cryptography on non-trusted machines stefan dziembowski
TRANSCRIPT
![Page 1: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/1.jpg)
Cryptography on Non-Trusted Machines
StefanDziembowski
![Page 2: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/2.jpg)
Outline
Introduction
State-of-the-art
Research plan
![Page 3: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/3.jpg)
Idea
Design cryptographic protocols that are secure
even
on the machines that are not fully trusted.
![Page 4: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/4.jpg)
How to construct secure digital systems?
CRYPTO
MACHINE(PC, smartcard, etc.)
very secure
Security based on well-defined mathematical problems.
not secure!
![Page 5: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/5.jpg)
The problem
hard to attack
easy to attack
CRYPTO
MACHINE(PC, smartcard, etc.)
![Page 6: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/6.jpg)
Machines cannot be trusted!
1. Informationleakage
2. Maliciousmodifications
MACHINE(PC, smartcard, etc.)
![Page 7: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/7.jpg)
Relevant scenarios
PCs specialized hardware
malicious software:
• viruses,
• trojan horses.
side-channel attacks:
• power consumption,
• electromagnetic leaks,
• timing information.
MACHINES
. . .
![Page 8: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/8.jpg)
The standard view
CRYPTO
theoreticians
practitioners
MACHINE(PC, smartcard, etc.)
definitions, theorems, security reductions,..
anti-virus software, intrusion detection,
tamper resistance,…
Implementation is not our business!
![Page 9: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/9.jpg)
cryptographicscheme
Our model
(standard) black-box access
additional accessto the internal data
![Page 10: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/10.jpg)
State-of-the-art
![Page 11: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/11.jpg)
virussends
S
to the adversary
Bounded-Retrieval Model
MACHINE (PC)
S?
virus
S
largecryptographic
secret(e.g. a key)
any“bounded-output”
function
h(S)
Idea: protect against the theft of secret data by making the secrets artificially large
![Page 12: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/12.jpg)
Example of a protocol in the Bounded-Retrieval Model
USER’S MACHINE
key S = (S1,...,Sn)a1,…,at
Sa1,…,Sat
• Entity authentication [Dziembowski, TCC 2006]:
Other results:
• Session-key agreement [Dziembowski, TCC 2006],• Secure storage [Dziembowski, CRYPTO 2006],• Secret sharing [Dziembowski and Pietrzak, FOCS 2007].
key S = (S1,...,Sn)
BANK
verifies
![Page 13: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/13.jpg)
Private circuits – the model:
and
or
neg
and and
and
or
or
neg
neg
and
orand and
or neg
MACHINE
the adversary can learn the values on up to t wires
![Page 14: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/14.jpg)
Private circuits – the construction:
[Ishai, Sahai and Wagner, CRYPTO 2003]
circuit C
circuit C’
transformation
the adversary gains
no advantage even if he reads
up to t wires
![Page 15: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/15.jpg)
Research Plan
![Page 16: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/16.jpg)
The general goal
Contribute to creating a new discipline:
“Cryptography on Non-Trusted Machines”
with
solid foundations, and practical impact.
![Page 17: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/17.jpg)
Objectives
1. Extensions of the models
2. New applications and methods
3. Improvement of the previous results
4. Theoretical foundations
![Page 18: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/18.jpg)
Objective 1: Extend (and unify) the existing models
h(S)
“Private circuits”:
• strong results• weaker model
Bounded-RetrievalModel:
• weaker results• strong model
anything in
between?
example:
![Page 19: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/19.jpg)
Objective 2: New methods
can corruptcannot corrupt
human-based methods:example:
![Page 20: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/20.jpg)
Human-based methods – an example
keyboard,screeninternet
non-trusted PC
user(no trusted hardware)
Known method of user authentication:
one-time passwords
drawback: authenticates the user not the transaction!
Can we also authenticate the transaction?
bank
virus
![Page 21: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/21.jpg)
Objective 4: Theoretical foundations
Cryptography has well-known connections to the complexity theory.
“Cryptography on Non-Trusted Machines” provides new connections of these type.
Bounded-Retrieval Model has non-trivial connections to:
1. the theory of compressibility of NP-instances [Dziembowski, CRYPTO 2006], and
2. the theory of round complexity [Dziembowski and Pietrzak, FOCS 2007].
Can these be extended?
![Page 22: Cryptography on Non-Trusted Machines Stefan Dziembowski](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649e615503460f94b5bee7/html5/thumbnails/22.jpg)
Conclusion“Cryptography on Non-Trusted Machines” - a new area with
a big potential.
Dziembowski and Pietrzak Intrusion-Resilient Secret Sharing.FOCS 2007
DziembowskiOn Forward-Secure Storage.CRYPTO 2006
DziembowskiIntrusion-Resilience Via the Bounded-Storage Model.TCC 2006