PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 28. MARCH 2014 NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014.

Slides:



Advertisements
Similar presentations
Quantum Software Copy-Protection Scott Aaronson (MIT) |
Advertisements

Computing with adversarial noise Aram Harrow (UW -> MIT) Matt Hastings (Duke/MSR) Anup Rao (UW)
PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 25. FEB 2014 CONTINUOUS NON-MALLEABLE CODES JOINT WORK WITH SEBASTIAN FAUST, JESPER.
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.
PRATYAY MUKHERJEE Aarhus University Joint work with
Circuits Resilient to Additive Manipulation with Applications to Secure Computation Yuval Ishai Technion Daniel Genkin Manoj Prabhakaran Amit Sahai Eran.
Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.
A Rate-Optimizing Compiler for Non- malleable Codes against Bit-wise Tampering and Permutations Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta K.
LEAKAGE and TAMPER Resilient Random Access Machine (LTRAM) Pratyay Mukherjee Aarhus University Joint work with Sebastian Faust, Jesper Buus Nielsen and.
NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.
CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.
1 Vipul Goyal Abhishek Jain Rafail Ostrovsky Silas Richelson Ivan Visconti Microsoft Research India MIT and BU UCLA University of Salerno, Italy Constant.
Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)
On the (Im)Possibility of Key Dependent Encryption Iftach Haitner Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before you delete.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
1 Adaptive Witness Encryption and Asymmetric Password-based Cryptography PKC 2015 March 31, 2015 Mihir Bellare UC San Diego Viet Tung Hoang University.
CPSC 411, Fall 2008: Set 12 1 CPSC 411 Design and Analysis of Algorithms Set 12: Undecidability Prof. Jennifer Welch Fall 2008.
The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.
Oblivious Transfer based on the McEliece Assumptions
Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Private Information Retrieval. What is Private Information retrieval (PIR) ? Reduction from Private Information Retrieval (PIR) to Smooth Codes Constructions.
CS555Spring 2012/Topic 41 Cryptography CS 555 Topic 4: Computational Approach to Cryptography.
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Ruhr-Universität Bochum, Germany
Leakage-Resilient Storage Francesco Davì Stefan Dziembowski Daniele Venturi SCN /09/2010 Sapienza University of Rome.
Automatic Implementation of provable cryptography for confidentiality and integrity Presented by Tamara Rezk – INDES project - INRIA Joint work with: Cédric.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.
ON CONTINUAL LEAKAGE OF DISCRETE LOG REPRESENTATIONS Shweta Agrawal IIT, Delhi Joint work with Yevgeniy Dodis, Vinod Vaikuntanathan and Daniel Wichs Several.
Cryptography Lecture 9 Stefan Dziembowski
CS555Spring 2012/Topic 111 Cryptography CS 555 Topic 11: Encryption Modes and CCA Security.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
Introduction to Quantum Key Distribution
1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.
PROTECTING CIRCUITS from LEAKAGE IBM T. J. Watson Vinod Vaikuntanathan the computationally bounded and noisy cases Joint with S. Faust (KU Leuven), L.
Protecting Cryptographic Memory against Tampering Attack PRATYAY MUKHERJEE PhD Dissertation Seminar Supervised by Jesper Buus Nielsen October 8, 2015.
Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland
TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)
CS555Spring 2012/Topic 71 Cryptography CS 555 Topic 7: Stream Ciphers and CPA Security.
1 Information Security – Theory vs. Reality , Winter Lecture 9: Leakage resilience (continued) Lecturer: Eran Tromer.
Randomness Leakage in the KEM/DEM Framework Hitoshi Namiki (Ricoh) Keisuke Tanaka (Tokyo Inst. of Tech.) Kenji Yasunaga (Tokyo Inst. of Tech.  ISIT) ProvSec.
Does Privacy Require True Randomness? Yevgeniy Dodis New York University Joint work with Carl Bosley.
Cryptography Lecture 3 Arpita Patra © Arpita Patra.
Non-malleable Reductions and Applications Divesh Aggarwal * Yevgeniy Dodis * Tomasz Kazana ** Maciej Obremski ** Non-Malleable Codes from Two-Source Extractors.
Lower bounds for Unconditionally Secure MPC Ivan Damgård Jesper Buus Nielsen Antigoni Polychroniadou Aarhus University.
Efficient Leakage Resilient Circuit Compilers
Authenticated encryption
Topic 14: Random Oracle Model, Hashing Applications
Digital Signature Schemes and the Random Oracle Model
Cryptographic Hash Functions Part I
Cryptography Lecture 12.
A Tamper and Leakage Resilient von Neumann Architecture
CMSC 414 Computer and Network Security Lecture 3
Cryptography Lecture 6.
Cryptography Lecture 10.
Topic 7: Pseudorandom Functions and CPA-Security
Unknown Input Attacks in the Parallel Setting Improving the Security of the CHES 2012 Leakage Resilient PRF Marcel Medwed François-Xavier Standaert Ventzislav.
General Strong Polarization
Provable Security at Implementation-level
Fiat-Shamir for Highly Sound Protocols is Instantiable
Cryptography Lecture 11.
Presentation transcript:

PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 28. MARCH 2014 NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 NEW RESULTS IN NON-MALLEABLE CODES PROGRESS REPORT SEMINAR SUPERVISED BY JESPER BUUS NIELSEN 1

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 CRYPTOGRAPHY IN MODERN WORLD 2 How to analyze security ? Find all possible attacks ? - Infeasible ! Need mathematical modelling and proofs a.k.a. Provable Security

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 PROVABLE SECURITY AT A GLANCE 3 1. Define security notion/models. 2. Design cryptoscheme  Usually described in mathematical language. 3. Prove security  No efficient adversary can break security if assumption holds  Number theoretic: factoring is hard.  Complexity theoretic: one-way function exists.  Reduce security of complex scheme to simple assumption, e.g.,

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 TIME TO RELAX? 4 Security proof implies…  secure against all possible attacks However, provably secure systems get broken in practice! So what’s wrong? Model Reality

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 PHYSICAL ATTACKS ON IMPLEMENTATIONS Mathematical Model: Blackbox 5 input output Reality: PHYSICAL ATTACKS output input leakage tampering tampered output Our focus

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 WHY CARE ABOUT TAMPERING ? 6 BDL’01: Inject single (random) fault to the signing-key of some type of RSA-sig factor RSA-modulus ! Devastating attacks on Provably Secure Crypto-systems! Anderson and Kuhn ’96 Skorobogatov et al. ’02 Coron et al. ’09 …………and many more……. More…

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 THEORETICAL MODELS OF TAMPERING Tamper with memory and computation (IPSW ’06) Tamper only with memory ( GLMMR ‘04 ) 7 F k k F Most General Model: Complicated Limited existing results ! A Natural First Step : Simpler to handle Might be reasonable in practice ! Our Focus

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 Build compiler for any functionality -first proposed in GLMMR04 WAYS TO PROTECT AGAINST MEMORY TAMPERING 1. Protecting Specific schemes 2. Protecting Arbitrary Computation 8 Build tamper resilient - PRF, PKE, Sigs, e.g: BK 03; BCM11; KKS 11; BPT 12; DFMV13 …. Memory Circuit F compile Memory Circuit F’ K' K We build tamper-resilient PKE and Signature Scheme This talk Initialization: K' := C= Enc (K) Execution of F‘[C](x): 1. K = Dec (C) 2. Output F[K](x)

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 SECURITY GUARANTEE 9 Intuition: Adversary shall learn nothing useful from tampering. F' K’ F K compile K’ := Enc (K)

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 OUTLINE: REST OF THE TALK  Basics of Non-Malleable Codes.  Result-1: Continuous Non-Malleable Codes.  Result-2: Efficient Non-Malleable Codes for poly- size tampering circuits.  Conclusions and future works. 10

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH Basic definitions Non-Malleable Codes

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 ENCODING SCHEME (ENC, DEC) › ENC : › DEC : 12 s Enc C Source message Codeword Can be randomized C Dec s CodewordDecoded message No secret key !

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 f THE “TAMPERING EXPERIMENT’’ 13 › “ Tampering Experiment” for encoding scheme (Enc,Dec) : Enc s Tamper 2F2F C Dec s* Goal: Design encoding scheme (Enc,Dec) for “ interesting” F that provides “ meaningful guarantees” about s*. C*=f(C)

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 ERROR CORRECTION/DETECTION & NON-MALLEABILITY 14 f 2 F  Error-Correction: Guarentees s* = s but e.g. for hamming codes f must be such that: Ham-Dist ( C, C *) < d/2. i.e. F is very limited !  Error-Detection: Guarentees s* = {s, ? } but F can’t contain simple function e.g. constant functions f Ĉ (.)= Ĉ for valid Ĉ  Non-Malleability[ DPW10 ]: Guarentees s* = s or unrelated to s. Hope : Achievable for rich F Enc s Tamper C Dec s* C*=f(C)

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 FORMALIZING NMC [DPW’10] 15 Set C* ←f(C) If C* = C return same Else return C* 3. Output View return Tamper( s b ) View The tampering exp. should not leak anything about input ! Intuition 1. Encode C← Enc( s b ). 2. Tampering:

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 LIMITATION AND POSSIBILITY 16

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH Result-1 Continuous Non-Malleable Codes Based on a joint work with: Sebastian Faust, Jesper Buus Nielsen and Daniele Venturi [Appeared in TCC 2014]

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 SPLIT-STATE TAMPERING 18 In this model, C = (C 1,C 2 ) and f =(f 1, f 2 ) for arbitrary f 1, f 2 18 f1f1 f1f1 s C1C1 C2C2 f2f2 f2f2 C1*C1* C2*C2* Dec Enc s*

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 NMC TO PROTECT TAMPERING 19 Memory Circuit F’ s' Memory Circuit F s  Idea: Build compiler for any functionality compile Initialization: s' := NMEnc ( s ) Execution loop of F’ [s‘](x): 1. s = NMDec(s‘) 2. if s = ? then STOP else output F[s](x) and re-encode s‘ = NMEnc ( s ),continue.. recall Fresh Re-encoding: Adv can tamper each codeword only once

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 A STRONGER TAMPERING MODEL 20  Memory space much bigger than length of codeword. C := NMEnc ( s ) C C’ Memory M Memory M*= f (M) f Adv can tamper continuously with the same codeword. read

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH Encode (C 1,C 2 ) ← Enc( s b ). 2. Tampering: 1. Encode (C 1,C 2 ) ← Enc( s b ). 2. Tampering: Repeat adaptively CNMC: A NATURAL EXTENSION 21 Set (C 1 *,C 2 *) ←(f 1 (C 1 ), f 2 (C 2 )) If (C 1 *,C 2 *) = (C 1,C 2 ) return same Else return (C 1 *,C 2 *) 3. Output View (f 1, f 2 ) return Tamper( s b ) View Attack[GLMMR04]: Guess each bit, overwrite and check if the output is same - recover bit by bit Way Out: Assume Self-Destruct: If output ? once, then STOP experiment. continuous

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH Encode (C 1,C 2 ) ← Enc( s b ). 2. Tampering: 1. Encode (C 1,C 2 ) ← Enc( s b ). 2. Tampering: Repeat adaptively CNMC: A NATURAL EXTENSION 22 Set (C 1 *,C 2 *) ←(f 1 (C 1 ), f 2 (C 2 )) If (C 1 *,C 2 *) = (C 1,C 2 ) return same Else if Dec( C 1 *,C 2 * )= ? then return ? and self-destruct. Else return (C 1 *,C 2 *) 3. Output View (f 1, f 2 ) View return Tamper( s b )

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 UNIQUENESS: A NECESSARY PROPERTY 23 Both ( C 1,C 2 ) and ( C 1,C 2 ‘ ) are valid  Why necessary ? 1.f 1 always replaces T 1 with C 1 2.f 2 checks if T 2 [i] = 0, then replaces T 2 with C 2 else replaces T 2 with C 2 ‘ Otherwise suppose ∃ Recovers T 2 (f 1, f 2 ) After knowing T 2: 3. f 1 hard-code T 2 and decode s ← Dec ( T 1,T 2 ). 4. Depending on s f 1 leaves it same or tampers– leaks 1 bit. Exsiting [LL12] construction does not satisfy Corollary: Information theoretic CNMC (split- state) is impossible.

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 EXTRACTABILITY: ANOTHER PROPERTY 24 f1f1 f1f1 s C1C1 C2C2 f2f2 f2f2 C1*C1* C2*C2* Enc Extract C 2 ** If C 1 *≠ C 1 then it is possible to extract C 2 ** (if exists) such that ( C 1 *, C 2 ** ) is valid. Extractability Uniqueness + Extractability Our Construction Necessary ? We don’t know.

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 OUR CONSTRUCTION: INTUITIONS 25 C2*C2* C2C2 C1C1 f1f1 f2f2 Uniqueness: C 2 **= C 2 * w.h.p. C 2 ** Extract (f 1, f 2 ) C1*C1* Decode s* Apriori known to adv.

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH Result-2 Efficient Non-Malleable Codes for poly-size tampering circuits Based on a joint work with: Sebastian Faust, Daniele Venturi and Daniel Wichs [To appear in Eurocrypt 2014]

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 RECALL: LIMITATION AND POSSIBILITY 27  Answer: NO! because F eff contains all efficient ( Enc,Dec )

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 EFFICIENT & GLOBAL NON-MALLEABLE CODES 28 Main Result: “The next best thing” P Choose param t based on P t f 2 F  What does it mean ?

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 THE CONSTRUCTION 29 Encoding h1h1 h2h2 r ← D R s h1(r)h1(r) z Decoding Both of seed size t input output

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 SOME INTUITIONS 30 recall  Our codeword has format: C= (, h 2 ( ) )  f can not compute h 2 but can leak some bits of

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 CONCLUSIONS AND FUTURE WORKS  We mainly explored non-malleable codes in two separate directions.  Thus far NMC is only used to protect against memory- tampering. (We strengthen the model in Result-1)  Future Works:  Can we use NMC also to protect against computation? -  Leakage and Tamper resilient RAM !  Other uses of NMC ? - E.g. Non-malleable commitments/ Encryptions. – General abstraction of non-malleability.  Improving the existing NMC. 31

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014 PUBLISHED PAPERS Bounded Tamper Resilience: How to go beyond the Algebraic Barrier. Ivan Damgård, Sebastian Faust, Pratyay Mukherjee, Daniele Venturi In ASIACRYPT Contnuous Non-Malleable Codes. Sebastian Faust, Pratyay Mukherjee, Jesper Buus Nielsen, Daniele Venturi In TCC Efficient Non-Malleable Codes and Key-derivations for poly-size tampering circuits. Sebastian Faust, Pratyay Mukherjee, Daniele Venturi, Daniel Wichs To appear in EUROCRYPT This talk

AARHUS UNIVERSITY PRATYAY MUKHERJEE NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH Thank You ! Question(s) ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.