Private Circuits Protecting Circuits Against Side-Channel Attacks Yuval Ishai Technion & UCLA Based on joint works with Manoj Prabhakaran, Amit Sahai,

Slides:



Advertisements
Similar presentations
On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.
Advertisements

Correlation Extractors and Their Applications Yuval Ishai Technion Based on joint work with Eyal Kushilevitz Rafail Ostrovsky Amit Sahai.
Efficient Multiparty Protocols via Log-Depth Threshold Formulae Ron Rothblum Weizmann Institute Joint work with Gil Cohen, Ivan Damgard, Yuval Ishai, Jonas.
Coin Tossing With A Man In The Middle Boaz Barak.
PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 25. FEB 2014 CONTINUOUS NON-MALLEABLE CODES JOINT WORK WITH SEBASTIAN FAUST, JESPER.
Security Seminar, Fall 2003 On the (Im)possibility of Obfuscating Programs Boaz Barak, Oded Goldreich, Russel Impagliazzo, Steven Rudich, Amit Sahai, Salil.
Leakage- Resilient Cryptography: Recent Advances
Protecting Circuits from Leakage Sebastian Rome La Sapienza, January 18, 2009 Joint work with KU Leuven Tal Rabin Leo Reyzin Eran Tromer Vinod.
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.
PRATYAY MUKHERJEE Aarhus University Joint work with
Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011
Circuits Resilient to Additive Manipulation with Applications to Secure Computation Yuval Ishai Technion Daniel Genkin Manoj Prabhakaran Amit Sahai Eran.
Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto
NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.
1 Information Security – Theory vs. Reality , Winter Lecture 7: Tamper Resilience, Cryptographic leakage Resilience Eran Tromer Slides.
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.
PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 28. MARCH 2014 NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland.
The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.
Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.
Protecting Circuits from Computationally-Bounded Leakage Eran Tromer MIT Joint work with Sebastian Faust K.U. Leuven Leo Reyzin Boston University Crypto.
Prefix-Preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme Jun Xu, Jinliang Fan, Mostafa Ammar,
Interactive Proofs For Quantum Computations Dorit Aharonov, Michael Ben-Or, Elad Eban School of Computer Science and Engineering The Hebrew University.
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
Leakage-Resilient Storage Francesco Davì Stefan Dziembowski Daniele Venturi SCN /09/2010 Sapienza University of Rome.
Blind Vision Shai Avidan, Moshe Butman Yuval Schwartz.
1 Cross-Domain Secure Computation Chongwon Cho (HRL Laboratories) Sanjam Garg (IBM T.J. Watson) Rafail Ostrovsky (UCLA)
How to play ANY mental game
Secure Computation (Lecture 7-8) Arpita Patra. Recap >> (n,t)-Secret Sharing (Sharing/Reconstruction) > Shamir Sharing > Lagrange’s Interpolation for.
Protecting Circuits from Computationally-Bounded Leakage Eran Tromer MIT Joint work with Sebastian Faust K.U. Leuven Leo Reyzin Boston University MIT/Microsoft.
Physically Unclonable Function– Based Security and Privacy in RFID Systems Leonid Bolotnyy and Gabriel Robins Dept. of Computer Science University of Virginia.
Private Approximation of Search Problems Amos Beimel Paz Carmi Kobbi Nissim Enav Weinreb (Technion)
Secure Computation (Lecture 5) Arpita Patra. Recap >> Scope of MPC > models of computation > network models > modelling distrust (centralized/decentralized.
Sandrine AGAGLIATE, FTFC Power Consumption Analysis and Cryptography S. Agagliate Canal+Technologies P. Guillot Canal+Technologies O. Orcières Thalès.
1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.
Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.
PROTECTING CIRCUITS from LEAKAGE IBM T. J. Watson Vinod Vaikuntanathan the computationally bounded and noisy cases Joint with S. Faust (KU Leuven), L.
1 Information Security – Theory vs. Reality , Winter Lecture 13: Cryptographic leakage resilience (cont.) Eran Tromer Slides credit:
Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland
Efficient Private Matching and Set Intersection Mike Freedman, NYU Kobbi Nissim, MSR Benny Pinkas, HP Labs EUROCRYPT 2004.
1 Information Security – Theory vs. Reality , Winter Lecture 9: Leakage resilience (continued) Lecturer: Eran Tromer.
Secure Computation with Minimal Interaction, Revisited Yuval Ishai (Technion) Ranjit Kumaresan (MIT) Eyal Kushilevitz (Technion) Anat Paskin-Cherniavsky.
1 / 23 Efficient Garbling from A Fixed-key Blockcipher Applied MPC workshop February 20, 2014 Mihir Bellare UC San Diego Viet Tung Hoang UC San Diego Phillip.
Efficient Leakage Resilient Circuit Compilers
A Fixed-key Blockcipher
Lower Bounds on Assumptions behind Indistinguishability Obfuscation
Carmit Hazay (Bar-Ilan University, Israel)
Homomorphic encryption of quantum data
Randomness and Computation
Foundations of Secure Computation
CSCI-100 Introduction to Computing
Secure Computation of Constant-Depth Circuits with Applications to Database Search Problems Omer Barkol Yuval Ishai Technion.
A Tamper and Leakage Resilient von Neumann Architecture
Unconditional One Time Programs and Beyond
Fuzzy Identity Based Encryption
Unknown Input Attacks in the Parallel Setting Improving the Security of the CHES 2012 Leakage Resilient PRF Marcel Medwed François-Xavier Standaert Ventzislav.
Cryptography for Quantum Computers
When are Fuzzy Extractors Possible?
When are Fuzzy Extractors Possible?
Provable Security at Implementation-level
Emanuele Viola Harvard University June 2005
On Derandomizing Algorithms that Err Extremely Rarely
A Light-weight Oblivious Transfer Protocol Based on Channel Noise
Presentation transcript:

Private Circuits Protecting Circuits Against Side-Channel Attacks Yuval Ishai Technion & UCLA Based on joint works with Manoj Prabhakaran, Amit Sahai, David Wagner

A Live Demonstration Can you keep secrets? … and now?

Talk Overview The goal Security definition Overview of results and techniques Open questions

The Goal s m AES(s,m) s’ m AES(s,m) Same I/O functionality Keeps s secret even in the presence of side-channel attacks. - leakage - tampering

Comparison with Related Work Protecting general, reactive circuits –vs. realizing a specific task [DP08] –vs. a one-time computation [GKR08] Continuous and adaptive leakage/tampering –vs. bounded leakage [AGV09] Entire circuit susceptible to leakage/tampering –vs. “only computation leaks information” [MR04] –vs. “algorithmic tamper-proof security” [GLM+04]

INPUT OUTPUT CIRCUIT MEMORY The Model In each cycle: –Adv chooses input –Adv chooses an admissible (t-bounded) attack Leakage and/or tampering from a specified class –Adv observes output + leakage –Memory state is updated

INPUT OUTPUT CIRCUIT MEMORY Circuit Transformers T=(T C,T s ), on inputs k,t, maps C to C’ and s 0 to s 0 ’. T s must be randomized –Otherwise initial state s 0 is revealed by probing C’ can be either randomized or (better yet) deterministic. C INPUT OUTPUT CIRCUIT MEMORY T C’ s0s0 s0’s0’

INPUT OUTPUT CIRCUIT MEMORY Security Definition T respects functionality: C[s 0 ]  C’[s 0 ’] T protects privacy:  C  Sim  t-bounded Adv  s 0 Sim Adv,C[s0]  view of Adv attacking C’[s 0 ’] –Even in case of tampering, only privacy is required C INPUT OUTPUT CIRCUIT MEMORY T C’ s0s0 s0’s0’

INPUT OUTPUT CIRCUIT MEMORY Relation with Obfuscation C’[s 0 ’] should act like a “virtual black-box” for C[s 0 ]. –Even in the presence of side-channel attacks Negative results for obfuscation [BGI+01,GK05] restrict classes of attacks that can be tolerated –Can’t probe all wires in a single cycle –Can’t leak an arbitrary predicate of the state [BGI+01,GK05,DP06] –Can’t freely “edit” gates and wires C INPUT OUTPUT CIRCUIT MEMORY T C’ s0s0 s0’s0’

Results: Passive Attacks I-Sahai-Wagner03: probing attacks –Adv probes t wires in each cycle –Several circuit transformers |C’|=O(t 2 ) |C|, randomized |C’|=O(t 2 ) |C|+poly(t,k), deterministic |C’|=O~(|C|), t=  ~(width(C)) probes can’t be added within a cycle –Randomized routing technique Faust-Rabin-Reyzin-Tromer-Vaikuntanathan10: –constant depth leakage (e.g., AC 0 ) with t-bit output |C’|=O((t+k) 2 ) |C| –noisy leakage: each bit flipped with prob. p |C’|=O(k 2 ) |C| –both require tamper-proof, randomized “opaque gates”

Results: Tampering Attacks I-Prabhakaran-Sahai-Wagner 06: –Permanent Reset attacks, unbounded |C’|=O(k 2 ) |C| –Permanent Set/Reset/Toggle, up to t per cycle |C’|=poly(k,t) |C| Requires AND gates of fan-in O(kt) –Both constructions can be made deterministic

Probing Attacks and MPC Standard MPC Client-Server MPC Input clients Servers Output clients [BGW88,CCD88]: Unconditional security if t<n/2 parties are passively corrupted. Unconditional security if t<n/2 servers are corrupted.

Probing Attacks and MPC Client-Server MPC Input clients Servers Output clients Unconditional security if t<n/2 servers are corrupted. Further extending MPC model: -Reactive functionalities -Mobile adversary [OY91] -No online randomness [CH94]

MPC on Silicon xixi yiyi S2S2 output client input client initializer s0s0 S1S1 S3S3 S2S2 S1S1 S3S3 S2S2 S1S1 S3S3 S2S2 S1S1 S3S3 Conversely: Private circuit  MPC T C =protocol compiler T s = initializer algorithm

MPC on Silicon? Very different optimization goals –Typical MPC: maximize resilience / #parties –Private circuits: maximize resilience / computation Ideally: many tiny parties, constant fractional resilience Using MPC protocols from the literature –BGW88: Based on Shamir’s secret sharing 2t+1 servers, O~(t 2 )|C| computation, nontrivial field arithmetic –“GMW-lite” [GMW87,GV87,GHY87]: Based on additive (XOR) secret sharing t+1 servers O(t 2 )|C| computation in OT-hybrid model Implement OT calls via additional servers! ISW03 construction is an optimized version of this approach s0’s0’

Concrete ISW03 Implementation Secrets additively shared into m=2t+1 shares Given shares of a=a 1  …  a m, b=b 1  …  b m –Compute shares of Not(a) : apply NOT to a 1 –Compute shares c i of a AND b : Let z i,j, i<j, be random independent bits Let z j,i =(z i,j  a i b j )  a j b i Let c i =a i b i   j  i z i,j Randomness gates eliminated by using 2t+1 copies of a PRG s0’s0’

Tampering Attacks Recall model –adversary can permanently set, reset, toggle t wires in each cycle –eventually, all wires can be tampered with! –can’t use standard MPC, error-correction, signatures… Idea: “self-destruct” if tampering is detected –How to implement if even self-destruction mechanism can be tampered with? Idea: randomized mine-field –Any tampering attempt can trigger a mine –Few lucky tampering attempts do not harm

The High Level Approach Consider (unbounded) Reset attacks Encode each value in C by a pair of values –0  01 –1  10 –00, 11 interpreted as  A Reset can either leave a value unchanged or turn it to  Propagate  to outputs and memory (self-destruct) Still need to worry about correlation between secrets and  Solution: Use ISW03 to get “k-wise independence” –Adv should get lucky k times to violate privacy –Being unlucky even a single time causes self-destruction General Set/Reset/Toggle attacks handled via longer encodings

The Low-Level Details A hacker’s paradise…

The Low-Level Details A hacker’s paradise…

Further Research: Leakage Extend feasibility to other classes of leakage –other realistic leakage classes (power analysis, …) –“only computation leaks information” –… anything that does not imply obfuscation –leakage-resilient MPC? Probing attacks –improve efficiency and resilience –motivates new MPC complexity questions –potential application for “MPC-friendly codes” [CC06,…] Constant-depth leakage –eliminate “opaque gates” and randomness –is [ISW03] secure?

Interactive Compression [FRRTV10] Compression algorithm for f [HN06]: unbounded “solver” f(x) compression algorithm x y Shares of state Leakage function Observed leakage Adversary’s computation

Interactive Compression [FRRTV10] Can parity be compressed? –[Håstad]: Circuits of depth d and size 2^k 1/d can’t compute XOR k  compression to k 1/d bits is hard for such circuits –[DI06]: even compression to k.99 bits is hard!  constant-depth leakage with t= k.99 is safe Previous compression model doesn’t handle adaptive attacks –reduction to non-adaptive case yields poor bounds –motivates study of “interactive compression”

Communication Complexity Game Weak Strong X= Parity(X) Circuit complexity: Weak sends one bit Compression: Weak sends t bits in one message Interactive compression: Weak sends t bits overall Challenge: good lower bounds for interactive compression

Further Research: Tampering Tolerate an unbounded number of attacks –Possible using tamper-proof components of size k –Open: use components of size O(1) Tolerate wider classes of tampering + leakage Develop a general theory –Apply general non-malleable codes [DPW10] –Tamper-resilient MPC

Conclusion Bottomless pool of open questions Motivate independently interesting theoretical questions –Leakage- and tamper-resilient MPC –Feasibility of relaxed obfuscation –Hardness of compression Relevance to practice?