Leakage-resilient Signatures

Leakage-resilient Signatures

Vinod Vaikuntanathan(IBM)

Jonathan Katz(IBM & Univ. of Maryland)

Leakage-resilient Crypto

Crypto Device

Secret-Memory=SK+…

L

L(SM)

L: any polynomial-size circuit

1. What leaks?

2. How much?

L(SK) Secret-Key

[MR’03,DP’08,P’09,AGV’09,…]

[Riv’97,B’99,CDH+’00,ISW’03,FRT’09,RV’09]

L: smaller class of circuits

Models of Leakage

Computational Leakage

[MR’03]

Memory Leakage

[HSH+’08, AGV’09]

What leaks?

“All secret memory leaks”

“Only computation

leaks information” Bounde

dContinua

lTotal leakage

< α(|secret|)

Leakage in any time-period < α(|

secret|)

How much?

Models of Leakage

Computational Leakage

[MR’03]

Memory Leakage

[HSH+’08, AGV’09]

Bounded

Continual

[AGV’09, NS’09, ADW’09]

This Work

[MR’03, DP’08,P’09,FKPR’09]

Leakage-Resilient Signatures

GMR-security

AdvL

L(SK)

PK

against bounded α(.)-memory attacks

mSign(m)

(m*,σ*)

For every PPT Adv, if |L(SK)| ≤ α(|SK|), Pr[Adv wins] is negligible.

Comp. Leakage

Memory Leakage

Bounded

Continual

[ADW’09]

[FKPR’09]

[ADW’09]Bounded (1/2-ε)n memory leakage, in random oracle

model[FKPR’09]Continual α(n) comp. leakage, assuming 2α(n)-hardness

Leakage-Resilient Signatures

Our Results

A New Scheme GMR-secure

Assumption: Semantically secure enc. + NIZK

(1-ε) fraction leakage,∀ε>0

An Old Scheme (+ tweaks)

≈ 1/4 fraction leakage Assumption: One-way functions

one-time signature (generally, t-time)

Setting: bounded, memory leakage

(and more…)

Our Results

Theorem

[FKPR’09]Bounded α(n) leakage ⇒ Continual α(n)/3 comp. leakage (3-time sig) (fully-secure

sig)

Computational

Leakage

Memory

Leakage

Bounded

Continual

This Work

This Work +

[FKPR’09]

Leakage-resilient One-way Functions

Definition:Hard to invert f given L(x), for any L s.t. |L(x)| ≤ α(n).

Lemma: Any UOWHF is a leakage-resilient OWF.

“Proof”: (for CRHFs)- h:{0,1}n → {0,1}n/2 is a CRHF- L:{0,1}n → {0,1}n/2-1 is any leakage function- x has min-entropy n/2 given h(x)- x has min-entropy ≥ 1 given h(x) and L(x)- Given h(x) and L(x), an inverter returns x'≠x w.p ≥ 1/2

Fully-secure Signature

Sign(m):

Assumptions:

SK: PK:x є {0,1}n

(h, h(x), PKenc, CRSnizk)

UOWHF+Public-key Encryption+Simulation-sound NIZK [BFM,Sahai]

C = Enc(PKenc,(x,m))Π = Proof in SS-NIZK that “∃x s.t PK contains h(x) and C is the enc. of (x,m)”Output (C, Π).

Proof of Security

Signature contains no (computational) info. on SK

Three Ideas:

AdvL(x)PK=(h,h(x),…)

m

σ=(Enc(x,m),Π)

(m*,σ*

)

- NIZK proof Π is simulatable- Enc(x,m) ≈c Enc(0,m)

σ=(Enc(0,m),Π)

Proof of Security

Signature contains no (computational) info. on SK

Three Ideas:

AdvL(x)PK=(h,h(x),…)

(m*,σ*

)

Forgery ⇒ extract a secret-key.

σ* contains Enc(x*,m*)where h(x*)=h(x)

- simulation-soundness

Proof of Security

Signature contains no (computational) info. on SK

Three Ideas:

AdvL(x)PK=(h,h(x),…)

x* s.t. h(x*)=h(x)

Forgery ⇒ extract a secret-key.- simulation-soundness

Proof of Security

Signature contains no (computational) info. on SK

Three Ideas:

AdvL(x)PK=(h,h(x),…)

x* s.t. h(x*)=h(x)

Forgery ⇒ extract a secret-key.

UOWHF = Leakage-resilient OWF.Contradiction.

A Recipe?

H∞[SK given Adv’s view] is non-zero Forgery ⇒ extract a

secret-key Finding two SK’s for a PK is an “attack”

Leakage-resilientSignature

Given signature scheme s.t.

One-time Signature

Sign(m1…mn) = (x1,0 x2,1 … xn,0)=01…0

xn,0x1,0 x2,0

Assumption: OWF f

SK: PK:x1,1

…… xn,1x2,1

y1,0y1,1

… yn,0… yn,1

y2,0y2,1

(where yi,j = f(xi,j))(xi,j unif. random)

Q: Is Lamport leakage-resilient?

(based on Lamport’78)

One-time Signature

Sign(01…0)

Leakage

+

Sign(11…0)

!

xn,0x1,0 x2,0

Assumption: OWF f

SK: PK:x1,1

…… xn,1x2,1

y1,0y1,1

… yn,0… yn,1

y2,0y2,1

(based on Lamport’78)

xn,0x1,0 x2,0

Assumption: OWF f

SK: PK:x1,1

…… xn,1x2,1

y1,0y1,1

… yn,0… yn,1

y2,0y2,1

One-time Signature

Sign'(m) =

Sign(ECC(m))

(based on Lamport’78)

One-time Signature

Sign'(m) =

Sign(ECC(m))

xn,0x1,0 x2,0

Assumption: OWF f

SK: PK:x1,1

…… xn,1x2,1

y1,0y1,1

… yn,0… yn,1

y2,0y2,1

Still insecure:Consider f(x) that ignores 99% of x; outputs OWF(1% of x).Solution: Let f be a leakage-resilient OWF (=UOWHF)

(based on Lamport’78)

xn,0x1,0 x2,0

Assumption: UOWHF h (=OWF [NY,R])

SK: PK:x1,1

…… xn,1x2,1

y1,0y1,1

… yn,0… yn,1

y2,0y2,1

One-time Signature

Sign'(m) =

Sign(ECC(m))

(based on Lamport’78)

An Open Question

Computational

Leakage

Memory

Leakage

Bounded

Continual

This Work

This Work +

[FKPR’09]

This Work:

Bounded, memory leakage+FKPR’09

:Continual, computational

leakageBest of both worlds?

?

Thanks!