Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.

Slides:

Advertisements

Similar presentations

Merkle Puzzles Are Optimal

Advertisements

Quantum Software Copy-Protection Scott Aaronson (MIT) |

Tight Lower Bounds for the Distinct Elements Problem David Woodruff MIT Joint work with Piotr Indyk.

Invertible Zero-Error Dispersers and Defective Memory with Stuck-At Errors Ariel Gabizon Ronen Shaltiel.

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

EXPLICIT NON-MALLEABLE CODES RESISTANT TO PERMUTATIONS Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta Maji (UCLA), Omkant Pandey (UIUC), Manoj Prabhakaran.

PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 25. FEB 2014 CONTINUOUS NON-MALLEABLE CODES JOINT WORK WITH SEBASTIAN FAUST, JESPER.

Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,

PRATYAY MUKHERJEE Aarhus University Joint work with

Dan Boneh Message integrity Message Auth. Codes Online Cryptography Course Dan Boneh.

Circuits Resilient to Additive Manipulation with Applications to Secure Computation Yuval Ishai Technion Daniel Genkin Manoj Prabhakaran Amit Sahai Eran.

Ran Canetti, Yael Tauman Kalai, Mayank Varia, Daniel Wichs.

Multiplicity Codes Swastik Kopparty (Rutgers) (based on [K-Saraf-Yekhanin ’11], [K ‘12], [K ‘14])

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Off-the-Record Communication, or, Why Not To Use PGP

Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.

Secure Evaluation of Multivariate Polynomials

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

The Hash Function “Fugue” Shai Halevi William E. Hall Charanjit S. Jutla IBM T. J. Watson Research Center.

A Rate-Optimizing Compiler for Non- malleable Codes against Bit-wise Tampering and Permutations Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta K.

LEAKAGE and TAMPER Resilient Random Access Machine (LTRAM) Pratyay Mukherjee Aarhus University Joint work with Sebastian Faust, Jesper Buus Nielsen and.

NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.

PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 28. MARCH 2014 NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014.

TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)

1 Adaptive Witness Encryption and Asymmetric Password-based Cryptography PKC 2015 March 31, 2015 Mihir Bellare UC San Diego Viet Tung Hoang University.

Lecture 40 CSE 331 Dec 11, Announcements Solutions to HW 10 and graded HW 9 at end of the lecture Review session on Monday: see blog for details.

Codes for Deletion and Insertion Channels with Segmented Errors Zhenming Liu Michael Mitzenmacher Harvard University, School of Engineering and Applied.

Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.

1 How to securely outsource cryptographic computations Susan Hohenberger and Anna Lysyanskaya TCC2005.

Code and Decoder Design of LDPC Codes for Gbps Systems Jeremy Thorpe Presented to: Microsoft Research

CS555Spring 2012/Topic 41 Cryptography CS 555 Topic 4: Computational Approach to Cryptography.

Leakage-Resilient Storage Francesco Davì Stefan Dziembowski Daniele Venturi SCN /09/2010 Sapienza University of Rome.

9th IMA Conference on Cryptography & Coding Dec 2003 More Detail for a Combined Timing and Power Attack against Implementations of RSA Werner Schindler.

Cryptanalysis of the Stream Cipher DECIM Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven ESAT/COSIC.

Cryptography Lecture 2 Arpita Patra. Summary of Last Class  Introduction  Secure Communication in Symmetric Key setting >> SKE is the required primitive.

On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.

1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.

University of Massachusetts Amherst · Department of Computer Science Square Root Law for Communication with Low Probability of Detection on AWGN Channels.

Protecting Cryptographic Memory against Tampering Attack PRATYAY MUKHERJEE PhD Dissertation Seminar Supervised by Jesper Buus Nielsen October 8, 2015.

Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland

TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)

CS555Spring 2012/Topic 81 Cryptography CS 555 Topic 8: Pseudorandom Functions and CPA Security.

Randomness Leakage in the KEM/DEM Framework Hitoshi Namiki (Ricoh) Keisuke Tanaka (Tokyo Inst. of Tech.) Kenji Yasunaga (Tokyo Inst. of Tech.  ISIT) ProvSec.

Error-Correcting Codes and Pseudorandom Projections Luca Trevisan U.C. Berkeley.

ON AVCS WITH QUADRATIC CONSTRAINTS Farzin Haddadpour Joint work with Madhi Jafari Siavoshani, Mayank Bakshi and Sidharth Jaggi Sharif University of Technology,

Cryptography Lecture 10 Arpita Patra © Arpita Patra.

MEGGIT DECODER. PROBLEM STATEMENT To correct all single errors in n-bit codeword, n error patterns of single errors and their corresponding syndromes.

Cryptography Lecture 3 Arpita Patra © Arpita Patra.

Non-malleable Reductions and Applications Divesh Aggarwal * Yevgeniy Dodis * Tomasz Kazana ** Maciej Obremski ** Non-Malleable Codes from Two-Source Extractors.

Efficient Leakage Resilient Circuit Compilers

Selective-opening security in the presence of randomness failures

Sampling of min-entropy relative to quantum knowledge Robert König in collaboration with Renato Renner TexPoint fonts used in EMF. Read the TexPoint.

Topic 14: Random Oracle Model, Hashing Applications

Cryptography Lecture 9.

Topic 11: Authenticated Encryption + CCA-Security

Background: Lattices and the Learning-with-Errors problem

Topic 5: Constructing Secure Encryption Schemes

A Tamper and Leakage Resilient von Neumann Architecture

Cryptography Lecture 10.

Topic 7: Pseudorandom Functions and CPA-Security

Provable Security at Implementation-level

Fiat-Shamir for Highly Sound Protocols is Instantiable

Cryptography Lecture 9.

New Frontiers in Secret Sharing

Topic 13: Message Authentication Code

Cryptography Lecture 9.

Presentation transcript:

Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian Faust, Daniele Venturi and Daniel Wichs EUROCRYPT 2014, COPENHAGEN May 12, 2014

Two Parts Part-1 Efficient Non-malleable Codes against Poly-size circuits Part-2 Efficient Non-malleable Key-derivation against Poly-size circuits This talk More Less

Part-1 Efficient Non-malleable Codes against Poly-size circuits Non-malleable Codes (Informally) A modified codeword contains either original or unrelated message. E.g. Can not flip one bit of encoded message by modifying the codeword.

The “Tampering Experiment”  Consider the following experiment for some encoding scheme (ENC,DEC) f ENC s Tamper 2F2F C DEC s* C*=f(C) Goal: Design encoding scheme (ENC,DEC) which is Non-malleable for an “interesting” class F Note ENC can be randomized. There is no secret Key.

f ENC s Tamper 2F2F C DEC s* C*=f(C) If C* = C return same Else return s* Tamper f ( s )

Application : Tamper-Resilient Cryptography Non-malleable codes are used to protect against key-tampering attacks. How ? – Encode the key using NMC. – The tampering adversary can not modify the encoded key to some related key.

Limitation and Possibility Limitation: For any (ENC, DEC) there exists f bad which decodes C, flips 1-bit and re-encodes to C*. Corollary-1: It is impossible to construct encoding scheme which is non-malleable w.r.t. all functions F all. Corollary-2: It is impossible to construct efficient encoding scheme which is non-malleable w.r.t. all efficient functions F eff. Question: How to restrict F ? Way-1: Restrict granularity  Codeword consists of components which are independently tamperable.  Example: Split-state tampering [ DPW10, LL12, DKO13, ADL13, CG13, FMNV13, ADK14 ]: Way-2: Restrict complexity  The whole codeword is tamperable but only with functions that are not “too complicated”. Our Focus!

Our Result Main Result: “The next best thing” recall Corollary-2: It is impossible to construct efficient encoding scheme which is non-malleable w.r.t. all efficient functions F eff. Corollary-3

Our Result Corollary-3 Main Result: “The next best thing” A similar result [CG 14] But the encoding/decoding becomes “inefficient” in order to get negligible error Caveat: Our results hold in CRS model.

NMC in CRS model  Fix some polynomial P.  We construct a family of efficient codes parameterized by CRS: (ENC CRS, DEC CRS )

The Construction Overview Input: s Inner Encoding C1C1 Outer Encoding C Ingredient: a t-wise independent hash function h C C1C1 || h( ) C1C1 is Valid C C is of the form R || h( ) R Intuitions (outer encoding) Fixed by CRS  For every tampering function f there is a “small set” S f such that if a tampered codeword is valid, then it is in S f w.h.p.

The Construction Overview Input: s Inner Encoding C1C1 Outer Encoding C Intuitions (outer encoding)  For every tampering function f there is a “small set” S f such that if a tampered codeword is valid, then it is in S f w.h.p. We call this property Bounded Malleability which ensures that the tampered codeword does not contain “too much information” about the input codeword

The Construction Overview Input: s Inner Encoding C1C1 Outer Encoding C Intuitions (Inner encoding) recall  f can guess some bit(s) of C 1 and if the guess is correct, leave C same otherwise overwrites to some invalid code. Example A leakage- resilient code

Leakage-Resilient Code Our Inner Encoding

Putting it together Input: s Inner Encoding C1C1 Outer Encoding C Bounded Malleable Code Leakage Resilient Code Non-Malleable Code

Part-2 Efficient Non-malleable Key-derivation (NMKD) against Poly-size circuits

NMKD: A new primitive Source: X Output: Y Tampered Source: f(X) Output: Y’ A dual of Non- Malleable Extractor

NMKD: Defintion Theorem (NMKD)

Conclusion The first construction of non-granular efficient Non- malleable code. – Our construction is information theoretic and achieves optimal rate. A new primitive Non-Malleable Key-derivation. – Application to construct Tamper-resilient Stream Cipher. Open: – New Application of NMKD.

Thank You !