Public Key Cryptography in the Bounded Retrieval Model Based on joint works with Joël Alwen, Moni Naor, Gil Segev, Shabsi Walfish and Daniel Wichs Crypto  Clouds Speaker: Yevgeniy Dodis (NYU)

Leakage Attacks  Standard Crypto Assumption: keys stored secretly.  Reality: information leaks  Timing attacks, Power consumption attacks, Freezing attacks, Hackers, Malware, Viruses…  Usual Crypto Response: not our problem.  Better Crypto Response: provably secure primitives that allow leakage.  Assume leakage arbitrary but incomplete.

Modeling Incomplete Leakage  Adversary can learn any efficiently computable function f : {0,1}*  {0,1} L of the secret key. L = Leakage Bound.  Relative leakage […, AGV09, DKL09, NS09, KV09]. Key size dependent on security parameter (e.g bits). Leakage L is dependent on key size (e.g. 50% of key size). Goal: Allow for large percentage of leakage. Problem: in reality, leakage may be large in absolute terms (e.g. L can be on scale of Kbs, Mbs or even Gbs) For example: hackers/malware/virus attacks. Many side-channel attacks.  More robust model: Bounded Retrieval Model

Modeling Incomplete Leakage  Adversary can learn any efficiently computable function f : {0,1}*  {0,1} L of the secret key. L = Leakage Bound. k = Security Parameter  Relative leakage […, AGV09, DKL09, NS09, KV09].  Bounded retrieval model (BRM) [Dzi06,CLW06,DP07,ADW09] Key size |SK| depends on security parameter k AND leakage bound L. (Note: must be more than L) Other efficiency parameters only depend on k. E.g., public key, communication, computation, read-locality. Goal: flexibly accommodate ANY leakage bound L ONLY by increasing |SK| and without impacting other parameters. OK for many applications since storage is extremely cheap.

Only Computation Leaks Information  Incomparable model of leakage [MR04, DP08, P09].  Each OP leaks a shrinking function of accessed data.  Positive: Allows for potentially unbounded overall amount of leakage L.  Doesn’t necessitate increasing secret-key size above L.  Negative:  Does not capture cold-boot attacks, malware, viruses.  Seems to require state and/or key evolution.  This talk: BRM

Crypto Primitives with Leakage  Inherent limitations to leakage-resilient non-interactive primitives.  Encryption Schemes: Leakage can only occur before and not after the adversary sees the ciphertext.  Existentially Unforgeable Signatures: Leakage must be smaller than size of a single signature. Opposite goal for standard signatures, incompatible with BRM.  Can have qualitatively stronger security w./interaction: (Encryption, Authentication, Authen. Key Agreement).  Leakage before and after, but not during, protocol execution.  Perfect forward secrecy: can learn secret keys entirely after the protocol execution.

Full Leakage Private Communication (Encryption) Partial LeakageNo Leakage Non-interactive: Timeline: Partial Leakage Interactive: Timeline: No Leakage Protocol Run (pk Alice, sk Alice ) Prior to CommunicationAfter Communication Prior to CommunicationAfter Communication pk Alice (pk Alice, sk Alice ) Enc(m; pk Alice ) pk Alice

Recent History  Relative Leakage.  Symmetric-Key Authenticated Encryption [DKL09]  Public-Key Encryption [AGV09, NS09, KV09]  Problems: 1) non-BRM, 2) no leakage after ciphertext.  Bounded Retrieval Model [Dzi06,CLW06].  Symmetric-Key Identification [Dzi06]  Symmetric-Key Authenticated Key Agreement [Dzi06,CDD + 07]  Secret Sharing [DP07]  Main Problem: Key distribution (i.e., symmetric-key).  Magnified in the BRM model

Our Results  Efficient (and only) constructions of many public-key primitives in the BRM:  [ADW09]: ID and “Signature” schemes, Interactive Encryption, Authentication and Authenticated Key Agreement (AKA). Based on Okamoto ID/Sigs. |SK| = (1+  ) · L Forward security.  [ADNSWW09]: Encryption schemes, IBE. Based on Gentry IBE. |SK| ≈ 2 · L No forward security  (necessary).

 Leakage bound L. Security parameter k.  Secret key size: O(L), in some cases L(1+   )  Public key size: constant # of group elements  Communication: ID/Sig/AKA: constant # of group elements Enc/IBE: O(k) group elements  Data Accessed: O(k) group elements  Computation: O(k) exponentiations  Relative Leakage: all O(k) become O(1).  Solves open problem of [AGV09] for ID/Sigs Efficiency of Our Results Same as standard constructions!!!

 Identification Schemes  Scheme 1: Relative Leakage  Scheme 2: “Direct product” extension to BRM  Scheme 3: Compressing Communication  Entropic Signatures  Interactive Encryption, Authentication and AKA  Towards Non-Interactive Primitives:  IBE with Relative Leakage  Public-Key Encryption (and IBE) in the BRM Roadmap

Identification Schemes (pk Bob, sk Bob ) pk Bob Prover BobVerifier Alice accept Learning Stage (pk Bob, sk Bob ) pk Bob Impersonation Stage reject!

Leakage-Resilient Identification Learning Stage (pk Bob, sk Bob ) pk Bob Impersonation Stage reject!  Bob’s key can leak !!!  Pre-impersonation leakage: all in learning stage  Anytime leakage: can happen anywhere sk Bob Note: allow adaptive leakage!

 Identification Schemes  Scheme 1: Relative Leakage  Scheme 2: “Direct product” extension to BRM  Scheme 3: Compressing Communication  Entropic Signatures  Interactive Encryption, Authentication and AKA  Towards Non-Interactive Primitives:  IBE with Relative Leakage  Public-Key Encryption (and IBE) in the BRM Roadmap

 PK = (G, g 1, g 2, z = g 1 x 1 · g 2 x 2 ), SK = (x 1, x 2 )  Bob → Alice: R = g 1 r 1 · g 2 r 2 for random r 1, r 2  Alice → Bob : random c  Bob → Alice: s 1 = r 1 − c · x 1 and s 2 = r 2 − c · x 2  Alice: accept iff R = g 1 s 1 · g 2 s 2 · z c  Key Properties:  Many possible SK’s (x 1, x 2 ) for fixed PK z  Security proof extracts a valid secret key (x 1 ’, x 2 ’)  WI: proof perfectly hides which (x 1, x 2 ) is used  DL  given one secret key, hard to find another Okamoto’s ID Scheme

 Run Eve with known secret key SK = (x 1, x 2 )  Simulate leakage oracle honestly with (x 1, x 2 )  WI  even computat. unbounded Eve does not know which SK was used in learning stage  Eve’s leakage L < |SK|/2  SK still has min-entropy  Rewind Eve (with a new c’) during impersonation stage to extract a valid SK’ = (x 1 ’, x 2 ’)  Doubles leakage for “anytime leakage” case  If SK’  SK, solve discrete log  Pre-imper. leakage |SK|/2, anytime leakage |SK|/4 Relative Leakage-Resilience

 By using ~ 1 /  generators, can tolerate L learn + 2L imper = (1 −  ) · |SK| :  Pre-impersonation leakage L = (1 −  ) · |SK|  Anytime leakage L = (½ −  ) · |SK|  Efficiency proportional to 1 /   Already solves open problem of [AGV09]  Independently discovered by [Katz09]  Can we extend to BRM? Relative Leakage-Resilience

 Identification Schemes  Scheme 1: Relative Leakage  Scheme 2: “Direct product” extension to BRM  Scheme 3: Compressing Communication  Entropic Signatures  Interactive Encryption, Authentication and AKA  Towards Non-Interactive Primitives:  IBE with Relative Leakage  Public-Key Encryption (and IBE) in the BRM Roadmap

 Take any relative-leakage resilient ID scheme X  Choose N independent copies (pk i, sk i ) of X.  N proportional to the leakage parameter L  Set SK = (sk 1,…,sk N ). To run a new ID protocol:  Verifier chooses k random indices (i 1,…,i k )  Run X on the selected k instances  Accept iff all accept  Good: communication/computation complexity ~ k  Is this a proper (secure/efficient) BRM scheme?? Direct Products: Naive Attempt

 Public key is long: PK = (pk 1,…,pk N ).  BRM only allows SK to be long!  Solution: use signatures to authenticate pk i.  Generate “master” signing key (SigKey,VerKey)  Set PK = VerKey (note: PK is short)  Compute certificate s i = Sig((i, pk i ), SigKey)  Store SK = (sk 1,…,sk N ) and Help =(s 1,…,s N ).  Erase SigKey (important!)  Include certificates (s i 1,…,s i k ) with proof Direct Products: Problem 1 Invisible Key Updates! store SigKey “offline” periodically refresh SK = (sk 1,…,sk N ) public key VerKey does not change ! secure as long as < L leakage between refreshes approaches “continuous leakage”, but without assuming “only computation leaks information”

 Add an extra round to send indices (i 1,…,i k )  Destroys “  -protocol structure” of Okamoto  Bad for getting signatures via Fiat-Shamir  Solution: many  -protocols have first flow independent from public key  E.g., R = g 1 r 1 · g 2 r 2 independent from z = g 1 x 1 · g 2 x 2  Have verifier send (i 1,…,i k ) in the second flow, together with challenge c Direct Products: Problem 2

 Seems very hard to prove security generically  Hope. Start with ℓ -leakage resilient scheme X  get L-resilient scheme X’, where L ~ N ℓ  Natural reduction: generate (N-1) keys honestly and set SK = {sk, honest keys}  Simulate leakage f(SK) by hardwiring known keys  But the output length is still L » ℓ. Illegal query!  In fact, can come up with (artificial) counter-examples Direct Products: Problem 3

 Seems very hard to prove security generically  But works for the special case of Okamoto!  Entropy-Preservation Lemma. Assume:  Enc:  N   M is “good” approxim. list-decodable code  X = (x 1,…,x N )   N has “enough” min-entropy Then Y = Enc(X)[ j ] has “enough” min-entropy  Corollary: Apply to direct product code  Enc(x 1,…,x N )[i 1,…,i k ] = (x i 1,…, x i k )  [IJK06]: direct product code is approxim. list-decodable  Thus, “condense” entropy from N  log |  | to k  log |  | Direct Products: Our Solution

 Seems very hard to prove security generically  But works for the special case of Okamoto!  Leakage L  SK = (sk 1,…,sk N ) has entropy  Entropy Lemma  (sk i 1,…,sk i k ) has entropy  Basic Okamoto recovers secret key sk’  k- direct product recovers all k keys ( sk ’ i 1,…, sk ’ i k )  (sk i 1,…,sk i k ) has entropy  likely  j s.t. sk ’ i j  sk ’ i j  Two different secret keys  break DL Direct Products: Our Solution

 Identification Schemes  Scheme 1: Relative Leakage  Scheme 2: “Direct product” extension to BRM  Scheme 3: Compressing Communication  Entropic Signatures  Interactive Encryption, Authentication and AKA  Towards Non-Interactive Primitives:  IBE with Relative Leakage  Public-Key Encryption (and IBE) in the BRM Roadmap

 Communication O(k) more than basic Okamoto  Can we “aggregate” k protocols into 1?  Yes, can use entropy lemma again, by “concatenating” the Direct Product and the Reed-Solomon codes  The “aggregate” secret key sk * still has min-entropy  But still need to send k public keys (pk i 1,…,pk i k )   Can aggregate to single pk *, but how to authenticate?  Related to aggregate signatures, but harder…  Solution: use variant of BLS signatures by [SW08]  s[i] = (RO(i)  pk i ) X Compressing Communication

 Pre-impersonation leakage L.  Secret key length |SK| = L · (1+  )  Everything else independent of L.  In particular,  Standard Model: O(k) communication.  RO Model: O(1) communication. Parameters of BRM ID Schemes

 Identification Schemes  Scheme 1: Relative Leakage  Scheme 2: “Direct product” extension to BRM  Scheme 3: Compressing Communication  Entropic Signatures  Interactive Encryption, Authentication and AKA  Towards Non-Interactive Primitives:  IBE with Relative Leakage  Public-Key Encryption (and IBE) in the BRM Roadmap

 Standard security: Existential Unforgeability  Requires that leakage L < signature size  Forces large signature, incompatible with BRM  Might be too strong for many applications  More suitable notion: Entropic Unforgeability  Cannot forge signature if message has entropy k  Makes sense in the BRM model ! (call BRM-sig)  Enough for many applications  E.g., interactive encryption, authentication, AKA Leakage-Resilient Signatures

 Apply Fiat-Shamir to any leakage-resilient, 3- round (public-coin) ID scheme:  Resulting signature scheme is:  Leakage-resilient (in RO model), for the same L  Anytime leakage  Existentially Unforgeable  Pre-imperson. leakage  Entropically Unforgeable  Scheme 1  Existent. Unforg. Sig. with L  |SK|/2  Scheme 1  Entropically Unforg. Sig. with L  |SK|  Scheme 3  BRM Signature with L  |SK| From ID to Signatures Same sig size as standard sigs!!!Solves open problem of [AGV09]

 Identification Schemes  Scheme 1: Relative Leakage  Scheme 2: “Direct product” extension to BRM  Scheme 3: Compressing Communication  Entropic Signatures  Interactive Encryption, Authentication and AKA  Towards Non-Interactive Primitives:  IBE with Relative Leakage  Public-Key Encryption (and IBE) in the BRM Roadmap

 Example: Interactive Encryption  Sender → Receiver: random r  Receiver → Sender: BRM-Sig(r, enc. key pk)  Sender → Receiver: Enc(m, pk)  Receiver: Decrypt m, erase sk.  Similar trick for interactive authentication, AKA  Punchline: Interactive BRM authentication, encryption, authenticated key agreement with constant communication and forward secrecy Signatures  Interactive Primitives Message has entropy! Forward secrecy!

What does it mean? For example…  An efficient interactive encryption protocol with short public key and 10 GB secret key.  All other efficiency parameters “short” as well  A virus must download at least 5 GB of information to break privacy of messages sent  All messages transmitted prior to infection remain secure, even if virus learns the entire 10 GB key.  Major advantage over encryption [AGV09,NS09,KV09,ADNSWW09].  Almost as efficient as standard protocols.

 Identification Schemes  Scheme 1: Relative Leakage  Scheme 2: “Direct product” extension to BRM  Scheme 3: Compressing Communication  Entropic Signatures  Interactive Encryption, Authentication and AKA  Towards Non-Interactive Primitives:  IBE with Relative Leakage  Public-Key Encryption (and IBE) in the BRM Roadmap Come to Daniel’s talk [ADNSWW09]. First (non-interactive) BRM encryption & IBE Tools: Gentry IBE (standard model). Entropy-preservation lemma again! Id-based Hash Proof Systems (generalizing [NS09])

 Efficient (and only) constructions of many public-key primitives in the BRM  Encryption, Authentication, IBE, AKA, Sigs  BRM more flexible than relative leakage  Only |SK| depends on L, and storage is cheap  Future Directions:  Leakage of intermediate results “during protocol”  Continuous leakage (ala “invisible updates”)  More BRM tools: improved “entropy-preservation” lemma, leakage amplification, … Conclusions + Open Problems

 Identification Schemes  Scheme 1: Relative Leakage  Scheme 2: “Direct product” extension to BRM  Scheme 3: Compressing Communication  Entropic Signatures  Interactive Encryption, Authentication and AKA  Towards Non-Interactive Primitives:  IBE with Relative Leakage  Public-Key Encryption (and IBE) in the BRM Roadmap

 Identification Schemes  Scheme 1: Relative Leakage  Scheme 2: “Direct product” extension to BRM  Scheme 3: Compressing Communication  Entropic Signatures  Interactive Encryption, Authentication and AKA  Towards Non-Interactive Primitives:  IBE with Relative Leakage  Public-Key Encryption (and IBE) in the BRM Roadmap

 Identification Schemes  Scheme 1: Relative Leakage  Scheme 2: “Direct product” extension to BRM  Scheme 3: Compressing Communication  Entropic Signatures  Interactive Encryption, Authentication and AKA  Towards Non-Interactive Primitives:  IBE with Relative Leakage  Public-Key Encryption (and IBE) in the BRM Roadmap