662 research outputs found
Continuously non-malleable codes with split-state refresh
Non-malleable codes for the split-state model allow to encode a message into two parts, such that arbitrary independent tampering on each part, and subsequent decoding of the corresponding modified codeword, yields either the same as the original message, or a completely unrelated value. Continuously non-malleable codes further allow to tolerate an unbounded (polynomial) number of tampering attempts, until a decoding error happens. The drawback is that, after an error happens, the system must self-destruct and stop working, otherwise generic attacks become possible. In this paper we propose a solution to this limitation, by leveraging a split-state refreshing procedure. Namely, whenever a decoding error happens, the two parts of an encoding can be locally refreshed (i.e., without any interaction), which allows to avoid the self-destruct mechanism. An additional feature of our security model is that it captures directly security against continual leakage attacks. We give an abstract framework for building such codes in the common reference string model, and provide a concrete instantiation based on the external Diffie-Hellman assumption. Finally, we explore applications in which our notion turns out to be essential. The first application is a signature scheme tolerating an arbitrary polynomial number of split-state tampering attempts, without requiring a self-destruct capability, and in a model where refreshing of the memory happens only after an invalid output is produced. This circumvents an impossibility result from a recent work by Fuijisaki and Xagawa (Asiacrypt 2016). The second application is a compiler for tamper-resilient RAM programs. In comparison to other tamper-resilient compilers, ours has several advantages, among which the fact that, for the first time, it does not rely on the self-destruct feature
A Tamper and Leakage Resilient von Neumann Architecture
We present a universal framework for tamper and leakage resilient computation on a von
Neumann Random Access Architecture (RAM in short). The RAM has one CPU that accesses
a storage, which we call the disk. The disk is subject to leakage and tampering. So is the bus
connecting the CPU to the disk. We assume that the CPU is leakage and tamper-free. For
a fixed value of the security parameter, the CPU has constant size. Therefore the code of the
program to be executed is stored on the disk, i.e., we consider a von Neumann architecture. The
most prominent consequence of this is that the code of the program executed will be subject to
tampering.
We construct a compiler for this architecture which transforms any keyed primitive into a
RAM program where the key is encoded and stored on the disk along with the program to
evaluate the primitive on that key. Our compiler only assumes the existence of a so-called
continuous non-malleable code, and it only needs black-box access to such a code. No further
(cryptographic) assumptions are needed. This in particular means that given an information
theoretic code, the overall construction is information theoretic secure.
Although it is required that the CPU is tamper and leakage proof, its design is independent
of the actual primitive being computed and its internal storage is non-persistent, i.e., all secret
registers are reset between invocations. Hence, our result can be interpreted as reducing the
problem of shielding arbitrary complex computations to protecting a single, simple yet universal
component
Efficient public-key cryptography with bounded leakage and tamper resilience
We revisit the question of constructing public-key encryption and signature schemes with security in the presence of bounded leakage and tampering memory attacks. For signatures we obtain the first construction in the standard model; for public-key encryption we obtain the first construction free of pairing (avoiding non-interactive zero-knowledge proofs). Our constructions are based on generic building blocks, and, as we show, also admit efficient instantiations under fairly standard number-theoretic assumptions.
The model of bounded tamper resistance was recently put forward by Damgård et al. (Asiacrypt 2013) as an attractive path to achieve security against arbitrary memory tampering attacks without making hardware assumptions (such as the existence of a protected self-destruct or key-update mechanism), the only restriction being on the number of allowed tampering attempts (which is a parameter of the scheme). This allows to circumvent known impossibility results for unrestricted tampering (Gennaro et al., TCC 2010), while still being able to capture realistic tampering attack
Quantum Cryptography Beyond Quantum Key Distribution
Quantum cryptography is the art and science of exploiting quantum mechanical
effects in order to perform cryptographic tasks. While the most well-known
example of this discipline is quantum key distribution (QKD), there exist many
other applications such as quantum money, randomness generation, secure two-
and multi-party computation and delegated quantum computation. Quantum
cryptography also studies the limitations and challenges resulting from quantum
adversaries---including the impossibility of quantum bit commitment, the
difficulty of quantum rewinding and the definition of quantum security models
for classical primitives. In this review article, aimed primarily at
cryptographers unfamiliar with the quantum world, we survey the area of
theoretical quantum cryptography, with an emphasis on the constructions and
limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference
Input-shrinking functions: theory and application
In this thesis, we contribute to the emerging field of the Leakage-Resilient Cryptography by studying the problem of secure data storage on hardware that may
leak information, introducing a new primitive, a leakage-resilient storage, and showing two different constructions of such storage scheme provably secure against a class of
leakage functions that can depend only on some restricted part of the memory and against a class of computationally weak leakage functions, e.g. functions computable by small circuits,
respectively.
Our results come with instantiations and analysis of concrete parameters.
Furthermore, as second contribution, we present our implementation in C programming language, using the cryptographic library of the OpenSSL project, of a two-party Authenticated Key
Exchange (AKE) protocol, which allows a client and a server, who share a huge secret file, to securely compute a shared key, providing client-to-server authentication, also in the presence of active attackers.
Following the work of Cash et al. (TCC 2007), we based our construction on a Weak Key Exchange (WKE) protocol, developed in the BRM, and a Password-based Authenticated Key
Exchange (PAKE) protocol secure in the Universally Composable (UC) framework.
The WKE protocol showed by Cash et al. uses an explicit construction of averaging sampler, which uses less random bits than the random choice but does not seem to be
efficiently implementable in practice.
In this thesis, we propose a WKE protocol similar but simpler than that one of Cash et al.: our protocol uses more randomness than the Cash et al.'s one, as it simply uses random
choice instead of averaging sampler, but we are able to show an efficient implementation of it.
Moreover, we formally adapt the security analysis of the WKE protocol of Cash et al. to our WKE protocol.
To complete our AKE protocol, we implement the PAKE protocol showed secure in the UC framework by Abdalla et al. (CT-RSA 2008), which is more efficient than the Canetti et al.'s UC-PAKE protocol (EuroCrypt 2005) used in Cash et al.'s work.
In our implementation of the WKE protocol, to achieve small constant communication complexity and amount of randomness, we rely on the Random Oracle (RO) model.
However, we would like to note that in our implementation of the AKE protocol we need also a UC-PAKE protocol which already relies on RO, as it is impossible to achieve UC-PAKE in the
standard model.
In our work we focus not only on the theoretical aspects of the area, providing formal models and proofs, but also on the practical ones, analyzing instantiations, concrete parameters
and implementation of the proposed solutions, to contribute to bridge the gap between theory and practice in this field
- …