Presentation is loading. Please wait.

Presentation is loading. Please wait.

BiTR: Built-in Tamper Resilience Joint work with Aggelos Kiayias (U. Connecticut) Tal Malkin (Columbia U.) Seung Geol Choi (U. Maryland)

Published byTavion Dory Modified over 9 years ago

Similar presentations

Presentation on theme: "BiTR: Built-in Tamper Resilience Joint work with Aggelos Kiayias (U. Connecticut) Tal Malkin (Columbia U.) Seung Geol Choi (U. Maryland)"— Presentation transcript:

1 BiTR: Built-in Tamper Resilience Joint work with Aggelos Kiayias (U. Connecticut) Tal Malkin (Columbia U.) Seung Geol Choi (U. Maryland)

2 Motivation Traditional cryptography –internal state: inaccessible to the adversary. In reality –Adv may access/affect the internal state –E.g., leaking, tampering Solution? –Make better hardware –Or, make better cryptography

3 In this work Focus on tampering hardware tokens In the universal composability framework

4 Modeling Tamper-Resilient Tokens in UC

5 Tamper-Proof Tokens [Katz07] Ideal functionality Create Forge ! Run …. Run

6 Tamperable Tokens Introduce new functionality Create ! Run Forge Tamper

7 Built-in Tamper Resilience (BiTR) M is -BiTR –In any environment w/ M deployed as a token, tampering gives no advantage: indistinguishable s.t.

8 Questions Are there BiTR tokens? –Yes, with affine tamperings. UC computation from tamperable tokens? –Generic UC computation from tamper-proof tokens [Katz07] –Yes, with affine tamperings.

9 Affine Tampering Adversary can apply an affine transformation on private data.

10 Schnorr Identification

11 Schnorr-token is affine BiTR

12 UC-secure Computation with Tamperable Tokens

13 Commitment Functionality m open ! m Complete for general UC computation.

14 DPG-commitment DPG: dual-mode parameter generation using hardware tokens Normal mode –Parameter is unconditionally hiding Extraction mode –The scheme becomes extractable commitment.

15 DPG-Commitment from DDH Parameter: Com(b) = Extraction Mode –DH tuple with –Trapdoor r allows extraction Normal Mode –Random tuple –Com is unconditionally hiding.

16 Realizing F mcom from tokens DPG-Parameter: (pS, pR) –S obtains pR, by running R’s token. –R obtains pS, by running S’s token. –exchange pS and pR Commit: (Com(m), dpgCom pS (m), π) –π: WI (same msg) or (pR from ext mode) Reveal: (m, π‘) –π': WI (Com(m)) or (pR: ext mode)

17 UC-security of the scheme The scheme –Commit: (Com(m), dpgCom pS (m), π) π: WI (same msg) or (pR from ext mode) –Reveal: (m, π‘) π': WI (Com(m)) or (pR: ext mode) S*: Make the pS extractable and extract m. R*: Make the pR extractable and equivocate.

18 DPG from tamperable tokens [Katz07] showed DPG-commitment –Unfortunately, the token description is not BiTR. –Our approach: Modify Katz’s scheme to be BiTR.

19 BiTR DPG

20 The protocol is affine BiTR –Similar to the case of Schnorr Compose with a BiTR signature –Okamato signature [Oka06] –In this case, the composition works.

21 Summary BiTR security –Affine BiTR protocols –UC computation from tokens tamperable w/ affin e functions In the paper – Composition of BiTR tokens – BiTR from deterministic non-malleable codes

Download ppt "BiTR: Built-in Tamper Resilience Joint work with Aggelos Kiayias (U. Connecticut) Tal Malkin (Columbia U.) Seung Geol Choi (U. Maryland)"

Similar presentations

Universally Composable Symbolic Analysis of Cryptographic Protocols

Universally Composable Symbolic Analysis of Cryptographic Protocols
Coin Tossing With A Man In The Middle Boaz Barak.

Coin Tossing With A Man In The Middle Boaz Barak.
Course summary COS 433: Crptography -Spring 2010 Boaz Barak.

Course summary COS 433: Crptography -Spring 2010 Boaz Barak.
Yan Huang, David Evans, Jonathan Katz

Yan Huang, David Evans, Jonathan Katz
NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.

NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.
1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.

1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.
Muthuramakrishnan Venkitasubramaniam WORKSHOP: THEORY AND PRACTICE OF SECURE MULTIPARTY COMPUTATION Adaptive UC from New Notions of Non-Malleability Adaptive.

Muthuramakrishnan Venkitasubramaniam WORKSHOP: THEORY AND PRACTICE OF SECURE MULTIPARTY COMPUTATION Adaptive UC from New Notions of Non-Malleability Adaptive.
Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),

Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
1 Analyzing Anonymity Protocols 1.Analyzing onion-routing security 1.Anonymity Analysis of Onion Routing in the Universally Composable Framework in Provable.

1 Analyzing Anonymity Protocols 1.Analyzing onion-routing security 1.Anonymity Analysis of Onion Routing in the Universally Composable Framework in Provable.
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
Slide 1 Vitaly Shmatikov CS 380S Introduction to Zero-Knowledge.

Slide 1 Vitaly Shmatikov CS 380S Introduction to Zero-Knowledge.
TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)

TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
1 An Efficient Strong Key-Insulated Signature Scheme and Its Application 5 th European PKI Workshop June 16-17, 2008 NTNU, Trondheim, Norway Go Ohtake.

1 An Efficient Strong Key-Insulated Signature Scheme and Its Application 5 th European PKI Workshop June 16-17, 2008 NTNU, Trondheim, Norway Go Ohtake.
 Secure Authentication Using Biometric Data Karen Cui.

 Secure Authentication Using Biometric Data Karen Cui.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
Ring Signatures of Sub- linear Size without Random Oracles Nishanth Chandran Jens Groth Amit Sahai University of California Los Angeles TexPoint fonts.

Ring Signatures of Sub- linear Size without Random Oracles Nishanth Chandran Jens Groth Amit Sahai University of California Los Angeles TexPoint fonts.

Similar presentations

Ads by Google