Cryptography without (Hardly Any) Secrets ?
نویسنده
چکیده
The absolute privacy of the secret-keys associated with cryptographic algorithms has been the corner-stone of modern cryptography. Still, in practice, keys do get compromised at times for a variety or reasons. A particularly disturbing loss of secrecy is as a result of side channel attacks. These attacks exploit the fact that every cryptographic algorithm is ultimately implemented on a physical device and such implementations enable ‘observations’ which can be made and measured on secret data and secret keys. Indeed, side channel observations can lead to information leakage about secret keys, which in turn can and have lead to complete breaks of systems which have been proved mathematically secure, without violating any of the underlying mathematical principles or assumptions. Traditionally, such attacks have been followed by ad-hoc ‘fixes’ which make particular implementation invulnerable to particular attacks, only to potentially be broken anew by new examples of side-channel attacks. In recent years, starting with the work on physically observable cryptography by [MR04] Micali and Reyzin, a new goal has been set to build a general theory of physical security against a large class of families of side channel attacks which one may call computational side-channel attacks. These include any side channel attack in which leakage of information on secrets occurs as a result of performing a computation on secrets. Some well-known examples of such attacks include Kocher’s timing attacks [Koc96] and power attacks [KJJ99]. A basic defining feature of a computational side-channel attack, as put forth by [MR04] is that computation and only computation leaks information. Namely, portions of memory which are not involved in computation do not leak information. A growing number of works [MR04,ISW03,PSP08,GKR08,DP08] have proposed cryptographic algorithms provably robust against computational side-channel attacks, by limiting in various ways the portions of the secret key which are involved in each step of the computation. In the work on one time programs this is taken to an extreme [GKR08]. Goldwasser, Tauman-Kalai, and Rothblum show how by using a new proposed type of secure-memory which never touches any secrets or data which is not ultimately fully revealed, it is possible to perform any secure computations which is provably secure against all computational side channel attacks. Memory-attacks proposed by Akavia, Goldwasser, and Vaikuntanathan [AGV09] are an entirely very different family of side-channel attacks that are not included in the computational side-channel attack family, as they violate the basic premise of [MR04] that only computation leaks information. This class of attacks was inspired by (although not restricted to) the memory-freezing attack introduced recently by Halderman et al. [HSH08], where its is shown how to measure a significant fraction of the bits of secret keys if the keys were ever stored in a part of memory (e.g. DRAM), which could be accessed by an adversary even after the power of the machine has been turned off. Thus, information leaks about portions of the secret key which may have never been involved in any computation. A memory-attack leaks a bounded number of bits computed as a result of applying an arbitrary function of bounded length (smaller than than the size of the secret key) to the content of the secret key of a cryptographic algorithm. Naturally, this family of attacks is inherently parameterized and quantitative in nature, as if the attack would uncover the entire secret key at the outset, there would be no hope for any cryptography. The work of [AGV09] exhibits a public-key encryption algorithm which is especially robust against memory-attacks. Its security is based on the computationally intractability of the learning with errors (LWE) problem which is related to the intractability of approximating the length of the shortest vector in an integer lattice. Finally, a new interesting variant on the idea of memory attacks, had been proposed by Tauman-Kalai etal [DTKL09] in their work on security with auximlary-inputs. They propose to replace the restriction of revealing a length shrinking function of the secret, to revealing functions of the secret which are exponentially hard to invert. In this talk we will survery this development, with special emphasis on the works of [GKR08,AGV09,DTKL09].
منابع مشابه
IJSRP Feb 2012 Edition, Volume 2, Issue 2
Recursive Visual cryptography takes the idea from the basic scheme of Visual cryptography to hide multiple secrets recursively in the single image. [1] This paper proposes a scheme of recursive creation of shares using the basic scheme and embedding secrets into the shares. This results levels of share creation i.e. nsecrets equals n/2 levels. This paper also provides secured authentication for...
متن کاملVisual Cryptography by Random Grids with Identifiable Shares
This paper proposes a visual cryptography by random grids scheme with identifiable shares. The method encodes an image O in two shares that exhibits the following features: (1) each generated share has the same scale as O, (2) any share singly has noise-like appearance that reveals no secret information on O, (3) the secrets can be revealed by superimposing the two shares, (4) folding a share u...
متن کاملA Recursive Threshold Visual Cryptography Scheme
This paper presents a recursive hiding scheme for 2 out of 3 secret sharing. In recursive hiding of secrets, the user encodes additional information about smaller secrets in the shares of a larger secret without an expansion in the size of the latter, thereby increasing the efficiency of secret sharing. We present applications of our proposed protocol to images as well as text.
متن کاملOn the Practical Feasibility of Secure Multipath Communication
Secure multipath transmission (MPT) uses network path redundancy to achieve privacy in the absence of public-key encryption or any shared secrets for symmetric encryption. Since this form of secret communication works without secret keys, the risk of human failure in key management naturally vanishes, leaving security to rest only on the network management. Consequently, MPT allows for secure c...
متن کاملMeaningful Share Generation for Increased Number of Secrets in Visual Secret-Sharing Scheme
This paper presents a new scheme for hiding two halftone secret images into two meaningful shares created from halftone cover images. Meaningful shares are more desirable than noiselike meaningless shares in Visual Secret Sharing because they look natural and do not attract eavesdroppers’ attention. Previous works in the field focus on either increasing number of secrets or creating meaningful ...
متن کاملAuthentication method with impersonal token cards
Traditional methods of user authentication in distributed systems suuer from an important weakness which is due to the low degree of randomness in secrets that human beings can use for identiication. Even though weak secrets (passwords and PINs) are typically not exposed in the clear over the communication lines, they can be discovered with oo-line brute force attacks based on exhaustive trials...
متن کامل