Private Circuits A Modular Approach Yuval Amit Prabhanjan Ishai - - PowerPoint PPT Presentation

Private Circuits A Modular Approach

Prabhanjan Ananth Yuval Ishai Amit Sahai

Surveillance Devices

Credit card details SSN number Passwords PGP keys …

Surveillance Devices

Credit card details SSN number Passwords PGP keys …

Side Channel Attacks Adversary can obtain partial information (leakage) about the computation

Leakage-Resilient Cryptography

GOAL

Protecting cryptographic schemes against side-channel attacks

This Work: Leakage-Resilient Circuit Compilers [ISW03]

Circuit Compilers

C

̂ C

Compile

Circuit Compilers

C

x

̂ C

̂ x

Compile Encode

̂ C ( ̂ x)

Decode

C(x)

$$

• , contain NAND gates

C

̂ C

Remarks

• , contain NAND gates
• other bases for : results can be adapted

C

̂ C

̂ C

Remarks

Remarks

• , contain NAND gates
• other bases for : results can be adapted
• Circuit compilation is deterministic

C

̂ C

̂ C

Remarks

• , contain NAND gates
• other bases for : results can be adapted
• Circuit compilation is deterministic
• compiled circuit is reusable; no trapdoors

C

̂ C

̂ C

Remarks

• , contain NAND gates
• other bases for : results can be adapted
• Circuit compilation is deterministic
• compiled circuit is reusable; no trapdoors
• can contain random-bit gates

̂ C

C

̂ C

̂ C

Leakage-Resilient Circuit Compilers

Leakage-Resilient Circuit Compilers

NAND NAND NAND

. . . . . . 1 1 1 1 1

̂ C ( ̂ x)

Leakage-Resilient Circuit Compilers

NAND NAND NAND

. . . . . . 1 1 1 1 1 Leak … …

Bounded Leakage

̂ C ( ̂ x)

Leakage on computation of on

̂ C

̂ x

• Global leakage: Leak is function of entire computation
• low-complexity leakage classes [FRRTV11,Rot12]
• Local leakage: adversary has partial view of computation
• Wire-probing attacks [ISW03,…]
• Split-state leakage-resilient compiler [GR12,…]

What is Leak?

• Global leakage: Leak is function of entire computation
• low-complexity leakage classes [FRRTV11,Rot12]
• Local leakage: adversary has partial view of computation
• Wire-probing attacks [ISW03,…]
• Split-state leakage-resilient compiler [GR12,…]

What is Leak?

• Global leakage: Leak is function of entire computation
• low-complexity leakage classes [FRRTV11,Rot12]
• Local leakage: adversary has partial view of computation
• Wire-probing attacks [ISW03,…]
• Split-state leakage-resilient compiler [MR03,DP08,GR12,…]

What is Leak?

• Global leakage: Leak is function of entire computation
• low-complexity leakage classes [FRRTV11,Rot12]
• Local leakage: adversary has partial view of computation
• Wire-probing attacks [ISW03,…]
• Split-state leakage-resilient compiler [MR03,DP08,GR12,…]

What is Leak?

This Work!

NAND NAND NAND

. . . . . . ? ? 1 ? ? ?

NAND NAND NAND

. . . . . . 1 1 1 1 1 Leak … …

Wire-probing attacks [ISW03, …]

Subset of values in the computation leaked

Worst Case Leakage: threshold t

• Any t wires are leaked
• Perfect simulation given t bits of input

Leakage-Resilience: Wire-probing attacks [ISW03,…]

Worst Case Leakage: threshold t

Following [ISW03], several works study this setting…

[RP10,KHL11,GM11,CPR13,CGPQR12,…]

Leakage-Resilience: Wire-probing attacks [ISW03,…]

• Any t wires are leaked
• Perfect simulation given t bits of input

MPC on Silicon Applying MPC techniques to design secure hardware

Worst Case Leakage: threshold t

Leakage-Resilience: Wire-probing attacks [ISW03,…]

• Any t wires are leaked
• Perfect simulation given t bits of input

Recent years: focus on randomness complexity

[IKLOPSZ13,BBPPTV16,BBPPTV17]

Randomness Complexity

Randomness Complexity = # of random-bit gates

Randomness Complexity

Randomness Complexity = # of random-bit gates How many random bit-gates are needed?

Randomness Complexity

Randomness Complexity = # of random-bit gates How many random bit-gates are needed? [IKLOPSZ13] random bit-gates sufficient, for any

t3+ε

ε > 0

Randomness Complexity

Randomness Complexity = # of random-bit gates How many random bit-gates are needed? [IKLOPSZ13] random bit-gates sufficient, for any

t3+ε

ε > 0

Q: Is tight?

t3+ε

Randomness Complexity

Randomness Complexity = # of random-bit gates How many random bit-gates are needed? [IKLOPSZ13] random bit-gates sufficient, for any

t3+ε

ε > 0

Q: Is tight?

t3+ε

NO!

Leakage resilient compilers for -sized circuits and threshold t

s

Results: Worst-Case Probing

Leakage resilient compilers for -sized circuits and threshold

• secure against -wire probing attacks

t

s

t

Results: Worst-Case Probing

Leakage resilient compilers for -sized circuits and threshold

• secure against -wire probing attacks
• compiled circuit has size

t

s ⋅ poly(t)

s

t

Results: Worst-Case Probing

Leakage resilient compilers for -sized circuits and threshold

• secure against -wire probing attacks
• compiled circuit has size
• randomness complexity = , for any

t1+ε

t

ε > 0 s ⋅ poly(t)

s

t

Results: Worst-Case Probing

Leakage-Resilience: Random Wire-probing attacks

[ISW03,Ajtai10,ADF16]

Probabilistic Leakage: parameterized by (p,e)

Real World Ideal World

Every wire in leaked with probability p

≈e

Simulate leakage just given C

̂ C ( ̂ x)

Leakage-Resilience: Random Wire-probing attacks

[ISW03,Ajtai10,ADF16]

Probabilistic Leakage: parameterized by (p,e)

Real World Ideal World

Every wire in leaked with probability p

≈e

Related to Noisy Leakage Model: [CJJR99,FRRTV10,DDF15,…]

Simulate leakage just given C

̂ C ( ̂ x)

Leakage-Resilience: Random Wire-probing attacks

[ISW03,Ajtai10,ADF16]

Prior works: Random Wire-Probing Attacks

p = constant, e = negligible

Prior works: Random Wire-Probing Attacks

p = constant, e = negligible

• [Ajtai10]:
• highly complex

Prior works: Random Wire-Probing Attacks

p = constant, e = negligible

• [Ajtai10]:
• highly complex
• [ADF16]:
• simplifies Ajtai’s result
• still uses heavy machinery (AG codes and expanders)

Leakage-resilient circuit compiler against (p,e)-random probing attacks

• for some 0 < p < 1
• e negligible in circuit size

Results: Random-Wire Probing

Leakage-resilient circuit compiler against (p,e)-random probing attacks

• for some 0 < p < 1
• e negligible in circuit size

Results: Random-Wire Probing

p = 0.000065

Leakage-resilient circuit compiler against (p,e)-random probing attacks

• for some 0 < p < 1
• e negligible in circuit size
• Simple composition-based approach; uses only elementary tools

Results: Random-Wire Probing

Leakage-resilient circuit compiler against (p,e)-random probing attacks

• for some 0 < p < 1
• e negligible in circuit size

Large gates: construction with p close to 1

Results: Random-Wire Probing

Leakage Tolerance

Leakage Tolerance

̂ C ( ̂ x) = C(x)

̂ x = x

Input encoding and Output decoding algorithms are identity functions

Leakage Tolerance

̂ C ( ̂ x) = C(x)

̂ x = x

Input encoding and Output decoding algorithms are identity functions

This implies leakage-resilience!

Security Notions

A fraction of input and output will be leaked

• Worst-case: parameterized by t

Security Notions

A fraction of input and output will be leaked

• Worst-case: parameterized by t

Leakage simulatable given

• t bits of input
• t bits of output

Security Notions

A fraction of input and output will be leaked

• Probabilistic: parameterized by (p,p’,e)

Leakage simulatable given

• every bit of input x w/ probability p’
• every bit of output C(x) w/ probability p’

Results: Leakage Tolerance

Worst Case: t-wire probing attacks

• construction: randomness complexity
• lower bound: require at least t random-bit gates

t1+ε

Results: Leakage Tolerance

Probabilistic Case: (p,p’,e)-random probing attacks

1

p

p > 0.8, any p’ > p Doesn’t exist p < 0.00006, any p’ > p Exists!

Techniques

Goal for this talk

• Leakage-resilient circuit compiler
• (p,e)-random probing attacks

Starting Point:

t-out-n Secure MPC

… P1 P2 Pn x1 x2 xn … P1 P2 Pn x1 x2 xn

Π(C) ̂ C

… P1 P1 Pn x1 x2 xn … P1 P2 Pn x1 x2 xn

≡

Passive Corruption of P2 Leak State of P2

Π(C) ̂ C

Starting Point:

t-out-n Secure MPC

Leakage-Resilient Circuit Compiler

̂ C = Π(C′)

C’

Input: shares of x Output: shares of C(x)

• reconstruct x
• compute C(x)
• share C(x)

Leakage-Resilient Circuit Compiler

Security?

If at most t wires leaked then the leakage can be simulated

Leakage-Resilient Circuit Compiler

Security?

If at most t wires leaked then the leakage can be simulated

Probability that more than t wires are leaked = Simulation error e

≤ exp(

−(1 + t)2 12poly(|C|) ⋅ p )

Simulation Error e (by Chernoff)

Leakage-Resilient Circuit Compiler

If at most t wires leaked then the leakage can be simulated

Probability that more than t wires are leaked = Simulation error e

≤ exp(

−(1 + t)2 12poly(|C|) ⋅ p )

Simulation Error e (by Chernoff)

If p, |C|, t are constants then e is constant

Leakage-Resilient Circuit Compiler

If at most t wires leaked then the leakage can be simulated

Probability that more than t wires are leaked = Simulation error e

≤ exp(

−(1 + t)2 12poly(|C|) ⋅ p )

Simulation Error e (by Chernoff)

If p, |C|, t are constants then e is constant

Leakage-Resilient Circuit Compiler

negligible??

(p,e0)-Base Gadget G0

p = constant, e0 = constant Leakage-resilient circuit compiler with

Reducing the Error

IDEA

• Start with t-out-n secure MPC
• Emulate every gate in t-out-n secure MPC

with (p,e0)-base gadget G0

Pi

NAND

Pi

G0

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leakage simulatable as long as at most t base gadgets fail

Reducing the Error

Security?

Probability that more than t base gadgets fail = Simulation error e1

Leakage simulatable as long as at most t base gadgets fail

Reducing the Error

Security?

≤ exp(

−(1 + t)2 12poly(|C|) ⋅ e0)

Simulation Error e1 (by Chernoff)

Leakage simulatable as long as at most t base gadgets fail

Reducing the Error

Security?

Probability that more than t base gadgets fail = Simulation error e1

Size?

Size?

|Base Gadget| × |Π(C′)|

IDEA

• Start with t-out-n secure MPC
• Emulate every gate in t-out-n secure MPC

with (p,ek-1)-gadget Gk-1

Pi

NAND

Pi

Gk-1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

After k steps

After k steps: size?

Size of kth Gadget Gk

≤ |(k − 1)th Gadget| × |Π(C′)| ≤ |(k − 2)th Gadget| × |Π(C′)|

|Π(C′)|

×

. . .

≤ (|Π(C′)|)k

After k steps: size?

Size of kth Gadget Gk

≤ |(k − 1)th Gadget| × |Π(C′)| ≤ |(k − 2)th Gadget| × |Π(C′)|

|Π(C′)|

×

. . .

(|Π(C′)|)k

When |C| is a constant…

= exp(O(k))

≤

After k steps: error

≤ exp(

−(1 + t)2 12poly(|C|) ⋅ ek−1 )

Simulation Error ek ≤ exp

−(1 + t)2 12poly(|C|) ⋅ exp(

−(1 + t)2 12poly(|C|) ⋅ ek−2 )

≤ exp

−(1 + t)2 12poly(|C|) ⋅ exp

−(1 + t)2 12poly(|C|) ⋅ exp( −(1 + t)2 12poly(|C|) ⋅ ek−3 )

…

≤ exp(−2O(k))

When |C| is a constant…

When |C| is constant,

ek ≤ exp(−2O(k))

≤ exp (O(k))

k (Error)-1 Size

Size of kth Gadget Gk

When |C| is constant,

ek

k (Error)-1 Size

Size of kth Gadget Gk

= negl(|C|) = poly(|C|) k = log(|C|)

≤ exp(−2O(k)) ≤ exp (O(k))

When |C| is constant,

ek

k Size

C = NAND

Size of kth Gadget Gk

(Error)-1

= negl(|C|) = poly(|C|)

≤ exp(−2O(k)) ≤ exp (O(k))

To compile a large circuit C,

NAND NAND NAND

. . . . . .

To compile a large circuit C,

NAND NAND NAND

. . . . . .

Gk Gk Gk

. . . . . .

Stitch together the gadgets for every gate in the circuit

To compile a large circuit C,

NAND NAND NAND

. . . . . .

Gk Gk Gk

. . . . . .

Compositional issues?

Worst-Case Leakage: t-wire probing

• Similar approach: analysis much simpler

• Similar approach: analysis much simpler
• Randomness complexity:

Worst-Case Leakage: t-wire probing

• Similar approach: analysis much simpler
• Randomness complexity:
• G0 has constant randomness locality

Worst-Case Leakage: t-wire probing

• Similar approach: analysis much simpler
• Randomness complexity:
• G0 has constant randomness locality
• Gk has randomness locality O(k)

Worst-Case Leakage: t-wire probing

• Similar approach: analysis much simpler
• Randomness complexity:
• G0 has constant randomness locality
• Gk has randomness locality O(k)
• k=O(log(t))

Worst-Case Leakage: t-wire probing

• Similar approach: analysis much simpler
• Randomness complexity:
• G0 has constant randomness locality
• Gk has randomness locality O(k)
• k=O(log(t))
• [IKLOPSZ13] “small” randomness locality

implies “small” randomness complexity

Worst-Case Leakage: t-wire probing

Conclusion

• Worst-case wire-probing attacks:
• Randomness complexity (optimal)
• Prior to our work: randomness complexity
• Random wire-probing attacks:
• Simpler construction using elementary tools

t1+ε

t3+ε

Thanks!