Tal Malkin, Columbia University

Traditionally, secure cryptographic algorithms provide security against an adversary who has only black-box access to the secret information of honest parties. However, such models are not always adequate. In particular, the security of these algorithms may completely break under (feasible) attacks that tamper with the secret key.

We propose a theoretical framework to investigate the algorithmic aspects related to tamper-proof security. In particular, we define a model of security against an adversary who is allowed to apply arbitrary feasible functions f to the secret key sk, and obtain the result of the cryptographic algorithms using the new secret key f(sk).

We prove that in the most general setting it is impossible to achieve this strong notion of security. We then show minimal additions to the model, which are needed in order to obtain provable security. We prove that these additions are necessary and also sufficient for most common cryptographic primitives, such as encryption and signature schemes.

We also consider restrictions of the model in which the tampering powers of the adversary are limited. These restrictions model realistic attacks (like differential fault analysis) that have been demonstrated in practice. In these settings we show security solutions that work even without the additions mentioned above.

Finally, if time permits, we will discuss the applications to portable devices protected by PINs and show how to integrate PIN security into the generic security design.

Joint work with Rosario Gennaro, Anna Lysyanskaya, Silvio Micali, and Tal Rabin.

Co-sponsored by Laboratory for Secure Systems, New Jersey Institute for Trustworthy Enterprise Software, and the PORTIA project.