BiTR: Built-in Tamper Resilience

The assumption of the availability of tamper-proof hardware tokens has been used extensively in the design of cryptographic primitives. For example, Katz (Eurocrypt 2007) suggests them as an alternative to other setup assumptions, towards achieving general UC-secure multi-party computation. On the other hand, a lot of recent research has focused on protecting security of various cryptographic primitives against physical attacks such as leakage and tampering. In this paper we put forward the notion of Built-in Tamper Resilience (BiTR) for cryptographic protocols, capturing the idea that the protocol that is encapsulated in a hardware token is designed in such a way so that tampering gives no advantage to an adversary. Our definition is within the UC model, and can be viewed as unifying and extending several prior related works. We provide a composition theorem for BiTR security of protocols, impossibility results, as well as several BiTR constructions for specific cryptographic protocols or tampering function classes. In particular, we achieve general UC-secure computation based on a hardware token that may be susceptible to affine tampering attacks. We also prove that two existing identification and signature schemes (by Schnorr and Okamoto, respecitively) are already BiTR against affine attacks (without requiring any modification or endcoding). We next observe that non-malleable codes can be used as state encodings to achieve the BiTR property, and show new positive results for deterministic non-malleable encodings for various classes of tampering functions.

[1]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[2]  Amit Sahai,et al.  New Constructions for UC Secure Computation Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[3]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[4]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[5]  Tatsuaki Okamoto,et al.  Efficient Blind and Partially Blind Signatures Without Random Oracles , 2006, IACR Cryptol. ePrint Arch..

[6]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[7]  Yael Tauman Kalai,et al.  Public-Key Encryption Schemes with Auxiliary Inputs , 2010, TCC.

[8]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[9]  Gil Segev,et al.  David and Goliath Commitments: UC Computation for Asymmetric Parties Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[10]  Yevgeniy Dodis,et al.  Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks , 2010, CRYPTO.

[11]  Nico Döttling,et al.  Unconditional and Composable Security Using a Single Stateful Tamper-Proof Hardware Token , 2011, TCC.

[12]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[13]  Yevgeniy Dodis,et al.  Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model , 2009, CRYPTO.

[14]  Yuval Ishai,et al.  Semantic Security under Related-Key Attacks and Applications , 2011, ICS.

[15]  Zvika Brakerski,et al.  Circular and Leakage Resilient Public-Key Encryption Under Subgroup Indistinguishability (or: Quadratic Residuosity Strikes Back) , 2010, IACR Cryptol. ePrint Arch..

[16]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[17]  Vladimir Kolesnikov Truly Efficient String Oblivious Transfer Using Resettable Tamper-Proof Tokens , 2010, TCC.

[18]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[19]  Yevgeniy Dodis,et al.  Cryptography against Continuous Memory Attacks , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[20]  Yuval Ishai,et al.  Private Circuits II: Keeping Secrets in Tamperable Circuits , 2006, EUROCRYPT.

[21]  Daniel Wichs,et al.  Fully Leakage-Resilient Signatures , 2011, EUROCRYPT.

[22]  Ivan Damgård,et al.  Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor , 2001, CRYPTO.

[23]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[24]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation without Set-up Assumptions , 2003, EUROCRYPT.

[25]  Moti Yung,et al.  Signatures Resilient to Continual Leakage on Memory and Computation , 2011, IACR Cryptol. ePrint Arch..

[26]  Nir Bitansky,et al.  On Strong Simulation and Composable Point Obfuscation , 2010, CRYPTO.

[27]  Ivan Damgård,et al.  Isolated Proofs of Knowledge and Isolated Zero Knowledge , 2008, EUROCRYPT.

[28]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[29]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[30]  Shai Halevi,et al.  After-the-Fact Leakage in Public-Key Encryption , 2011, IACR Cryptol. ePrint Arch..

[31]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[32]  Silvio Micali,et al.  Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering , 2004, TCC.

[33]  David Cash,et al.  Pseudorandom Functions and Permutations Provably Secure against Related-Key Attacks , 2010, CRYPTO.

[34]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[35]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[36]  Allison Bishop,et al.  How to leak on key updates , 2011, STOC '11.

[37]  Guy N. Rothblum,et al.  Securing Computation against Continuous Leakage , 2010, CRYPTO.

[38]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[39]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[40]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[41]  Yuval Ishai,et al.  Interactive Locking, Zero-Knowledge PCPs, and Unconditional Cryptography , 2010, Electron. Colloquium Comput. Complex..

[42]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[43]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[44]  Yael Tauman Kalai,et al.  On cryptography with auxiliary input , 2009, STOC '09.

[45]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[46]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[47]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[48]  Yael Tauman Kalai,et al.  One-Time Programs , 2008, CRYPTO.

[49]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[50]  Yevgeniy Vahlis,et al.  On Protecting Cryptographic Keys Against Continual Leakage , 2010, IACR Cryptol. ePrint Arch..

[51]  Yael Tauman Kalai,et al.  Overcoming the Hole in the Bucket: Public-Key Cryptography Resilient to Continual Memory Leakage , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[52]  Allison Bishop,et al.  On the Insecurity of Parallel Repetition for Leakage Resilience , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[53]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[54]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[55]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation Without Set-Up Assumptions , 2003, Journal of Cryptology.

[56]  Abhishek Jain,et al.  Parallel Repetition for Leakage Resilience Amplification Revisited , 2011, TCC.