Cryptography Lecture 5 Stefan Dziembowski [email protected].
NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski,...
-
Upload
jaquelin-boucher -
Category
Documents
-
view
213 -
download
0
Transcript of NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski,...
NON-MALLEABLE CODESAND
TAMPER-RESILIENT SECURITY
( ICS 2010 )
Joint work with:Stefan Dziembowski, Krzysztof Pietrzak
Speaker: Daniel Wichs
Physical Attacks
Leakage: Adv observes physical output of the device.
Tampering: Adv modifies internal state and interacts with tampered device.
Example
Signature infrastructure using secure tokens (no PKI).
All tokens have the same secret signing key sk.
Each token has a unique userID. On input message m, token signs (userID,
m).
(userID, sk)
m Signsk(userID, m)
Example:
Can we attack scheme with simple physical attacks?
Attack 1 (RSA sig): Leaking a random 27% of bits of RSA key lets you factor! [HS09]
Attack 2 (RSA sig): Introduce single faulty bit during signing. Use resulting sig to factor the RSA modulus. [BDL97]
Attack 3 (any sig): Eve tampers userID = “Eve” to userID = “Eva” by flipping a few bits. Impersonates Eva.
Signsk(userID, m)
Lessons from Example
Tampering attacks can be just as devastating as leakage attacks.
Cannot only focus on tamper-resilience for cryptographic primitives.
Algorithmic Protection
Want: A general compiler that takes a circuit G with state s and creates a circuit G’ with state s’ such that: (G, s) acts the same as (G’, s’) Tampering with (G’, s’) via some well-
defined family F of attacks is useless.
Algorithmic Protection
Tampering of memory and computation
Tampering of memoryGLMMR04
IPSW06
Circuit
Memory
input outputCircui
t
Memory
input output
This talk
Algorithmic Protection
Q: Why study tampering of (only) memory? Simpler. Need to understand it first. Leads to a very natural coding-theory
question of independent interest. Might be reasonable in practice.
Code-based Solution
CircuitG’
c = Enc(s)
Decode s= Dec(c).Evaluate G(s).
G’=
CircuitG
s
Original Functionality (G, s)
Compiled Functionality (G’, c)
Talk Outline
Definition of non-malleable codes.
General (im)possibility results for nm-codes.
Efficient non-malleable codes. Bit-wise independent tampering. Results in the RO model.
Application to tamper-resilient security: Formal model of tamper-resilience. Application of non-malleable codes. Comparison to prior work.
Coding Schemes
Encoding can be randomized: c = Enc(s;r).
Correctness: Dec(Enc(s)) = s with probability 1.
Encs csource messagecodeword
randomizedencoding
Decdecoding
s
decoded message
The “Tampering Experiment”
Enc Decs csource message
c*
s*
decoded message
Tampering function f 2 F chosen adversarially.
Independent of randomness of encoding.
F={ },f1 f2
, f3
tamper
f
=f(c)
The “Tampering Experiment”
Goal: For “interesting” families F, design coding scheme (Enc, Dec) which provides “meaningful guarantees” about the outcome s*.
Enc Decs c c*
s*
tamper F
Error-Correction
Error-Correction: require that s* = s
Error-Correcting Codes for Hamming Distance: The family F = {f s.t. 8 x dist(x, f(x)) < d }
No randomness in Enc.
Limitations: Cannot be achieved for even small/simple families F. (e.g. even the single function f that maps all values to 0).
Enc Decs c c*
s*
tamper F
Error-Detection
Error-Detection: require that s* 2 {s, ?} (with overwhelming probability).
Problem: Might learn something about s if s* = ?.
Limitation: Cannot be achieved for some even small/simple families F. (e.g. family all “constant” functions fc(x) = c).
Enc Decs c c*
s*
tamper F
New notion: Non-Malleability
Non-Malleability: either s*= s or s* is “unrelated” to s. Analogous to non-malleability in cryptography [DDN91].
Harder to define formally (stay tuned). Examples of “malleability”:
The value s* is same as s, except with 3rd bit flipped. If s begins with 0, then s* = s. Otherwise s* = ?.
Hope: non-malleability achievable for many rich families F.
Enc Decs c c*
s*
tamper F
Defining Non-Malleability (Attempt 1)
Tampering via f 2 F does not reveal information. Can answer following without knowing s: Does your tampering change the codeword c? If so, what is new message s* = Dec(c*).
c à Enc(s0) c* à f(c)
If c* = c say “same”
else say Dec (c*)
¼
Definition: A code (Enc, Dec) is non-malleable w.r.t. a family F if 8 f 2 F 8 s0, s1: c à Enc(s1)
c* Ã f(c) If c* = c say
“same”else say Dec (c*)
Problem: Unnecessarily strong! Not satisfied by error-correcting codes.
Defining Non-Malleability
s* Ã Df
if s* = “same” output s
else output s*.
s* Ã Dec ( f(Enc(s)) ) ¼
Definition: A code (Enc, Dec) is non-malleable w.r.t. a family F if 8 f 2 F 9 simulator Df such that 8 s:
Tampering via f 2 F does not reveal information. Can “simulate” the answer to following questions: Did the message s stay the same? If no, what is the new message s*?
Talk Outline
Definition of non-malleable codes.
General (im)possibility results for nm-codes.
Efficient non-malleable codes. Bit-wise independent tampering. Results in the RO model.
Application to tamper-resilient security: Formal model of tamper-resilience. Application of non-malleable codes. Comparison to prior work.
General Impossibility Non-Malleability
For every coding scheme (Enc, Dec) there exists a single function f, for which the scheme is malleable. f(c) = Enc(Dec(c) + 1). Bad f depends heavily on (Enc, Dec).
Corollaries: No coding scheme (Enc, Dec) (with n bit codewords),
is non-malleable w.r.t. Fall = { all f : {0,1}n ! {0,1}n }. No efficient coding scheme is non-malleable w.r.t. all
efficient functions.
General Possibility of Non-Malleability
For every “small enough” family F, there exists a nm-code w.r.t F.
“small enough” F: log(log(|F|)) < n.Note: log(log(|Fall|)) = n + log(n).
Theorem:
Proved using the probabilistic method. Not efficient…
Use “random code” with k-bit messages and n-bit codewords. Choose the function Dec : {0,1}n ! {0,1}k uniformly at
random. Define Enc(s) to sample uniform {c s.t. Dec(c) = s}.
For any fixed family F, a “random code” is non-malleable w.r.t. F with overwhelming probability if:
n > log(log (|F|)) + 3k
Notice: rate is 1/3, even for small F. Optimality?
Question: What can we do efficiently?
General Possibility of Non-Malleability
Talk Outline
Definition of non-malleable codes.
General (im)possibility results for nm-codes.
Efficient non-malleable codes. Bit-wise independent tampering. Results in the RO model.
Application to tamper-resilient security: Formal model of tamper-resilience. Application of non-malleable codes. Comparison to prior work.
Bit-wise independent tampering
Every bit of the codeword can be tampered arbitrarily, but independently of the value of other bits.
Tampering functions f = (f1,…,fn) and f(c) = f1(c1),…,fn(cn). fi : {0,1} ! {0,1} can be arbitrary.
Four options for each fi : “keep”, “flip”, “set to 0”, “set to 1”.
Bit-wise independent tampering contains: All constant functions: fc(x) = c (only “set to 0/1”). All “constant error” functions : f¢(x) = x + ¢ (only
“keep/flip”).
Tool 1: AMD Codes
Algebraic Manipulation Detection codes: [CDFPW08] A coding scheme (AE, AD) is AMD code if for any s, ¢ 0
Pr[AD( AE(s) + ¢) ?] = negligible.
Achieves error-detection for “keep”/“flip” . Does not protect against “set to 0”/“set to 1”.
Definition:
Tool 2: Secret Sharing
LECSS: Linear Error-Correcting Secret Sharing (SSE, SSD). Linearity: SSE(s1 + s2) = SSE(s1) + SSE(s2) t-Privacy: Any t bits of SSE(s) are mutually
random. d-Distance: Any c 0 s.t. weightH(c) < d,
SSD(c) = ?.
Definition:
Bit-wise independent tampering:Construction
Given:• AMD code (AE, AD).• LECSS (SSE, SSD) with d/n > ¼ and t = !(log(n)).
The code:Enc(s) = SSE( AE(s) ) , Dec(c) = AD( SSD(c) )
is non-malleable for bit-wise independent tampering.
Theorem:
Bit-wise independent tampering: Proof
4 cases based on q= # of fi that are “set to 0”/”set to 1”
s
AMDCode
LECSS
c c* = f(c)f
Set to 0Set to 1
keep
Set to 0
flip
flip
01
c3 +0
0
c5 + 1
c6 + 1
c1
c2
c3
c4
c5
c6
Bit-wise independent tampering: Proof
Case 1: n - t · q : Just samples Dec(c*). OK since c* is completely unrelated to s (t-
privacy).
s
AMDCode
LECSS
c c* = f(c)
Set to 0/1
Keep/flip Uniformly random!
Bit-wise independent tampering: Proof
Case 2: n/2 · q < n - t: Just outputs ?. Unlikely that DSS(c*) ?. (distance/privacy).
s
AMDCode
LECSS
c
Set to 0/1
Keep/flip
c* = f(c)
• t-wise independent.
• few valid codewords.
Bit-wise independent tampering: Proof
Case 3: t · q < n/2: Just outputs ?. Consider ¢ = c* - c. Same argument as previous
case (linearity).
s
AMDCode
LECSS
c
Set to 0/1
Keep/flip
¢ = c* - c
• t-wise independent.
• few valid codewords.
Bit-wise independent tampering: Proof
Case 4: q · t: Samples DSS(¢). If 0 output “same” else ?. ¢ is independent of AMD randomness. If ¢ 0 AMD code rejects.
s
AMDCode
LECSS
cs’
Set to 0/1
Keep/flip
• Uniformly random!
¢ = c* - c
Bit-wise independent tampering:Instantiation
Recall, instantiation needs: LECSS (SSE, SSD) with distance d/n > ¼ and t = !(log(n)). AMD code (AE, AD)
AMD codes with extremely high rate [CDFPW08]. LECSS schemes?
Ramp version of Shamir secret sharing does not get d/n > ¼.
Use random linear code. (d = distance, t = dual distance). Not explicit, but efficient: we never need to correct errors!
Parameters: Rate of final instantiation of (Enc, Dec) isk/n ¼ (1-H(.25)) ¼ .19
Optimality?
Non-malleable Codes in the Random Oracle Model
Can we instantiate a random code efficiently?
Use a cryptographic hash function modeled as a Random Oracle. Cheat: gives us an “efficient” way to compute a random function. Also give this power to the adversary, tampering functions f.
Each bit of f(c) depends on some subset (e.g. 90%) of the bits of c.
In the RO model, get efficient nm-codes for any “small family” F, which is “closed under oracle access”.
(Access to an oracle does not change the family)
Theorem:
Talk Outline
Definition of non-malleable codes.
General (im)possibility results for nm-codes.
Efficient non-malleable codes. Bit-wise independent tampering. Results in the RO model.
Application to tamper-resilient security: Formal model of tamper-resilience. Application of non-malleable codes. Comparison to prior work.
Tamper-Resilient Security
CircuitG’
c = Enc(s)
Decode s= Dec(c).Evaluate G(s).
G’=
CircuitG
s
Original Functionality (G, s)
Compiled Functionality (G’, c)
Tamper-Resilient Security
CircuitG’
c = Enc(s)
CircuitG
s
Original Functionality (G, s)
Compiled Functionality (G’, c)
Tamper: f 2 F
adv
Tamper-Resilient Security
CircuitG’
c*
CircuitG
s
Original Functionality (G, s)
Compiled Functionality (G’, c)
Tamper: f 2 F
adv
Tamper-Resilient Security
CircuitG’
c*
CircuitG
s
Original Functionality (G, s)
Compiled Functionality (G’, c)
Tamper: f 2 F
Input x Output y
adv
State is re-encoded (reactive)
Input x Output y
Simulator
¼
Tamper-Resilient Security
Theorem: If (Enc, Dec) is non-malleable w.r.t. F then our compiler is tamper-resilient w.r.t. F
Comparison to Prior Work
Same assumption: tampers memory, but not computation. Main solution: use signatures.
Sign the state. Verify signature on each invocation. If fail, stop working.
Does not satisfy our definition of tamper-resilient security. e.g. Set the first bit of state to 0. See if device stops working. Works for signature/encryption scheme (limitations).
Device cannot update its state (requires secret key). Allows all efficient tampering strategies!
Algorithmic Tamper-Proof Security [GLMMR04]
Comparison to Prior Work
Stronger model: adversary can tamper with the wire-values during a computation of a circuit.
Same strong definition of security using a simulator.
Limited to tampering functions which only modify some small subset of the wires (or set wires to 0).
Private Circuits (II) [IPSW06]
Conclusions
Define non-malleable codes.
Construct non-malleable codes for: All “small” families of tampering function (inefficient). Bit-wise independent tampering (efficient). Complex families closed under oracle access. (efficient in RO
model).
Connect non-malleable codes to tamper-resilient security.
Open Questions: More efficient constructions of non-malleable codes for other
families. Optimal rates? Results in the stronger model of [ISPW06].