative-leakage model.
Brief overview of IB-HPS constructions and parameters.
Show how IB-HPS naturally extends to the BRM. Get PKE and IBE schemes in the BRM.
Outline of Talk
Constructions
Three constructions of IB-HPS based on prior IBE schemes. [Gen06]: Using “bilinear groups.
Based on the “q-TABDHE” assumption in the standard model. Leakage-resilient IBE with relative-leakage ¼ ½.
[BGH07]: Based on “quadratic residuosity”. Requires Random Oracles or an “interactive assumption”. Only 1 bit of entropy in identity-secret-key. No leakage in IBE. Fixed with BRM transformation (stay tuned).
[GPV08]: Based on lattices and the LWE problem. Requires Random Oracles or an “interactive assumption”. Leakage-resilient IBE with relative-leakage ¼ (1-²). [AGV09]
All schemes are “smooth” and (m,½)-universal for m¸ 1, ½ · ½.
A template for constructing BRM schemes in 3 easy steps. Highlights main ideas, but is incomplete. Explains connection of Public-Key Encryption in BRM to IBE.
Define Hash Proof Systems (HPS) and Identity-Based HPS. HPS ) leakage-resilient PKE in relative-leakage model [NS09]. IB-HPS ) leakage-resilient IBE in relative-leakage model.
Brief overview of IB-HPS constructions and parameters.
Show how IB-HPS naturally extends to the BRM. Use IB-HPS to get PKE and IBE schemes in the BRM.
Outline of Talk
Leakage Amplification of IB-HPS
IB-HPS with small leakage ) IB-HPS with BIG leakage. Map n “identities” in small scheme to single identity in BIG
scheme. Secret-keys in BIG scheme consists of n “components” small
keys. To encapsulate: select random “t-out-of-n” small identities.
Encapsulate to each one separately. Apply a “universal-hash-function” g to symmetric-keys k1,…, kt.
ID = “Bob”ID = “Bob_1”sk1
sk2
sk3
skn
…
sk4
sk5
ID = “Bob_2”
ID = “Bob_n”
SK for Bob
Encap: S=(S1,…,St) 2 [n]t
(ci, ki) Ã Encap(“Bob_”Si)g: universal hashC = (S, c1,…,ct, g) K = g(k1,…,kt)
Leakage Amplification of IB-HPS
Assume: we start with (m, ½)-universal IB-HPS, for constant ½ < 1.
Theorem: For any constant ² >0, there exists a t = O(s) such that construction is L-leakage smooth for L = (1-²)nm – s.
Proof: Identity-secret-keys in construction have H1(SK) = nm.
Universal? No! If keys differ in a single component thenPrc*[Decap(C*, skID) = Decap(C*, skID’)] is high.
ID = “Bob”ID = “Bob_1”sk1
sk2
sk3
skn
…
sk4
sk5
ID = “Bob_2”
ID = “Bob_n”
SK for Bob
Encap: S=(S1,…,St) 2 [n]t
(ci, ki) Ã Encap(“Bob_”Si)g: universal hashC = (S, c1,…,ct, g) K = g(k1,…,kt)
“Approximate” Leftover-Hash Lemma
New notion: “approximately universal” hashing. Any two values that are “far enough” in Hamming distance
are unlikely to collide. “Approximate” Leftover-Hash Lemma generalizes LHL.
Need extra log (volume of Hamming ball) entropy over LHL. Easy to show: construction is “approximately universal”.
ID = “Bob”ID = “Bob_1”sk1
sk2
sk3
skn
…
sk4
sk5
ID = “Bob_2”
ID = “Bob_n”
SK for Bob
Encap: S=(S1,…,St) 2 [n]t
(ci, ki) Ã Encap(“Bob_”Si)g: universal hashC = (S, c1,…,ct, g) K = g(k1,…,kt)
Putting it all together…
Theorem: Assume there exist (m,½)-universal IB-HPS with m¸ 1 and ½ < 1. Then there exists PKE (and IBE) schemes in the BRM.
For any ² > 0: Secret-key size can be made as small as |SK| = (1+ ²)(|sk|/m)L Relative leakage as large as L/|SK| = (1- ²)m/|sk|.
No matter what the leakage bound L is: Public-key size |PK| is the same as |mpk|. Ciphertext size, encryption/decryption times differ by an O(s)
factor from those of the small scheme.
Extensions
Smaller ciphertexts in BRM. Anonymous encapsulation (property of QR, Lattice schemes):
Sample ciphertext c and “witness” w independently of ID. Using witness w, can compute symmetric-key k for any ID.
Gives us anonymous IBE. In BRM construction, only need to send one ciphertext c.
We get different “approximately universal” parameters. Only good for QR scheme.
CCA security. Generic Naor-Yung paradigm preserves leakage [NS09] and
BRM efficiency. Efficient CCA secure leakage-resilient IBE based on [Gen06].
Relative leakage is (1/6 - ²).
Parameters
Scheme Assumption
Relative
Leakage
CT Expansi
on
Locality
BilinearGroups[Gen06]
ABDHE 1/2 O(s) O(s)
QuadraticResidu
osity[BGH07]
QR + RO
1/O(s) O(1) O(s)
Lattices[GPV08]
LWE + RO
(1-²) O(s) O(s)
Open Questions
Does PKE in BRM require IBE? Or at least some simplified version of it?
Is there a counterexample to parallel-repetition amplifying leakage-resilience of PKE? (no random-subsets, IBE).
More constructions of IB-HPS. Can we get best of all worlds? No RO, (1- ²)-relative-leakage, anonymous encapsulation.
Efficient CCA secure PKE in BRM without RO and large relative-leakage.
Thank You!
Questions?