185 research outputs found
μ‘μν€λ₯Ό κ°μ§λ μ μκΈ°λ° λνμνΈμ κ΄ν μ°κ΅¬
Get PDFνμλ
Όλ¬Έ(λ°μ¬)--μμΈλνκ΅ λνμ :μμ°κ³Όνλν μ리과νλΆ,2020. 2. μ²μ ν¬.ν΄λΌμ°λ μμ λ°μ΄ν° λΆμ μμ μλ리μ€λ λνμνΈμ κ°μ₯ ν¨κ³Όμ μΈ μμ© μλλ¦¬μ€ μ€ νλμ΄λ€. κ·Έλ¬λ, λ€μν λ°μ΄ν° μ 곡μμ λΆμκ²°κ³Ό μꡬμκ° μ‘΄μ¬νλ μ€μ νμ€μ λͺ¨λΈμμλ κΈ°λ³Έμ μΈ μ볡νΈνμ λν μ°μ° μΈμλ μ¬μ ν ν΄κ²°ν΄μΌ ν κ³Όμ λ€μ΄ λ¨μμλ μ€μ μ΄λ€. λ³Έ νμλ
Όλ¬Έμμλ μ΄λ¬ν λͺ¨λΈμμ νμν μ¬λ¬ μꡬμ¬νλ€μ ν¬μ°©νκ³ , μ΄μ λν ν΄κ²°λ°©μμ λ
Όνμλ€.
λ¨Όμ , κΈ°μ‘΄μ μλ €μ§ λν λ°μ΄ν° λΆμ μ루μ
λ€μ λ°μ΄ν° κ°μ μΈ΅μλ μμ€μ κ³ λ €νμ§ λͺ»νλ€λ μ μ μ°©μνμ¬, μ μκΈ°λ° μνΈμ λνμνΈλ₯Ό κ²°ν©νμ¬ λ°μ΄ν° μ¬μ΄μ μ κ·Ό κΆνμ μ€μ νμ¬ ν΄λΉ λ°μ΄ν° μ¬μ΄μ μ°μ°μ νμ©νλ λͺ¨λΈμ μκ°νμλ€. λν μ΄ λͺ¨λΈμ ν¨μ¨μ μΈ λμμ μν΄μ λνμνΈ μΉνμ μΈ μ μκΈ°λ° μνΈμ λνμ¬ μ°κ΅¬νμκ³ , κΈ°μ‘΄μ μλ €μ§ NTRU κΈ°λ°μ μνΈλ₯Ό νμ₯νμ¬ module-NTRU λ¬Έμ λ₯Ό μ μνκ³ μ΄λ₯Ό κΈ°λ°μΌλ‘ ν μ μκΈ°λ° μνΈλ₯Ό μ μνμλ€.
λμ§Έλ‘, λνμνΈμ 볡νΈν κ³Όμ μλ μ¬μ ν λΉλ°ν€κ° κ΄μ¬νκ³ μκ³ , λ°λΌμ λΉλ°ν€ κ΄λ¦¬ λ¬Έμ κ° λ¨μμλ€λ μ μ ν¬μ°©νμλ€. μ΄λ¬ν μ μμ μ체μ 보λ₯Ό νμ©ν μ μλ 볡νΈν κ³Όμ μ κ°λ°νμ¬ ν΄λΉ κ³Όμ μ λνμνΈ λ³΅νΈνμ μ μ©νμκ³ , μ΄λ₯Ό ν΅ν΄ μ볡νΈνμ λν μ°μ°μ μ κ³Όμ μ μ΄λ κ³³μλ ν€κ° μ μ₯λμ§ μμ μνλ‘ μνν μ μλ μνΈμμ€ν
μ μ μνμλ€.
λ§μ§λ§μΌλ‘, λνμνΈμ ꡬ체μ μΈ μμ μ± νκ° λ°©λ²μ κ³ λ €νμλ€. μ΄λ₯Ό μν΄ λνμνΈκ° κΈ°λ°νκ³ μλ μ΄λ₯Έλ° Learning With Errors (LWE) λ¬Έμ μ μ€μ μ μΈ λν΄μ±μ λ©΄λ°ν λΆμνμκ³ , κ·Έ κ²°κ³Ό κΈ°μ‘΄μ 곡격 μκ³ λ¦¬μ¦λ³΄λ€ νκ· μ μΌλ‘ 1000λ°° μ΄μ λΉ λ₯Έ 곡격 μκ³ λ¦¬μ¦λ€μ κ°λ°νμλ€. μ΄λ₯Ό ν΅ν΄ νμ¬ μ¬μ©νκ³ μλ λνμνΈ νλΌλ―Έν°κ° μμ νμ§ μμμ 보μκ³ , μλ‘μ΄ κ³΅κ²© μκ³ λ¦¬μ¦μ ν΅ν νλΌλ―Έν° μ€μ λ°©λ²μ λν΄μ λ
Όνμλ€.Secure data analysis delegation on cloud is one of the most powerful application that homomorphic encryption (HE) can bring. As the technical level of HE arrive at practical regime, this model is also being considered to be a more serious and realistic paradigm. In this regard, this increasing attention requires more versatile and secure model to deal with much complicated real world problems.
First, as real world modeling involves a number of data owners and clients, an authorized control to data access is still required even for HE scenario. Second, we note that although homomorphic operation requires no secret key, the decryption requires the secret key. That is, the secret key management concern still remains even for HE. Last, in a rather fundamental view, we thoroughly analyze the concrete hardness of the base problem of HE, so-called Learning With Errors (LWE). In fact, for the sake of efficiency, HE exploits a weaker variant of LWE whose security is believed not fully understood.
For the data encryption phase efficiency, we improve the previously suggested NTRU-lattice ID-based encryption by generalizing the NTRU concept into module-NTRU lattice. Moreover, we design a novel method that decrypts the resulting ciphertext with a noisy key. This enables the decryptor to use its own noisy source, in particular biometric, and hence fundamentally solves the key management problem. Finally, by considering further improvement on existing LWE solving algorithms, we propose new algorithms that shows much faster performance. Consequently, we argue that the HE parameter choice should be updated regarding our attacks in order to maintain the currently claimed security level.1 Introduction 1
1.1 Access Control based on Identity 2
1.2 Biometric Key Management 3
1.3 Concrete Security of HE 3
1.4 List of Papers 4
2 Background 6
2.1 Notation 6
2.2 Lattices 7
2.2.1 Lattice Reduction Algorithm 7
2.2.2 BKZ cost model 8
2.2.3 Geometric Series Assumption (GSA) 8
2.2.4 The Nearest Plane Algorithm 9
2.3 Gaussian Measures 9
2.3.1 Kullback-Leibler Divergence 11
2.4 Lattice-based Hard Problems 12
2.4.1 The Learning With Errors Problem 12
2.4.2 NTRU Problem 13
2.5 One-way and Pseudo-random Functions 14
3 ID-based Data Access Control 16
3.1 Module-NTRU Lattices 16
3.1.1 Construction of MNTRU lattice and trapdoor 17
3.1.2 Minimize the Gram-Schmidt norm 22
3.2 IBE-Scheme from Module-NTRU 24
3.2.1 Scheme Construction 24
3.2.2 Security Analysis by Attack Algorithms 29
3.2.3 Parameter Selections 31
3.3 Application to Signature 33
4 Noisy Key Cryptosystem 36
4.1 Reusable Fuzzy Extractors 37
4.2 Local Functions 40
4.2.1 Hardness over Non-uniform Sources 40
4.2.2 Flipping local functions 43
4.2.3 Noise stability of predicate functions: Xor-Maj 44
4.3 From Pseudorandom Local Functions 47
4.3.1 Basic Construction: One-bit Fuzzy Extractor 48
4.3.2 Expansion to multi-bit Fuzzy Extractor 50
4.3.3 Indistinguishable Reusability 52
4.3.4 One-way Reusability 56
4.4 From Local One-way Functions 59
5 Concrete Security of Homomorphic Encryption 63
5.1 Albrecht's Improved Dual Attack 64
5.1.1 Simple Dual Lattice Attack 64
5.1.2 Improved Dual Attack 66
5.2 Meet-in-the-Middle Attack on LWE 69
5.2.1 Noisy Collision Search 70
5.2.2 Noisy Meet-in-the-middle Attack on LWE 74
5.3 The Hybrid-Dual Attack 76
5.3.1 Dimension-error Trade-o of LWE 77
5.3.2 Our Hybrid Attack 79
5.4 The Hybrid-Primal Attack 82
5.4.1 The Primal Attack on LWE 83
5.4.2 The Hybrid Attack for SVP 86
5.4.3 The Hybrid-Primal attack for LWE 93
5.4.4 Complexity Analysis 96
5.5 Bit-security estimation 102
5.5.1 Estimations 104
5.5.2 Application to PKE 105
6 Conclusion 108
Abstract (in Korean) 120Docto
Commitment and Oblivious Transfer in the Bounded Storage Model with Errors
Get PDFThe bounded storage model restricts the memory of an adversary in a
cryptographic protocol, rather than restricting its computational power, making
information theoretically secure protocols feasible. We present the first
protocols for commitment and oblivious transfer in the bounded storage model
with errors, i.e., the model where the public random sources available to the
two parties are not exactly the same, but instead are only required to have a
small Hamming distance between themselves. Commitment and oblivious transfer
protocols were known previously only for the error-free variant of the bounded
storage model, which is harder to realize
Trapdoor Computational Fuzzy Extractors and Stateless Cryptographically-Secure Physical Unclonable Functions
Get PDFWe present a fuzzy extractor whose security can be reduced to the hardness of Learning Parity with Noise (LPN) and can efficiently correct a constant fraction of errors in a biometric source with a ``noise-avoiding trapdoor. Using this computational fuzzy extractor,
we present a stateless construction of a cryptographically-secure Physical Unclonable Function. Our construct requires no non-volatile (permanent) storage, secure or otherwise, and its computational security can be reduced to the hardness of an LPN variant under the random oracle model. The construction is ``stateless,\u27\u27 because there is \emph{no} information stored between subsequent queries, which mitigates attacks against the PUF via tampering. Moreover, our stateless construction corresponds to a PUF whose outputs are free of noise because of internal error-correcting capability, which enables a host of applications beyond authentication. We describe the construction, provide a proof of computational security, analysis of the security parameter for system parameter choices, and present experimental evidence that the construction is practical and reliable under a wide environmental range
Securing Systems with Scarce Entropy: LWE-Based Lossless Computational Fuzzy Extractor for the IoT
Get PDFWith the advent of the Internet of Things, lightweight devices necessitate secure and cost-efficient key storage.
Since traditional secure key storage is expensive, novel solutions have been developed based on the idea of deriving the key from noisy entropy sources.
Such sources when combined with fuzzy extractors allow cryptographically strong key derivation.
Information theoretic fuzzy extractors require large amounts of input entropy to account for entropy loss in the key extraction process.
It has been shown by Fuller \textit{et al.}~(ASIACRYPT\u2713) that the entropy loss can be reduced if the requirement is relaxed to computational security based on the hardness of the Learning with Errors problem.
Using this computational fuzzy extractor, we show how to construct a device-server authentication system providing outsider chosen perturbation security and pre-application robustness.
We present the first implementation of a \emph{lossless} computational fuzzy extractor where the entropy of the source equals the entropy of the key on a constrained device.
The implementation needs only 1.45KB of SRAM and 9.8KB of Flash memory on an 8-bit microcontroller.
Furthermore, we also show how a device-server authentication system can be constructed and efficiently implemented in our system.
We compare our implementation to existing work in terms of security, while achieving no entropy loss
Strong key derivation from noisy sources
Get PDFA shared cryptographic key enables strong authentication. Candidate sources for creating such a shared key include biometrics and physically unclonable functions. However, these sources come with a substantial problem: noise in repeated readings.
A fuzzy extractor produces a stable key from a noisy source. It consists of two stages. At enrollment time, the generate algorithm produces a key from an initial reading of the source. At authentication time, the reproduce algorithm takes a repeated but noisy reading of the source, yielding the same key when the two readings are close. For many sources of practical importance, traditional fuzzy extractors provide no meaningful security guarantee.
This dissertation improves key derivation from noisy sources. These improvements stem from three observations about traditional fuzzy extractors.
First, the only property of a source that standard fuzzy extractors use is the entropy in the original reading. We observe that additional structural information about the source can facilitate key derivation.
Second, most fuzzy extractors work by first recovering the initial reading from the noisy reading (known as a secure sketch). This approach imposes harsh limitations on the length of the derived key. We observe that it is possible to produce a consistent key without recovering the original reading of the source.
Third, traditional fuzzy extractors provide information-theoretic security. However, security against computationally bounded adversaries is sufficient. We observe fuzzy extractors providing computational security can overcome limitations of traditional approaches.
The above observations are supported by negative results and constructions. As an example, we combine all three observations to construct a fuzzy extractor achieving properties that have eluded prior approaches. The construction remains secure even when the initial enrollment phase is repeated multiple times with noisy readings. Furthermore, for many practical sources, reliability demands that the tolerated noise is larger than the entropy of the original reading. The construction provides security for sources of this type by utilizing additional source structure, producing a consistent key without recovering the original reading, and providing computational security
Secure Boot and Remote Attestation in the Sanctum Processor
Get PDFDuring the secure boot process for a trusted execution environment, the processor must provide a chain of certificates to the remote client demonstrating that their secure container was established as specified. This certificate chain is rooted at the hardware manufacturer who is responsible for constructing chips according to the correct specification and provisioning them with key material. We consider a semi-honest manufacturer who is assumed to construct chips correctly, but may attempt to obtain knowledge of client private keys during the process.
Using the RISC-V Rocket chip architecture as a base, we design, document, and implement an attested execution processor that does not require secure non-volatile memory, nor a private key explicitly assigned by the manufacturer. Instead, the processor derives its cryptographic identity from manufacturing variation measured by a Physical Unclonable Function (PUF). Software executed by a bootloader built into the processor transforms the PUF output into an elliptic curve key pair. The (re)generated private key is used to sign trusted portions of the boot image, and is immediately destroyed. The platform can therefore provide attestations about its state to remote clients. Reliability and security of PUF keys are ensured through the use of a trapdoor computational fuzzy extractor.
We present detailed evaluation results for secure boot and attestation by a client of a Rocket chip implementation on a Xilinx Zynq 7000 FPGA
- β¦
