Big-Key Symmetric Encryption: Resisting Key Exfiltration

This paper aims to move research in the bounded retrieval model BRM from theory to practice by considering symmetric rather than public-key encryption, giving efficient schemes, and providing security analyses with sharp, concrete bounds. The threat addressed is malware that aims to exfiltrate a user's key. Our schemes aim to thwart this by using an enormously long key, yet paying for this almost exclusively in storage cost, not speed. Our main result is a general-purpose lemma, the subkey prediction lemma, that gives a very good bound on an adversary's ability to guess a modest length subkey of a big-key, the subkey consisting of the bits of the big-key found at random, specified locations, after the adversary has exfiltrated partial information about the big-key e.g., half as many bits as the big-key is long. We then use this to design a new kind of key encapsulation mechanism, and, finally, a symmetric encryption scheme. Both are in the random-oracle model. We also give a less efficient standard-model scheme that is based on universal computational extractors UCE. Finally, we define and achieve hedged BRM symmetric encryption, which provides authenticity in the absence of leakage.

[1]  Pooya Farshim,et al.  Indistinguishability Obfuscation and UCEs: The Case of Computationally Unpredictable Sources , 2014, IACR Cryptol. ePrint Arch..

[2]  Yonatan Aumann,et al.  Information Theoretically Secure Communication in the Limited Storage Space Model , 1999, CRYPTO.

[3]  Mihir Bellare,et al.  Instantiating Random Oracles via UCEs , 2013, IACR Cryptol. ePrint Arch..

[4]  Yonatan Aumann,et al.  Everlasting security in the bounded storage model , 2002, IEEE Trans. Inf. Theory.

[5]  Avi Wigderson,et al.  Extracting Randomness via Repeated Condensing , 2006, SIAM J. Comput..

[6]  SeongHan Shin,et al.  Leakage-Resilient Authenticated Key Establishment Protocols , 2003, ASIACRYPT.

[7]  Richard J. Lipton,et al.  Protecting Secret Data from Insider Attacks , 2005, Financial Cryptography.

[8]  Bruce Schneier,et al.  Authenticating Secure Tokens Using Slow Memory Access , 1999, Smartcard.

[9]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[10]  David Cash,et al.  Intrusion-Resilient Key Exchange in the Bounded Retrieval Model , 2007, TCC.

[11]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[12]  Ran Raz,et al.  On recycling the randomness of states in space bounded computation , 1999, STOC '99.

[13]  Yevgeniy Dodis,et al.  Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model , 2009, CRYPTO.

[14]  Giovanni Di Crescenzo,et al.  Perfectly Secure Password Protocols in the Bounded Retrieval Model , 2006, TCC.

[15]  Stefan Dziembowski,et al.  Intrusion-Resilience Via the Bounded-Storage Model , 2006, TCC.

[16]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[17]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[18]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[19]  Salil P. Vadhan,et al.  Constructing Locally Computable Extractors and Cryptosystems in the Bounded-Storage Model , 2003, Journal of Cryptology.

[20]  Ueli Maurer,et al.  Optimal Randomizer Efficiency in the Bounded-Storage Model , 2003, Journal of Cryptology.

[21]  Ueli Maurer,et al.  Unconditional Security Against Memory-Bounded Adversaries , 1997, CRYPTO.

[22]  Chi-Jen Lu,et al.  Hyper-encryption against Space-Bounded Adversaries from On-Line Strong Extractors , 2002, CRYPTO.

[23]  Yael Tauman Kalai,et al.  On cryptography with auxiliary input , 2009, STOC '09.

[24]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[25]  Moni Naor,et al.  Public-Key Encryption in the Bounded-Retrieval Model , 2010, EUROCRYPT.

[26]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[27]  Shai Halevi,et al.  After-the-Fact Leakage in Public-Key Encryption , 2011, IACR Cryptol. ePrint Arch..

[28]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[29]  Yevgeniy Dodis,et al.  Randomness Condensers for Efficiently Samplable, Seed-Dependent Sources , 2012, TCC.

[30]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[31]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[32]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[33]  Kenneth G. Paterson,et al.  Security of Symmetric Encryption against Mass Surveillance , 2014, IACR Cryptol. ePrint Arch..