14 research outputs found
Cryptographic techniques for hardware security
Traditionally, cryptographic algorithms are designed under the so-called black-box model, which considers adversaries that receive black-box access to the hardware implementation. Although a "black-box" treatment covers a wide range of attacks, it fails to capture reality adequately, as real-world adversaries can exploit physical properties of the implementation, mounting attacks that enable unexpected, non-black-box access, to the components of the cryptographic system. This type of attacks is widely known as physical attacks, and has proven to be a significant threat to the real-world security of cryptographic systems. The present dissertation is (partially) dealing with the problem of protecting cryptographic memory against physical attacks, via the use of non-malleable codes, which is a notion introduced in a preceding work, aiming to provide privacy of the encoded data, in the presence of adversarial faults. In the present thesis we improve the current state-of-the-art on non-malleable codes and we provide practical solutions for protecting real-world cryptographic implementations against physical attacks. Our study is primarily focusing on the following adversarial models: (i) the extensively studied split-state model, which assumes that private memory splits into two parts, and the adversary tampers with each part, independently, and (ii) the model of partial functions, which is introduced by the current thesis, and models adversaries that access arbitrary subsets of codeword locations, with bounded cardinality. Our study is comprehensive, covering one-time and continuous, attacks, while for the case of partial functions, we manage to achieve a stronger notion of security, that we call non-malleability with manipulation detection, that in addition to privacy, it also guarantees integrity of the private data. It should be noted that, our techniques are also useful for the problem of establishing, private, keyless communication, over adversarial communication channels. Besides physical attacks, another important concern related to cryptographic hardware security, is that the hardware fabrication process is assumed to be trusted. In reality though, when aiming to minimize the production costs, or whenever access to leading-edge manufacturing facilities is required, the fabrication process requires the involvement of several, potentially malicious, facilities. Consequently, cryptographic hardware is susceptible to the so-called hardware Trojans, which are hardware components that are maliciously implanted to the original circuitry, having as a purpose to alter the device's functionality, while remaining undetected. Part of the present dissertation, deals with the problem of protecting cryptographic hardware against Trojan injection attacks, by (i) proposing a formal model for assessing the security of cryptographic hardware, whose production has been partially outsourced to a set of untrusted, and possibly malicious, manufacturers, and (ii) by proposing a compiler that transforms any cryptographic circuit, into another, that can be securely outsourced
Tamper Resilient Circuits: The Adversary at the Gates
We initiate the investigation of {\em gate}-tampering attacks against
cryptographic circuits. Our model is motivated by the plausibility of
tampering directly with circuit gates and by the increasing use of {\em tamper
resilient gates} among the known constructions that are shown to be resilient
against {\em wire-tampering} adversaries. We prove that gate-tampering is {\em
strictly} stronger than wire-tampering. On the one hand, we show that there is
a gate-tampering strategy that perfectly simulates any given wire-tampering
strategy. On the other, we construct families of circuits over which it is
impossible for any wire-tampering attacker to simulate a certain gate-tampering
attack (that we explicitly construct). We also provide a tamper resilience
impossibility result that applies to both gate and wire tampering adversaries
and relates the amount of tampering to the depth of the circuit. Finally, we
show that defending against gate-tampering attacks is feasible by appropriately
abstracting and analyzing the circuit compiler of Ishai et al.
\cite{Ishai:2006a} in a manner which may be of independent interest.
Specifically, we first introduce a class of compilers that, assuming certain
well defined tamper resilience characteristics against a specific class of
attackers, can be shown to produce tamper resilient circuits against that
same class of attackers. Then, we describe a compiler in this class for which
we prove that it possesses the necessary tamper-resilience characteristics
against gate-tampering attackers
(Continuous) Non-malleable Codes for Partial Functions with Manipulation Detection and Light Updates
<br/
Fork-Resilient Continuous Group Key Agreement
Continuous Group Key Agreement (CGKA) lets a evolving group of clients agree on a sequence of group keys. An important application of CGKA is scalable asynchronous end-to-end (E2E) encrypted group messaging.
A major problem preventing the use of CGKA over unreliable infrastructure are so-called forks. A fork occurs when group members have diverging views of the group\u27s history (and thus its current state); e.g. due to network or server failures. Once communication channels are restored, members resolve a fork by agreeing on the state of the group again. Today\u27s CGKA protocols make fork resolution challenging, as natural resolution strategies seem to conflict with the way the protocols enforce group state agreement and forward secrecy. Meanwhile, secure group messaging protocols which do support fork resolution do not scale nearly as well as CGKA does.
In this work, we pave the way to practical scalable E2E messaging over unreliable infrastructure. To that end, we generalize CGKA to Fork Resilient-CGKA which allows clients to process significantly more types of out-of-order network traffic. This is important for many natural fork resolution procedures as they are based, in part, on replaying missed traffic. Next, we give two FR-CGKA constructions: a practical one based on the CGKA underlying the MLS messaging standard and an optimally secure one (albeit with only theoretical efficiency). To further assist with fork resolution, we introduce a simple new abstraction to describe a client\u27s local protocol state. The abstraction describes all and only the information relevant to natural fork resolution, making it easier for higher-level fork resolution procedures to work with and reason about. We define a black-box extension of an FR-CGKA which maintains such a description of a client\u27s internal state. Finally, as a proof of concept, we give a basic fork resolution protocol
Practical Non-Malleable Codes from -more Extractable Hash Functions
In this work, we significantly improve the efficiency of non-malleable codes in the split state model, by constructing a code with codeword length , where is the length of the message, and is the security parameter. This is a substantial improvement over previous constructions, both asymptotically and concretely.
Our construction relies on a new primitive which we define and study, called
-more extractable hash functions. This notion, which may be of
independent interest, guarantees that any adversary that is given access to
precomputed hash values , and
produces a new valid hash value , then it must know a pre-image of
. This is a stronger notion that the one by Bitansky et al. (Eprint
\u2711) and Goldwasser et al. (ITCS \u2712, Eprint \u2714), which considers adversaries
that get no access to precomputed hash values prior to producing their own
value. By appropriately relaxing the extractability requirement
(without hurting the applicability of the primitive)
we instantiate -more extractable hash functions under the same
assumptions used for the previous extractable hash functions by Bitansky et al. and Goldwasser et al. (a variant of the
Knowledge of Exponent Assumption)
Leakage Resilient l-more Extractable Hash and Applications to Non-Malleable Cryptography
-more extractable hash functions were introduced by Kiayias et al. (CCS \u2716) as a strengthening of extractable hash functions by Goldwasser et al. (Eprint \u2711) and Bitansky et al. (ITCS \u2712, Eprint \u2714). In this work, we define and study an even stronger notion of leakage-resilient -more extractable hash functions, and instantiate the notion under the same assumptions used by Kiayias et al. and Bitansky et al. In addition, we prove that any hash function that can be modeled as a Random Oracle (RO) is leakage resilient -more extractable, while it is however, not extractable according to the definition by Goldwasser et al. and Bitansky et al., showing a separation of the notions.
We show that this tool has many interesting applications to non-malleable cryptography. Particularly, we can derive efficient, continuously non-malleable, leakage-resilient codes against split-state attackers (TCC \u2714), both in the CRS and the RO model. Additionally, we can obtain succinct non-interactive non-malleable commitments both in the CRS and the RO model, satisfying a stronger definition than the prior ones by Crescenzo et al. (STOC \u2798), and Pass and Rosen (STOC \u2705), in the sense that the simulator does not require access to the original message, while the attacker\u27s auxiliary input is allowed to depend on it
Non-Malleable Codes for Partial Functions with Manipulation Detection
Non-malleable codes were introduced by Dziembowski, Pietrzak and Wichs (ICS
\u2710) and its main application is the protection of cryptographic devices
against tampering attacks on memory. In this work, we initiate a comprehensive
study on non-malleable codes for the class of partial functions, that
read/write on an arbitrary subset of codeword bits with specific cardinality.
Our constructions are efficient in terms of information rate, while allowing
the attacker to access asymptotically almost the entire codeword. In addition,
they satisfy a notion which is stronger than non-malleability, that we call
non-malleability with manipulation detection, guaranteeing that any modified
codeword decodes to either the original message or to . Finally, our
primitive implies All-Or-Nothing Transforms (AONTs) and as a result our
constructions yield efficient AONTs under standard assumptions (only one-way
functions), which, to the best of our knowledge, was an open question until
now. In addition to this, we present a number of additional applications of
our primitive in tamper resilience
Modular Design of Secure Group Messaging Protocols and the Security of MLS
The Messaging Layer Security (MLS) project is an IETF effort aiming to establish an industry-
wide standard for secure group messaging (SGM). Its development is supported by several major
secure-messaging providers (with a combined user base in the billions) and a growing body of
academic research.
MLS has evolved over many iterations to become a complex, non-trivial, yet relatively
ad-hoc cryptographic protocol. In an effort to tame its complexity and build confidence in
its security, past analyses of MLS have restricted themselves to sub-protocols of MLS—most
prominently a type of sub-protocol embodying so-called continuous group key agreement (CGKA).
However, to date the task of proving or even defining the security of the full MLS protocol has
been left open.
In this work, we fill in this missing piece. First, we formally capture the security of SGM
protocols by defining a corresponding security game, which is parametrized by a safety predicate
that characterizes the exact level of security achieved by a construction. Then, we cast MLS as
an SGM protocol, showing how to modularly build it from the following three main components
(and some additional standard cryptographic primitives) in a black-box fashion: (a) CGKA, (b)
forward-secure group AEAD (FS-GAEAD), which is a new primitive and roughly corresponds
to an “epoch” of group messaging, and (c) a so-called PRF-PRNG, which is a two-input hash
function that is a pseudorandom function (resp. generator with input) in its first (resp. second)
input. Crucially, the security predicate for the SGM security of MLS can be expressed purely as
a function of the security predicates of the underlying primitives, which allows to swap out any of
the components and immediately obtain a security statement for the resulting SGM construction.
Furthermore, we provide instantiations of all component primitives, in particular of CGKA with
MLS’s TreeKEM sub-protocol (which we prove adaptively secure) and of FS-GAEAD with a
novel construction (which has already been adopted by MLS).
Along the way we introduce a collection of new techniques, primitives, and results with
applications to other SGM protocols and beyond. For example, we extend the Generalized
Selective Decryption proof technique (which is central in CGKA literature) and prove adaptive
security for another (practical) more secure CGKA protocol called RTreeKEM (Alwen et al.,
CRYPTO ’20). The modularity of our approach immediately yields a corollary characterizing
the security of an SGM construction using RTreeKEM