New Frontiers in Secure Computation

The notion of secure computation is central to cryptography. Introduced in the seminal works of Yao [FOCS'82, FOCS'86] and Goldreich, Micali and Wigderson [STOC'87], secure multiparty computation allows a group of (mutually) distrustful parties to jointly compute any functionality over their individual private inputs in such a manner that the honest parties obtain the correct outputs and no group of malicious parties learn anything beyond their inputs and the prescribed outputs. General feasibility results for secure computation were given by Yao [FOCS'86] and Goldreich et al. [STOC'87] more than two decades ago. Subsequent to these works, designing secure computation protocols that can tolerate more powerful adversaries and satisfy stronger notions of security has been a very active area of research. In this dissertation, we study two such new frontiers in the area of secure computation. In the first part of this dissertation, we initiate a study of designing leakage-resilient interactive protocols. Specifically, we consider the scenario where an adversary, in addition to corrupting a subset of parties, can leak (potentially via physical attacks) arbitrary information from the secret state of any honest party. This is in contrast to the standard notion of secure computation where it is assumed that the adversary only has "black-box'' access to the honest parties. In particular, we formalize a meaningful definition of leakage-resilient zero knowledge proof systems and provide constructions that satisfy our notion. We also discuss various applications of our results. The second part of this dissertation concerns with the general question of whether it is possible to securely run cryptographic protocols over an insecure network environment such as the Internet. It is well-known that the standard notion of secure computation is only relevant to the "stand-alone" setting where a single protocol is being executed in isolation; as such it does not guarantee security when multiple protocol sessions may be executed concurrently under the control of an adversary who is present across all sessions. We consider the open problem of constructing secure password-based authenticated key exchange protocols in such a setting in the "plain model" (i.e., without assuming any trusted infrastructure or random oracles). We give the first construction of such a protocol based on standard cryptographic assumptions. Our results are in fact much more general, and extend to other functionalities w.r.t. a (necessarily) weakened notion of concurrently secure computation. The results presented in this dissertation stem from two papers which are joint works with Sanjam Garg and Amit Sahai, and with Vipul Goyal and Rafail Ostrovsky, respectively.

[1]  Allison Bishop,et al.  Achieving Leakage Resilience through Dual System Encryption , 2011, TCC.

[2]  Yevgeniy Dodis,et al.  Survey: Leakage Resilience and the Bounded Retrieval Model , 2009, ICITS.

[3]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[4]  Donald Beaver,et al.  Adaptive zero knowledge and computational equivocation (extended abstract) , 1996, STOC '96.

[5]  Amit Sahai,et al.  Resettably Secure Computation , 2009, EUROCRYPT.

[6]  Yehuda Lindell,et al.  Adaptive Zero-Knowledge Proofs and Adaptively Secure Oblivious Transfer , 2009, Journal of Cryptology.

[7]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[8]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation , 1998, Journal of Cryptology.

[9]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[10]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[11]  Moni Naor,et al.  Bit commitment using pseudo-randomness (extended abstract) , 1989, CRYPTO 1989.

[12]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[13]  Ran Canetti,et al.  Resettable Zero-Knowledge , 1999, IACR Cryptol. ePrint Arch..

[14]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[15]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[16]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[17]  Rafael Pass,et al.  New and improved constructions of non-malleable cryptographic protocols , 2005, STOC '05.

[18]  Yevgeniy Dodis,et al.  Cryptography against Continuous Memory Attacks , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[19]  Guy N. Rothblum,et al.  Securing Computation against Continuous Leakage , 2010, CRYPTO.

[20]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[21]  Jonathan Katz,et al.  Reducing Complexity Assumptions for Statistically-Hiding Commitment , 2009, Journal of Cryptology.

[22]  Yehuda Lindell,et al.  Secure Computation Without Authentication , 2005, Journal of Cryptology.

[23]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[24]  Rosario Gennaro,et al.  Faster and Shorter Password-Authenticated Key Exchange , 2008, TCC.

[25]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[26]  Ke Yang,et al.  On Simulation-Sound Trapdoor Commitments , 2004, EUROCRYPT.

[27]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[28]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[29]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[30]  Silvio Micali,et al.  Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing , 1996, CRYPTO.

[31]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[32]  Miklós Ajtai,et al.  Secure computation with information leaking to an adversary , 2011, STOC.

[33]  Yevgeniy Vahlis,et al.  On Protecting Cryptographic Keys Against Continual Leakage , 2010, IACR Cryptol. ePrint Arch..

[34]  Daniel Wichs,et al.  Fully Leakage-Resilient Signatures , 2011, Journal of Cryptology.

[35]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[36]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[37]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[38]  Yael Tauman Kalai,et al.  On cryptography with auxiliary input , 2009, STOC '09.

[39]  Amit Sahai,et al.  How to play almost any mental game over the net - concurrent composition via super-polynomial simulation , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[40]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[41]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[42]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[43]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[44]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[45]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[46]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[47]  Gil Segev,et al.  David and Goliath Commitments: UC Computation for Asymmetric Parties Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[48]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[49]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[50]  Rafail Ostrovsky,et al.  Extracting Correlations , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[51]  Alon Rosen,et al.  A Note on Constant-Round Zero-Knowledge Proofs for NP , 2004, TCC.

[52]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[53]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[54]  Yehuda Lindell,et al.  Session-Key Generation Using Human Passwords Only , 2001, Journal of Cryptology.

[55]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[56]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[57]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[58]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[59]  Ivan Damgård,et al.  On the existence of statistically hiding bit commitment schemes and fail-stop signatures , 1994, Journal of Cryptology.

[60]  Yuval Ishai,et al.  Private Circuits II: Keeping Secrets in Tamperable Circuits , 2006, EUROCRYPT.

[61]  Rafael Pass,et al.  A unified framework for concurrent security: universal composability from stand-alone non-malleability , 2009, STOC '09.

[62]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[63]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[64]  Ivan Damgård,et al.  Universally Composable Multiparty Computation with Partially Isolated Parties , 2009, TCC.

[65]  Yuval Ishai,et al.  Interactive Locking, Zero-Knowledge PCPs, and Unconditional Cryptography , 2010, Electron. Colloquium Comput. Complex..

[66]  Amit Sahai,et al.  Precise Concurrent Zero Knowledge , 2008, EUROCRYPT.

[67]  Amit Sahai,et al.  New Constructions for UC Secure Computation Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[68]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[69]  Yevgeniy Dodis,et al.  Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model , 2009, CRYPTO.

[70]  Ran Canetti,et al.  Universally composable protocols with relaxed set-up assumptions , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[71]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[72]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[73]  Salil P. Vadhan,et al.  Simpler Session-Key Generation from Short Random Passwords , 2004, Journal of Cryptology.

[74]  Silvio Micali,et al.  Local zero knowledge , 2006, STOC '06.

[75]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[76]  Yevgeniy Dodis,et al.  Efficient Public-Key Cryptography in the Presence of Key Leakage , 2010, ASIACRYPT.

[77]  Yael Tauman Kalai,et al.  Overcoming the Hole in the Bucket: Public-Key Cryptography Resilient to Continual Memory Leakage , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[78]  Juan A. Garay,et al.  Strengthening Zero-Knowledge Protocols Using Signatures , 2003, Journal of Cryptology.

[79]  Eike Kiltz,et al.  Leakage Resilient ElGamal Encryption , 2010, ASIACRYPT.

[80]  Allison Bishop,et al.  How to leak on key updates , 2011, STOC '11.

[81]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[82]  Yehuda Lindell,et al.  Universally Composable Password-Based Key Exchange , 2005, EUROCRYPT.

[83]  Moni Naor,et al.  Public-Key Encryption in the Bounded-Retrieval Model , 2010, EUROCRYPT.

[84]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[85]  Yael Tauman Kalai,et al.  Public-Key Encryption Schemes with Auxiliary Inputs , 2010, TCC.

[86]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[87]  Yehuda Lindell,et al.  Lower Bounds for Concurrent Self Composition , 2004, TCC.

[88]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[89]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[90]  Moti Yung,et al.  Signatures Resilient to Continual Leakage on Memory and Computation , 2011, IACR Cryptol. ePrint Arch..