nach oben

Designs, Codes and Cryptography

Erschienen in:

02.11.2016

Strong authenticated key exchange with auxiliary inputs

verfasst von: Rongmao Chen, Yi Mu, Guomin Yang, Willy Susilo, Fuchun Guo

Erschienen in: Designs, Codes and Cryptography | Ausgabe 1/2017

Einloggen, um Zugang zu erhalten

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Leakage attacks, including various kinds of side-channel attacks, allow an attacker to learn partial information about the internal secrets such as the secret key and the randomness of a cryptographic system. Designing a strong, meaningful, yet achievable security notion to capture practical leakage attacks is one of the primary goals of leakage-resilient cryptography. In this work, we revisit the modelling and design of authenticated key exchange (AKE) protocols with leakage resilience. We show that the prior works on this topic are inadequate in capturing realistic leakage attacks. To close this research gap, we propose a new security notion named leakage-resilient eCK model w.r.t. auxiliary inputs (\(\mathsf {AI\hbox {-}LR\text{-}eCK}\)) for AKE protocols, which addresses the limitations of the previous models. Our model allows computationally hard-to-invert leakage of both the long-term secret key and the randomness, and also addresses a limitation existing in most of the previous models where the adversary is disallowed to make leakage queries during the challenge session. As another major contribution of this work, we present a generic framework for the construction of AKE protocols that are secure under the proposed \(\mathsf {AI\hbox {-}LR\text{-}eCK}\) model. An instantiation based on the decision Diffie–Hellman (DDH) assumption in the standard model is also given to demonstrate the feasibility of our proposed framework.

Vorheriger Artikel A combinatorial problem related to sparse systems of equations

Nächster Artikel A note on the strong authenticated key exchange with auxiliary inputs

Since the ephemeral secret key \(esk_{\mathcal {A},i^*}\) has no corresponding public key, we have that \(f_j\in \mathcal {H}_{\mathsf {epk\hbox {-}ow}}(\epsilon _{\mathsf {esk}}) = \mathcal {H}_{\mathsf {ow}}(\epsilon _{\mathsf {esk}})\) for all \(1<j<q_e\) according to Lemma 2.

One may notice that here \(\mathcal S\) does not simulate the session of \(\mathcal A\) when \(\mathsf {E}^*\in \{\mathsf {E}_7,\mathsf {E}_8\}\). This is because that when \(\mathsf {E}_7\) or \(\mathsf {E}_8\) happens, the session of \(\mathcal A\) is under the control of the adversary and thus it does not exist. It is also the case for the events \(\mathsf {E}_5\) and \(\mathsf {E}_6\) where \(\mathcal S\) does not need to simulate the session of \(\mathcal B\).

Noting that \(sk_{\mathcal {A}}\) here has the verification key \(vk_{\mathcal {A}}\), one may wonder if the leakage query made by \(\mathcal {M}\) can be answered by \(\mathcal {S}\). It is actually the case, as for each leakage function \(h_j\in \mathcal {H}_{\mathsf {lpk\hbox {-}ow}}(\epsilon _{\mathsf {lsk}})\) (\(1<j<q_l\)) by \(\mathcal {M}\), we can set \(f_j(sk_{\mathcal {A}})=(h_j(sk_{\mathcal {A}},vk_{\mathcal {A}}),vk_{\mathcal {A}})\in \mathcal {H}_{ow}(\epsilon _{\mathsf {lsk}})\).

Akavia A., Goldwasser S., Vaikuntanathan V.: Simultaneous hardcore bits and cryptography against memory attacks. In: TCC, pp. 474–495 (2009).

Alawatugoda J., Boyd C., Stebila D.: Continuous after-the-fact leakage-resilient key exchange. In: ACISP, pp. 258–273 (2014).

Alawatugoda J., Stebila D., Boyd C.: Modelling after-the-fact leakage for key exchange. In: ASIACCS, pp. 207–216 (2014).

Alwen J., Dodis Y., Wichs D.: Leakage-resilient public-key cryptography in the bounded-retrieval model. In: CRYPTO, pp. 36–54 (2009).

Bellare M., Rogaway P.: Entity authentication and key distribution. In: CRYPTO, pp. 232–249 (1993).

Bellare M., Canetti R., Krawczyk H.: A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In: ACM STOC, pp. 419–428 (1998).

Biham E., Shamir A.: Differential fault analysis of secret key cryptosystems. In: CRYPTO, pp. 513–525 (1997).

Bitansky N., Canetti R., Halevi S.: Leakage-tolerant interactive protocols. In: TCC, pp. 266–284 (2012).

Boyle E., Segev G., Wichs D.: Fully leakage-resilient signatures. J. Cryptol. 26(3), 513–558 (2013).MathSciNetCrossRefMATH

10.

Canetti R., Krawczyk H.: Analysis of key-exchange protocols and their use for building secure channels. In: EUROCRYPT, pp. 453–474 (2001).

11.

Choo K.R., Boyd C., Hitchcock Y.: Examining indistinguishability-based proof models for key establishment protocols. In: ASIACRYPT, pp. 585–604 (2005).

12.

Chow S.S.M., Dodis Y., Rouselakis Y., Waters B.: Practical leakage-resilient identity-based encryption from simple assumptions. In: ACM CCS, pp. 152–161 (2010).

13.

Cramer R., Shoup V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: EUROCRYPT, pp. 45–64 (2002).

14.

Dodis Y., Goldwasser S., Kalai Y.T., Peikert C., Vaikuntanathan V.: Public-key encryption schemes with auxiliary inputs. In: TCC, pp. 361–381 (2010).

15.

Dodis Y., Haralambiev K., López-Alt A., Wichs D.: Efficient public-key cryptography in the presence of key leakage. In: ASIACRYPT, pp. 613–631 (2010).

16.

Dodis Y., Kalai Y.T., Lovett S.: On cryptography with auxiliary input. In: ACM STOC, pp. 621–630 (2009).

17.

Dodis Y., Pietrzak K.: Leakage-resilient pseudorandom functions and side-channel attacks on feistel networks. In: CRYPTO, pp. 21–40 (2010).

18.

Entity authentication mechanisms-part3: Entity authentication using asymmetric techniques. ISO/IEC IS 9789-3 (1993).

19.

Faust S., Hazay C., Nielsen J.B., Nordholt P.S., Zottarel A.: Signature schemes secure against hard-to-invert leakage. In: ASIACRYPT, pp. 98–115 (2012).

20.

Faust S., Pietrzak K., Schipper J.: Practical leakage-resilient symmetric cryptography. In: CHES, pp. 213–232 (2012).

21.

Fujioka A., Suzuki K., Xagawa K., Yoneyama K.: Strongly secure authenticated key exchange from factoring, codes, and lattices. In: PKC, pp. 467–484 (2012).

22.

Gandolfi K., Mourtel C., Olivier F.: Electromagnetic analysis: Concrete results. In: CHES, Generators, pp. 251–261 (2001).

23.

Gennaro R., Lindell Y.: A framework for password-based authenticated key exchange. In: EUROCRYPT, pp. 524–543 (2003).

24.

Halderman J.A., Schoen S.D., Heninger N., Clarkson W., Paul W., Calandrino J.A., Feldman A.J., Appelbaum J., Felten E.W.: Lest we remember: Cold boot attacks on encryption keys. In: USENIX Security Symposium, pp. 45–60 (2008).

25.

Halevi S., Kalai Y.T.: Smooth projective hashing and two-message oblivious transfer. J. Cryptol. 25(1), 158–193 (2012).MathSciNetCrossRefMATH

26.

Halevi S., Lin H.: After-the-fact leakage in public-key encryption. In: TCC, pp. 107–124 (2011).

27.

Katz J., Vaikuntanathan V.: Signature schemes with bounded leakage resilience. In: ASIACRYPT, pp. 703–720 (2009).

28.

Katz J., Vaikuntanathan V.: Round-optimal password-based authenticated key exchange. In: TCC, pp. 293–310 (2011).

29.

Krawczyk H.: SIGMA: the ‘sign-and-mac’ approach to authenticated diffie–hellman and its use in the ike-protocols. In: CRYPTO, pp. 400–425 (2003).

30.

Kurosawa K., Furukawa J.: 2-pass key exchange protocols from cpa-secure KEM. In: CT-RSA, pp. 385–401 (2014).

31.

LaMacchia B.A., Lauter K.E., Mityagin A.: Stronger security of authenticated key exchange. In: ProvSec, pp. 1–16 (2007).

32.

Marvin R.: Google admits an android crypto PRNG flaw led to Bitcoin heist (August 2013). http://sdt.bz/64008 (2013).

33.

Micali S., Reyzin L.: Physically observable cryptography (extended abstract). In: TCC, pp. 278–296 (2004).

34.

Moriyama D., Okamoto T.: Leakage resilient eck-secure key exchange protocol without random oracles. In: ASIACCS, pp. 441–447 (2011).

35.

Naor M., Segev G.: Public-key cryptosystems resilient to key leakage. In: CRYPTO, pp. 18–35 (2009).

36.

Quisquater J., Samyde D.: Electromagnetic attack. In: van Tilborg H.C.A., Jajodia S. (eds.) Encyclopedia of Cryptography and Security, 2nd edn, pp. 382–385. Springer, New York (2011).

37.

Shumow D., Ferguson N.: On the possibility of a back door in the NIST SP800-90 Dual Ec PRNG. http://rump2007.cr.yp.to/15-shumow (2007).

38.

Standaert F., Pereira O., Yu Y., Quisquater J., Yung M., Oswald E.: Leakage resilient cryptography in practice. In: Sadeghi A.R., Naccache D. (eds.) Towards Hardware-Intrinsic Security—Foundations and Practice, pp. 99–134. Springer, New York (2010).CrossRef

39.

Yang G., Mu Y., Susilo W., Wong D.S.: Leakage resilient authenticated key exchange secure in the auxiliary input model. In: ISPEC, pp. 204–217. Springer, Berlin (2013).

40.

Yu Y., Standaert F., Pereira O., Yung M.: Practical leakage-resilient pseudorandom generators. In: ACM CCS, pp. 141–151 (2010).

41.

Yuen T.H., Zhang Y., Yiu S., Liu J.K.: Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. In: ESORICS, pp. 130–147 (2014).

42.

Zetter K.: How a crypto ‘backdoor’ pitted the tech world against the NSA. http://www.wired.com/threatlevel/2013/09/nsa-backdoor/all/ (2013).

Titel: Strong authenticated key exchange with auxiliary inputs
verfasst von: Rongmao Chen
Yi Mu
Guomin Yang
Willy Susilo
Fuchun Guo
Publikationsdatum: 02.11.2016
Verlag: Springer US
Erschienen in: Designs, Codes and Cryptography / Ausgabe 1/2017
Print ISSN: 0925-1022
Elektronische ISSN: 1573-7586
DOI: https://doi.org/10.1007/s10623-016-0295-3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Weitere Artikel der Ausgabe 1/2017

A combinatorial problem related to sparse systems of equations

Collineations of finite 2-affine planes

Perfect contrast XOR-based visual cryptography schemes via linear algebra

A note on the strong authenticated key exchange with auxiliary inputs

Efficient revocable identity-based encryption via subset difference methods

Lattices from codes over : generalization of constructions D, and