How to use untrusty cryptographic devices

How to use untrusty cryptographic devices
Daniel Kucner
Mirosław Kutyłowski
Institute of Computer Science
Institute of Mathematics
University of Wrocław
Wrocław University of Technology
and CC Signet
Tatracrypt ’03 – p.1/20
Black-Box device
the following data is available for a black-box
device:
specification of a protocol implemented,
some quality certificates (according to Common
Criteria, FIPS, ...)
Tatracrypt ’03 – p.2/20
Black-Box device
the following data is available for a black-box
device:
specification of a protocol implemented,
some quality certificates (according to Common
Criteria, FIPS, ...)
Advantages:
unchangeable (no viruses, no malicious changes)
safer and faster then software
Tatracrypt ’03 – p.2/20
Black-Box device
the following data is available for a black-box
device:
specification of a protocol implemented,
some quality certificates (according to Common
Criteria, FIPS, ...)
Advantages:
unchangeable (no viruses, no malicious changes)
safer and faster then software
Disadvantages:
a real black-box – impossible to verify
Tatracrypt ’03 – p.2/20
How do we know that a device is honest?
verification is extremely complex
certification authorities need to be trusted
produced by a foreign manufacturer (under
control of a foreign secret service?)
Tatracrypt ’03 – p.3/20
How do we know that a device is honest?
verification is extremely complex
certification authorities need to be trusted
produced by a foreign manufacturer (under
control of a foreign secret service?)
the danger is real – kleptography techniques
Tatracrypt ’03 – p.3/20
Bob
generate random
generate random
to Alice
send
to Bob
send
Alice
Diffie-Hellman key exchange
Tatracrypt ’03 – p.4/20
– adversary’s keys.
!
&%#$"
()
3
21/ 0
-.'
4. return
()
, '
3.
'
2. return
1. generate random
Device
+*
Kleptography - device (DH)
Tatracrypt ’03 – p.5/20
– adversary’s keys.
'-
'
3
'
12/ 0
* then return
4
, '
,
'-
2.
3. if
3
12/ 0
1. Adversary eavesdrops
+
()
-.'
4. return
()
, '
+*
3.
'
2. return
1. generate random
&%# "
Attack
!
Device
+*
Kleptography - device (DH)
Tatracrypt ’03 – p.5/20
Kleptography - detection
Different number of exponentiation changes
stochastic characteristic of computation time
G
2IH
G
IH
DF W E
F
:
) QE
:P
C
JV
TU
C
S5
K
,
SB
N ML
O
C
D )E
:
KJ
G
I2H
DF ) E
C
6B
R
;
@
A
generate random
7
>?= <
generate random
7
: 98
6
DH contaminated device
65
DH clear device
Tatracrypt ’03 – p.6/20
Idea of solution
combine two or more devices of different
manufacturers
even if each of them is contaminated, the result
should be secure
Tatracrypt ’03 – p.7/20
using
X
using
\
Z
YX
- [
Z
2.
Y\
1.
[
Secure DH with contaminated devices
Tatracrypt ’03 – p.8/20
Z
\
X
from Bob
4. get
X
\
Z
- [
YX
3. send
using
using
2.
Y\
1.
[
Secure DH with contaminated devices
to Bob
Tatracrypt ’03 – p.8/20
Z
X
X
\
\
X
using
to Bob
using
\]
X]
[
7.
\]
- [
X]
6.
]
5.
from Bob
4. get
\
Z
- [
YX
3. send
using
using
2.
Y\
1.
[
Secure DH with contaminated devices
Tatracrypt ’03 – p.8/20
Proof of SDH security - outline
cd
`
e
ghf
e
g f
cd
j
^_
i_
given
find
ba`
if one device is secure then whole is secure
otherwise adversary has to solve problem:
Tatracrypt ’03 – p.9/20
l
l
k
@_
using
@
6o
l
n
m
2. compute
a generator
@
@
1. set in
k
Another secure DH ?
Tatracrypt ’03 – p.10/20
l
l
k
@_
@
m
@
l
pl
n
So
@
pm
using
to the partner and obtain
r
5. send
pm
4. compute
using
p k
q
a generator
n
3. set in
p k
q
2. compute
pl
_
6o
a generator
m
@
1. set in
k
Another secure DH ?
Tatracrypt ’03 – p.10/20
l
k
@_
m
@
So
pr
n
6o
r
n
pr
and compute the key
r
k
r
So
pl
n
pm
into
and compute
@
pr
using
to the partner and obtain
p k
s
into
7. put
l
@
p k
q
pm
6. put
r
5. send
@
a generator
4. compute
using
p k
q
6o
m
3. set in
n
2. compute
pl
_
k
a generator
@
1. set in
l
Another secure DH ?
Tatracrypt ’03 – p.10/20
l
k
@_
m
@
So
pr
n
r
So
6o
rN
p r
6o
_
6o
r
n
pr
and compute the key
_r
k
r
So
pl
n
pm
into
and compute
@
pr
using
to the partner and obtain
p k
s
into
7. put
l
@
p k
q
pm
6. put
r
5. send
@
a generator
4. compute
using
p k
q
6o
m
3. set in
n
2. compute
pl
_
k
a generator
@
1. set in
l
Another secure DH ?
Tatracrypt ’03 – p.10/20
‡
t p
ˆ

‰
V
V
@
w
vV
†{
6 S
t
z
…
@
IH
G
{U
S ƒ
:V z
F 6
C
„ƒ}
where
€
~
pt p
@
w
t
y
x
S}

‚€
~
pt
@
vV
vV
w
x
t p

‚€
~
6}
y
pt p
@
S
V
V
6. put
7. put
into
into
WŒ
and compute
‹

S
{
SD Œ
W
‹
SŠ
using
and compute

5. send
@
w
V
V
S 6
y{
t p
x
S oS
y
t p
z
z
SŠ
6
C{
SD
a generator
‹
z
4. compute
@
w
t
@V
@V
6
D
{
S o6
y
x
‹
)Œ
6Š
using
S
S S
y{
vV
@
x
V
pt
2. compute
S
{
t
x
S o|
z
y
vV
w
pt p
3. set in
z
6Š
C
D
6D
a generator

)Œ
then
1. set in
SŠ
S
w
t
x
vV
pt
vV
V
@V
pu t p
pu t
– observable
6Š

@
@
w
pt
Attack on (in)secure DH
.
.
to the partner and obtain
iterate:
Tatracrypt ’03 – p.11/20

’


‘
Ž
[
[
Z
—–•
”
“
1. pick a random
2. compute
3. compute
ElGamal Encryption
Tatracrypt ’03 – p.12/20
\”
˜
š
’
š
X”
\”
(on PC)
™
“
of message
”
\“
X“
X”
–
“
5. return ciphertext
using device
š
(on PC)
(on PC)
–
4.
”
3.
2. compute ciphertext
›™\ “
˜
1. compute ciphertext
™X “
˜
Secure ElGamal Encryption (SEGE 1)
Tatracrypt ’03 – p.13/20
\•
–
š
X•
˜
š
\•
“
˜
™
”
\“
\”
–
–
6. return ciphertext
š
(on PC)
(on PC)
- žŸ
\”
X“
X”
5.
“
4.
”
3.
™ \“
˜
š
žŸ
X”
™ X“
˜
2.
X•

•
\•
so that
š
˜
1. find
œ™X •
Secure ElGamal Encryption (SEGE 2)
Tatracrypt ’03 – p.14/20
–
–•
¡
\
–•
¢
- [
[
- [
¢
- [
[
”
“
š
˜
(on PC)
– [
Z
™
\“
(on PC)
¡
\“
6. return ciphertext
¡
\”
X“
X”
\”
–
\•
- žŸ
\”
š
˜
š
X•
žŸ
X”
™ X“
š
˜
š
˜
\•
œ™X •
–

\•
X•
•
so that
X
–•
–
¡
“
¡
”
–
5.
X“
˜
1. find
X”
4.
™ \“
3.
“
2.
”
Secure ElGamal Encryption (SEGE 2)
Tatracrypt ’03 – p.14/20
e
ghf
d
¦p£
@a
@
6Š
£
«
©
®­¯¬
n
£
£
§
¦p£
£
¥¤@
«
ª
@
¤@
i
©
1. find
2.
¨
Secure ElGamal Encryption (SEGE 3)
Tatracrypt ’03 – p.15/20
e
ghf
d
@a
£
pª
«
v
¦p£
©
pi
|Š
®­¯¬
ª
v
¤v
i
n
«
©
v
l
k
°
pª
to
¤
, a ciphertext of
k
«
@
6Š
©
pi
«
©
®­¯¬
p k
¦p£
£
£
§
¦p£
ª
@
¤@
i
n
«
©
¥¤@
£
1. find
2.
3.
computes
4. set of
to
5. set public key of
6.
¨
Secure ElGamal Encryption (SEGE 3)
Tatracrypt ’03 – p.15/20
d
@a
pª
«
«
©
¤ i
return ciphertext
ª
i
ª
¦p£
©
e
hgf
@a
v
pi
|Š
e
hgf
vd
vd
@a
n
ª
®­¯¬
ª
v
i
i
n
¤v
i
n
«
©
v
l
k
°
«
pª
to
¤
pi
, a ciphertext of
k
©
@
6Š
£
«
©
®­¯¬
computes
set of
to
set public key of
p k
¦p£
£
£
§
¦p£
ª
@
¤@
i
n
«
©
¥¤@
£
¨
find
ª
1.
2.
3.
4.
5.
6.
7.
8.
9.
e
ghf
Secure ElGamal Encryption (SEGE 3)
Tatracrypt ’03 – p.15/20
r
a£
|o
6o
NS ± o
|o
6o
NS ± o
«
©
e
hgf
i
e
hgf
vd
@a
n
®­¯¬
ª
¦p£
|Š
v
¤v
«
©
«
¤
pi
pª
°
pª
k
k
v
pi
v
l
to
o
_|
So
l
ª
¤ i
ª
vd
@a
i
n
p k
, a ciphertext of
rN
p£
a
a 6o
r
£
@a
6o
return ciphertext
p i
o
_ |
l
i
i
ª
n
©
computes
set of
to
set public key of
p ª
o
_ |
p£
a
a
v_
r
a 6o
@a
£
i_
i
«
©
@
6Š
@
¤@
n
£
®­¯¬
ª
i
«
©
«
©
£
d
£
£
¨
e
ghf
¦p£
@a
§
¦p£
¥¤@
find
@a
ª_
i
1.
2.
3.
4.
5.
6.
7.
8.
9.
ª
Secure ElGamal Encryption (SEGE 3)
Tatracrypt ’03 – p.15/20
g
both devices have the same
r
p
e
hgf
So
d
p l
pm
_
- no general algorithm,
exist such that for random
we could
So
@
- as above
lN
6o
¤ @g
p
¤ g
e
hgf
, then
m_
l
@ 6o
d
@_
m
g
g
devices have different
perhaps special
and
?
compute
¤
g
if both devices have the same parameters
DH could be broken
¤ l
How to get product of exponents?
Tatracrypt ’03 – p.16/20
ElGamal Signature Protocol
:
š
‘
’
’
“
3.
š
š
’
š
š
˜
”
“
™
¡
4. output the signature
•
³
˜
‘
“
—–
‘
•
—²
˜
˜
X
Z
2.
”
[
1. compute a random
˜
•
Sign a message
Tatracrypt ’03 – p.17/20
`
i
k
`
¤ l
¤
´
@
i
(on PC)
£
¤
m
¤ l
for parameters
g
°
@d
e
ghf
«
pª
for message
¸
¤
and
(random
«
¤
pi
¶
pª
pi
¤@
ª
to
·
©
generates
ª
_ «
6.
¤ i
©
p k
©
4. Alice sets generator of
¤@
@
from
p k
@
µ¤@
¶
3. Alice computes
5.
@
for parameters
g
ª
i
k
generates
private key)
@
2.
to
«
©
1. Alice sends arbitrary hash
´
Secure ElGamal Signature
Tatracrypt ’03 – p.18/20
Conclusions
We have shown how to use devices for
Diffie-Hellman
ElGamal Encryption
ElGamal Signature
to keep safe even if devices are contaminated.
Tatracrypt ’03 – p.19/20
Problems
\ ¹
into
X ¹
RSA – well known: split
¹
what about systems without random numbers?
for splitting the secret!
could we construct such a protocol for Rabin
encryption, signature?
Tatracrypt ’03 – p.20/20