Securing Circuits Against Constant-Rate Tampering
Securing Circuits Against Constant-Rate Tampering Dana Dachman-Soled
Yael Tauman Kalai
Microsoft Research
Tamper-Resilient Circuits [Ishai-Prabhakaran-Sahai-Wagner06] wire tampering: Tamper with me toggle, Iset 0/1 willwire self to destruct!
[IPSW06]: 1/size tampering rate Our work: 1/const tampering rate
Physical Attacks Cold-boot attack [Halderman-SchoenHeninger-ClarksonCalandrino-FeldmanAppelbaum –Felten08]
Fault attacks Timing attacks [Kocher96,…]
[Boneh-DeMillo-Lipton97, Biham-Shamir98, …]
Power attacks [Kocher-Jaffe-Jun99,…]
Acoustic attacks [Shamir-Tromer]
Radiation Attacks [Agrawal-ArchambeaultRao-Rohatgi02]
Leakage attacks
Tampering attacks
Cold-boot attack [Halderman-SchoenHeninger-ClarksonCalandrino-FeldmanAppelbaum –Felten08]
Fault attacks Timing attacks [Kocher96,…]
[Boneh-DeMillo-Lipton97, Biham-Shamir98, …]
Power attacks [Kocher-Jaffe-Jun99,…]
Acoustic attacks [Shamir-Tromer]
Radiation Attacks [Agrawal-ArchambeaultRao-Rohatgi02]
Leakage attacks
Tampering attacks
[Rivest1997, Boyko1999, Canetti-DodisHalevi-Kushilevitz-Sahai2000, Ishai-SahaiWagner2003, Micali-Reyzin2004, IshaiPrabhakaran-Sahai-Wagner2006, Dziembowski-Pietrzak2008, Pietrzak2009 , Akavia-Goldwasser-Vaikuntanathan2009, Dodis-K-Lovett2009, Naor-Segev2009, KatzVaikuntanathan2009, Alwen-DodisWichs2009, Alwen-Dodis-Naor-SegevWalfish-Wichs2009, Faust-Kiltz-PietrzakRothblum2009, Faust-Rabin-Reyzin-TromerVaikuntanathan2010, Dodis-Goldwasser-KPeikert-Vaikuntanathan2010, Goldwasser-KPeikert-Vaikuntanathan2010, JumaVahlis2010, Goldwasswer-Rothblum2010, Canetti-K-Mayank-Wichs2010, DodisHaralambiev-LopezAlt-Wichs2010, Brakerski-K-Katz-Vaikuntanathan2010, Boyle-Segev-Wichs2010, DodisPietrzak2010, Braverman-Hassidim-K2010, Lewko-Waters2010, Lewko-RouselakisWaters2011, Lewko-Lewko-Waters2011, Jain-Pietrzak2011, Bitansky-Canetti-HaleviGoldwasser-K-Rothblum2011, BitanskyCanetti-Halevi2011, Garg-Jain-Sahai2011, Brakerski-K2011, Dodis-Lewko-Waters-
[Bellare-Kohno2003, Gennaro-Lysyanskaya-MalkinMicali-Rabin2004, Ishai-Prabhakaran-SahaiWagner2006, Applebaum-Harnik-Ishai2010, Dziembowski-Pietrzak-Wichs2010, Kalai-kanakhurthiSahai2011, , Choi-Kiayias-Malkin11, Kalai-LewkoRao2011, Liu-Lysyanskaya12]
Our Results Compiler
𝐶 Need to define:
1. Tampering model 2. Security guarantee
𝐶’
“tamper resilient”
Theoretical Result
Tampering Model (tampering with individual wires) Inspired by [Ishai-Prabhakaran-Sahai-Wagner2006]
input 𝑥𝑖
𝐶 𝑥𝑖 Memory Secret 𝑠
Public input
𝑥𝑖
tampering function
Tampering Model (tampering with individual wires) Inspired by [Ishai-Prabhakaran-Sahai-Wagner2006]
input 𝑥𝑖
𝑥𝑖 Memory Secret 𝑠
Public input
𝑥𝑖
tampering function
Impossible! [IPSW06]
Tampering Model (tampering with individual wires) Inspired by [Ishai-Prabhakaran-Sahai-Wagner2006]
input 𝑥𝑖
𝑥𝑖 Memory Secret 𝑠𝑖
Public input
𝑥𝑖
tampering function
Our Results Compiler
𝐶 Need to define:
1. Tampering model 2. Security guarantee
𝐶’ tamper resilient
Security Guarantee For every
𝑆𝑖𝑚
there exists simulator 𝑆𝑖𝑚 s.t.
𝐶, 𝐿(𝑠)
≈ 𝑠𝑖
When Only log did bits selfdestruct of leakage occur
𝑥𝑖
Our Results
Compiler
𝐶
𝐶’ tamper resilient
• Resilient to constant tampering rate. • Information theoretic
Comparison with [IPSW06] [IPSW06] Tampering rate
Yael Tauman Kalai
Microsoft Research
Tamper-Resilient Circuits [Ishai-Prabhakaran-Sahai-Wagner06] wire tampering: Tamper with me toggle, Iset 0/1 willwire self to destruct!
[IPSW06]: 1/size tampering rate Our work: 1/const tampering rate
Physical Attacks Cold-boot attack [Halderman-SchoenHeninger-ClarksonCalandrino-FeldmanAppelbaum –Felten08]
Fault attacks Timing attacks [Kocher96,…]
[Boneh-DeMillo-Lipton97, Biham-Shamir98, …]
Power attacks [Kocher-Jaffe-Jun99,…]
Acoustic attacks [Shamir-Tromer]
Radiation Attacks [Agrawal-ArchambeaultRao-Rohatgi02]
Leakage attacks
Tampering attacks
Cold-boot attack [Halderman-SchoenHeninger-ClarksonCalandrino-FeldmanAppelbaum –Felten08]
Fault attacks Timing attacks [Kocher96,…]
[Boneh-DeMillo-Lipton97, Biham-Shamir98, …]
Power attacks [Kocher-Jaffe-Jun99,…]
Acoustic attacks [Shamir-Tromer]
Radiation Attacks [Agrawal-ArchambeaultRao-Rohatgi02]
Leakage attacks
Tampering attacks
[Rivest1997, Boyko1999, Canetti-DodisHalevi-Kushilevitz-Sahai2000, Ishai-SahaiWagner2003, Micali-Reyzin2004, IshaiPrabhakaran-Sahai-Wagner2006, Dziembowski-Pietrzak2008, Pietrzak2009 , Akavia-Goldwasser-Vaikuntanathan2009, Dodis-K-Lovett2009, Naor-Segev2009, KatzVaikuntanathan2009, Alwen-DodisWichs2009, Alwen-Dodis-Naor-SegevWalfish-Wichs2009, Faust-Kiltz-PietrzakRothblum2009, Faust-Rabin-Reyzin-TromerVaikuntanathan2010, Dodis-Goldwasser-KPeikert-Vaikuntanathan2010, Goldwasser-KPeikert-Vaikuntanathan2010, JumaVahlis2010, Goldwasswer-Rothblum2010, Canetti-K-Mayank-Wichs2010, DodisHaralambiev-LopezAlt-Wichs2010, Brakerski-K-Katz-Vaikuntanathan2010, Boyle-Segev-Wichs2010, DodisPietrzak2010, Braverman-Hassidim-K2010, Lewko-Waters2010, Lewko-RouselakisWaters2011, Lewko-Lewko-Waters2011, Jain-Pietrzak2011, Bitansky-Canetti-HaleviGoldwasser-K-Rothblum2011, BitanskyCanetti-Halevi2011, Garg-Jain-Sahai2011, Brakerski-K2011, Dodis-Lewko-Waters-
[Bellare-Kohno2003, Gennaro-Lysyanskaya-MalkinMicali-Rabin2004, Ishai-Prabhakaran-SahaiWagner2006, Applebaum-Harnik-Ishai2010, Dziembowski-Pietrzak-Wichs2010, Kalai-kanakhurthiSahai2011, , Choi-Kiayias-Malkin11, Kalai-LewkoRao2011, Liu-Lysyanskaya12]
Our Results Compiler
𝐶 Need to define:
1. Tampering model 2. Security guarantee
𝐶’
“tamper resilient”
Theoretical Result
Tampering Model (tampering with individual wires) Inspired by [Ishai-Prabhakaran-Sahai-Wagner2006]
input 𝑥𝑖
𝐶 𝑥𝑖 Memory Secret 𝑠
Public input
𝑥𝑖
tampering function
Tampering Model (tampering with individual wires) Inspired by [Ishai-Prabhakaran-Sahai-Wagner2006]
input 𝑥𝑖
𝑥𝑖 Memory Secret 𝑠
Public input
𝑥𝑖
tampering function
Impossible! [IPSW06]
Tampering Model (tampering with individual wires) Inspired by [Ishai-Prabhakaran-Sahai-Wagner2006]
input 𝑥𝑖
𝑥𝑖 Memory Secret 𝑠𝑖
Public input
𝑥𝑖
tampering function
Our Results Compiler
𝐶 Need to define:
1. Tampering model 2. Security guarantee
𝐶’ tamper resilient
Security Guarantee For every
𝑆𝑖𝑚
there exists simulator 𝑆𝑖𝑚 s.t.
𝐶, 𝐿(𝑠)
≈ 𝑠𝑖
When Only log did bits selfdestruct of leakage occur
𝑥𝑖
Our Results
Compiler
𝐶
𝐶’ tamper resilient
• Resilient to constant tampering rate. • Information theoretic
Comparison with [IPSW06] [IPSW06] Tampering rate
