Are Your Keys Protected? Time Will Tell

Authors Yoav Ben Dov, Liron David , Moni Naor , Elad Tzalik



PDF
Thumbnail PDF

File

LIPIcs.ITC.2024.3.pdf
  • Filesize: 0.86 MB
  • 28 pages

Document Identifiers

Author Details

Yoav Ben Dov
  • Weizmann Institute of Science, Rehovot, Israel
Liron David
  • Weizmann Institute of Science, Rehovot, Israel
Moni Naor
  • Weizmann Institute of Science, Rehovot, Israel
Elad Tzalik
  • Weizmann Institute of Science, Rehovot, Israel

Cite AsGet BibTex

Yoav Ben Dov, Liron David, Moni Naor, and Elad Tzalik. Are Your Keys Protected? Time Will Tell. In 5th Conference on Information-Theoretic Cryptography (ITC 2024). Leibniz International Proceedings in Informatics (LIPIcs), Volume 304, pp. 3:1-3:28, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)
https://doi.org/10.4230/LIPIcs.ITC.2024.3

Abstract

Side channel attacks, and in particular timing attacks, are a fundamental obstacle to obtaining secure implementation of algorithms and cryptographic protocols, and have been widely researched for decades. While cryptographic definitions for the security of cryptographic systems have been well established for decades, none of these accepted definitions take into account the running time information leaked from executing the system. In this work, we give the foundation of new cryptographic definitions for cryptographic systems that take into account information about their leaked running time, focusing mainly on keyed functions such as signature and encryption schemes. Specifically, [(1)] 1) We define several cryptographic properties to express the claim that the timing information does not help an adversary to extract sensitive information, e.g. the key or the queries made. We highlight the definition of key-obliviousness, which means that an adversary cannot tell whether it received the timing of the queries with the actual key or the timing of the same queries with a random key. 2) We present a construction of key-oblivious pseudorandom permutations on a small or medium-sized domain. This construction is not "fixed-time," and at the same time is secure against any number of queries even in case the adversary knows the running time exactly. Our construction, which we call Janus Sometimes Recurse, is a variant of the "Sometimes Recurse" shuffle by Morris and Rogaway. 3) We suggest a new security notion for keyed functions, called noticeable security, and prove that cryptographic schemes that have noticeable security remain secure even when the exact timings are leaked, provided the implementation is key-oblivious. We show that our notion applies to cryptographic signatures, private key encryption and PRPs.

Subject Classification

ACM Subject Classification
  • Theory of computation → Cryptographic primitives
  • Security and privacy → Key management
  • Security and privacy → Mathematical foundations of cryptography
  • Security and privacy → Side-channel analysis and countermeasures
Keywords
  • Side channel attacks
  • Timing attacks
  • Keyed functions
  • Key oblivious
  • Noticeable security

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, and Michael Emmi. Verifying constant-time implementations. In Thorsten Holz and Stefan Savage, editors, 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016, pages 53-70. USENIX Association, 2016. URL: https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/almeida.
  2. Joël Alwen, Yevgeniy Dodis, and Daniel Wichs. Survey: Leakage resilience and the bounded retrieval model. In Kaoru Kurosawa, editor, Information Theoretic Security, 4th International Conference, ICITS 2009, Shizuoka, Japan, December 3-6, 2009. Revised Selected Papers, volume 5973 of Lecture Notes in Computer Science, pages 1-18. Springer, 2009. URL: https://doi.org/10.1007/978-3-642-14496-7_1.
  3. Yuriy Arbitman, Moni Naor, and Gil Segev. Backyard cuckoo hashing: Constant worst-case operations with a succinct representation. In 51th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2010, October 23-26, 2010, Las Vegas, Nevada, USA, pages 787-796. IEEE Computer Society, 2010. URL: https://doi.org/10.1109/FOCS.2010.80.
  4. Gustavo Banegas, Daniel J. Bernstein, Fabio Campos, Tung Chou, Tanja Lange, Michael Meyer, Benjamin Smith, and Jana Sotáková. CTIDH: faster constant-time CSIDH. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2021(4):351-387, 2021. URL: https://doi.org/10.46586/TCHES.V2021.I4.351-387.
  5. Mihir Bellare, Ran Canetti, and Hugo Krawczyk. Pseudorandom functions revisited: The cascade construction and its concrete security. In 37th Annual Symposium on Foundations of Computer Science, FOCS '96, Burlington, Vermont, USA, 14-16 October, 1996, pages 514-523. IEEE Computer Society, 1996. URL: https://doi.org/10.1109/SFCS.1996.548510.
  6. Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers. Format-preserving encryption. In Michael J. Jacobson Jr., Vincent Rijmen, and Reihaneh Safavi-Naini, editors, Selected Areas in Cryptography, 16th Annual International Workshop, SAC 2009, Calgary, Alberta, Canada, August 13-14, 2009, Revised Selected Papers, volume 5867 of Lecture Notes in Computer Science, pages 295-312. Springer, 2009. URL: https://doi.org/10.1007/978-3-642-05445-7_19.
  7. Itay Berman, Iftach Haitner, Ilan Komargodski, and Moni Naor. Hardness-preserving reductions via cuckoo hashing. J. Cryptol., 32(2):361-392, 2019. URL: https://doi.org/10.1007/s00145-018-9293-0.
  8. Arnab Kumar Biswas, Dipak Ghosal, and Shishir Nagaraja. A survey of timing channels and countermeasures. ACM Comput. Surv., 50(1):6:1-6:39, 2017. URL: https://doi.org/10.1145/3023872.
  9. John Black and Phillip Rogaway. Ciphers with arbitrary finite domains. In Bart Preneel, editor, Topics in Cryptology - CT-RSA 2002, The Cryptographer’s Track at the RSA Conference, 2002, San Jose, CA, USA, February 18-22, 2002, Proceedings, volume 2271 of Lecture Notes in Computer Science, pages 114-130. Springer, 2002. URL: https://doi.org/10.1007/3-540-45760-7_9.
  10. Jonathan Bootle, Claire Delaplace, Thomas Espitau, Pierre-Alain Fouque, and Mehdi Tibouchi. LWE without modular reduction and improved side-channel attacks against BLISS. In Advances in Cryptology - ASIACRYPT 2018, Brisbane, QLD, Australia, December 2-6, 2018, Proceedings, Part I, volume 11272 of Lecture Notes in Computer Science, pages 494-524. Springer, 2018. URL: https://doi.org/10.1007/978-3-030-03326-2_17.
  11. David Brumley and Dan Boneh. Remote timing attacks are practical. In Proceedings of the 12th USENIX Security Symposium, Washington, D.C., USA, August 4-8, 2003. USENIX Association, 2003. URL: https://www.usenix.org/conference/12th-usenix-security-symposium/remote-timing-attacks-are-practical.
  12. David Chaum. Blind signatures for untraceable payments. In David Chaum, Ronald L. Rivest, and Alan T. Sherman, editors, Advances in Cryptology: Proceedings of CRYPTO '82, Santa Barbara, California, USA, August 23-25, 1982, pages 199-203. Plenum Press, New York, 1982. URL: https://doi.org/10.1007/978-1-4757-0602-4_18.
  13. Scott A. Crosby, Dan S. Wallach, and Rudolf H. Riedi. Opportunities and limits of remote timing attacks. ACM Trans. Inf. Syst. Secur., 12(3):17:1-17:29, 2009. URL: https://doi.org/10.1145/1455526.1455530.
  14. Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Lattice signatures and bimodal gaussians. In Ran Canetti and Juan A. Garay, editors, Advances in Cryptology - CRYPTO 2013. Proceedings, Part I, volume 8042 of Lecture Notes in Computer Science, pages 40-56. Springer, 2013. URL: https://doi.org/10.1007/978-3-642-40041-4_3.
  15. Thomas Espitau, Pierre-Alain Fouque, Benoît Gérard, and Mehdi Tibouchi. Side-channel attacks on BLISS lattice-based signatures: Exploiting branch tracing against strongswan and electromagnetic emanations in microcontrollers. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, pages 1857-1874. ACM, 2017. URL: https://doi.org/10.1145/3133956.3134028.
  16. Oded Goldreich, Shafi Goldwasser, and Silvio Micali. How to construct random functions. Journal of the ACM (JACM), 33(4):792-807, 1986. Google Scholar
  17. Oded Goldreich and Rafail Ostrovsky. Software protection and simulation on oblivious rams. Journal of the ACM (JACM), 43(3):431-473, 1996. Google Scholar
  18. Shafi Goldwasser and Guy N. Rothblum. How to compute in the presence of leakage. SIAM J. Comput., 44(5):1480-1549, 2015. URL: https://doi.org/10.1137/130931461.
  19. Viet Tung Hoang, Ben Morris, and Phillip Rogaway. An enciphering scheme based on a card shuffle. In Advances in Cryptology - CRYPTO 2012 - 32nd Annual Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2012. Proceedings, volume 7417 of Lecture Notes in Computer Science, pages 1-13. Springer, 2012. URL: https://doi.org/10.1007/978-3-642-32009-5_1.
  20. Yuval Ishai, Amit Sahai, and David A. Wagner. Private circuits: Securing hardware against probing attacks. In Dan Boneh, editor, Advances in Cryptology - CRYPTO 2003 Proceedings, volume 2729 of Lecture Notes in Computer Science, pages 463-481. Springer, 2003. URL: https://doi.org/10.1007/978-3-540-45146-4_27.
  21. Yael Tauman Kalai and Leonid Reyzin. A survey of leakage-resilient cryptography. In Oded Goldreich, editor, Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, pages 727-794. ACM, 2019. URL: https://doi.org/10.1145/3335741.3335768.
  22. Jonathan Katz and Chiu-Yuen Koo. On constructing universal one-way hash functions from arbitrary one-way functions. IACR Cryptol. ePrint Arch., page 328, 2005. URL: http://eprint.iacr.org/2005/328.
  23. Paul C. Kocher. Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In Advances in Cryptology - CRYPTO '96, Santa Barbara, California, USA, August 18-22, 1996, Proceedings, volume 1109 of Lecture Notes in Computer Science, pages 104-113. Springer, 1996. URL: https://doi.org/10.1007/3-540-68697-5_9.
  24. Richard J. Lipton and Jeffrey F. Naughton. Clocked adversaries for hashing. Algorithmica, 9(3):239-252, 1993. URL: https://doi.org/10.1007/BF01190898.
  25. Michael Luby and Charles Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput., 17(2):373-386, 1988. URL: https://doi.org/10.1137/0217022.
  26. Ueli M. Maurer and Krzysztof Pietrzak. Composition of random systems: When two weak make one strong. In Moni Naor, editor, Theory of Cryptography, First Theory of Cryptography Conference, TCC 2004, Cambridge, MA, USA, February 19-21, 2004, Proceedings, volume 2951 of Lecture Notes in Computer Science, pages 410-427. Springer, 2004. URL: https://doi.org/10.1007/978-3-540-24638-1_23.
  27. Silvio Micali and Leonid Reyzin. Physically observable cryptography (extended abstract). In Moni Naor, editor, Theory of Cryptography, First Theory of Cryptography Conference, TCC 2004, Cambridge, MA, USA, February 19-21, 2004, Proceedings, volume 2951 of Lecture Notes in Computer Science, pages 278-296. Springer, 2004. URL: https://doi.org/10.1007/978-3-540-24638-1_16.
  28. Ben Morris and Phillip Rogaway. Sometimes-recurse shuffle - almost-random permutations in logarithmic expected time. In Advances in Cryptology - EUROCRYPT 2014, Copenhagen, Denmark, May 11-15, 2014. Proceedings, volume 8441 of Lecture Notes in Computer Science, pages 311-326. Springer, 2014. URL: https://doi.org/10.1007/978-3-642-55220-5_18.
  29. Moni Naor and Omer Reingold. On the construction of pseudorandom permutations: Luby-rackoff revisited. J. Cryptol., 12(1):29-66, 1999. URL: https://doi.org/10.1007/PL00003817.
  30. Moni Naor and Gil Segev. Public-key cryptosystems resilient to key leakage. SIAM J. Comput., 41(4):772-814, 2012. URL: https://doi.org/10.1137/100813464.
  31. Moni Naor and Moti Yung. Universal one-way hash functions and their cryptographic applications. In David S. Johnson, editor, Proceedings of the 21st Annual ACM Symposium on Theory of Computing, May 14-17, 1989, Seattle, Washington, USA, pages 33-43. ACM, 1989. URL: https://doi.org/10.1145/73007.73011.
  32. Thomas Ristenpart and Scott Yilek. The mix-and-cut shuffle: Small-domain encryption secure against N queries. In Advances in Cryptology - CRYPTO 2013 - 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2013. Proceedings, Part I, volume 8042 of Lecture Notes in Computer Science, pages 392-409. Springer, 2013. URL: https://doi.org/10.1007/978-3-642-40041-4_22.
  33. John Rompel. One-way functions are necessary and sufficient for secure signatures. In Harriet Ortiz, editor, Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, May 13-17, 1990, Baltimore, Maryland, USA, pages 387-394. ACM, 1990. URL: https://doi.org/10.1145/100216.100269.
  34. Steven Rudich. Limits on the provable consequences of one-way functions. PhD Thesis, University of California, 1988. Google Scholar
  35. Emil Stefanov, Elaine Shi, and Dawn Song. Towards practical oblivious ram. arXiv preprint arXiv:1106.3652, 2011. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail