 Okay, hi. Is it on? Yes. Okay. So this is joined work with Dana Dachman Soled. She should have given the talk here, but since she's eight months pregnant, she couldn't make it. I'll do my best to give a talk, which is, you know, hopefully close to being as good as she would, but I'm sure I won't succeed, but I'll give it a try. Okay. So the previous talk, we talked about securing circuits against tampering attacks, and we'll talk about leakage a little bit as well. So let me give you, oh, this does not work. Okay. So, let me go straight ahead with our results. So what we show, we follow the model of Beshai, Prabhakaran, Sahay and Wagner, and we show how to convert the device to a device that's resilient to tampering. Let me tell you the model that's considered by us and by the previous result of Beshai et al. So we consider an adversary who can tamper with the circuit by toggling with the wires, setting wires to zero or setting wires to one, and we claim that even if he does so repeatedly, he does not gain any information, and the reason he doesn't get any information is because what this device will do as soon as he realizes that he was tampering with, tampered with, it will self-destruct. So that was the idea of Beshai et al and we're kind of following upon it. What Beshai et al showed is they showed how to do such a conversion and the amount of tampering they tolerate in each run, or in other words, the number of wires that the adversary can tamper with is roughly one over the size of the original device or the original circuit. And essentially the reason this happens is because the way their result goes, they say well if you want to tamper with T wires, very roughly speaking what they say is we need to explode the circuit by a factor of T and that's why they get one over the side, that's why the rate will be small and the improvement in this work is that we get a constant rate. So in each run the adversary can tamper with a constant fraction of the wires in the circuit. So that's in a nutshell our result. Okay, so why do we care? So as Feng Hao just showed there's a variety of physical attacks in the real world so I'm not going to go over them, there's timing attacks, power attacks, acoustic attacks called boot attacks, default attacks, radiation attacks so on and so forth. Roughly speaking these attacks can be partitioned into two parts. There's leakage attacks where leakage attacks are essentially what you should think of as the adversary the computation is going on. He cannot tamper with the actual computation but he can kind of get information about a side channel information about what's going on so by timing the computation he may get some information about what's happening to the computation and so on and so forth. And then there's another category which is tampering attacks where the adversary can actually go and manipulate the wires or put radiation on it and what it causes is instead of the original computation to go on something weird goes on so it actually changes the computation and in this talk as opposed to the previous talk we actually consider tampering and the computation itself so not only with the memory but actually during the computation the adversary can tamper with the wires. So there's been a lot of previous work I'm not going to go over it actually there's much more you know it goes down the point is not to give references here the point is just to tell you that there's been a lot of work much more on leakage than on tampering and in this talk I'm going to focus on partial results for leakage and tampering I'm going to mention that in the end but for this talk let's just focus on the tampering part. Okay so now let me try to tell you our results in a bit more detail so what we show is we take we show how to convert any circuit into one that's resilient to tampering but in order to tell you our results in more detail I need to define what do I mean by tamper resilient so what's the tampering model and I need so I'm telling you what tampering is what the tampering model and I need to tell you what resilience is meaning what's the security guarantee that we give okay so let's start with the tampering model which I mentioned before but actually before I do that let me just give a warning here so this is a theoretical result the tampering model that we show here we don't claim that it solves real-world tampering attacks it doesn't actually and moreover we don't claim that the result is practical in fact it's not so what we think of this result as just kind of a step towards kind of achieving the end goal okay so so what's the tampering model so the tampering model is essentially the one by Isha et al we consider circuits when we think of a circuit the way we model it as they do is we think of it as a circuit which has some secret state that's the memory so there's some secret s which is in the memory you should think of that as kind of the secret key so you can think of the circuit as a signing key and in the memory there's the secret key that's used to signing and the adversary can repeatedly do the following things so it sends an input xi of his choice okay as often as he wants and moreover he can also with the input xi he can send a tampering function okay so he sends an input xi he sends a tampering function with it and what is this tampering function what he can do he can this tampering function just specifies a bunch of wires and specifies it a bunch of memory location memory wires and for each such wire the tampering function tells you whether he wants to set the wire to 0 set it to 1 or toggle with the wire and the adversary what he gets back is the result of the of the circuit when these wires were tampered with and he can do that repeatedly okay so that's the that's what we allow the adversary to do that's the tampering that the adversary is allowed to do and actually it was already shown by shayatal that is impossible and let me it's very simple to see why it is impossible so let me tell you what the adversary can do he can run this circuit many times and many x sides of his choice and then on the same x side he will run the circuit while taking only one memory bit at a time and so take let's say the first memory bit set it to 0 now run again on the same input see if any change happened if nothing happened it could have been 0 because the functionality didn't change and if it did change you know it was a 1 so you set it to 1 and this you do kind of bit by bit and you learn the entire secret state so the point is ishayatal showed that this is impossible to do so you know I am claiming here a positive result and the way they get around this positive result this negative result and we do too is by allowing the feedback into memory or in other words what we call self destruct so when the circuit realizes something bad happened what he will do he will override the memory with 0s and therefore if you do the attack as before try to learn bit by bit after self destruct you don't learn anything anymore it's just a bunch of 0s okay so that's the tampering model we allow wire tampering and we have this feedback which zeroes out all the memory okay so that's the sorry about that so that's the tampering model now we need to talk about the security guarantee so the security guarantee of ishayatal is kind of the usual simulation based security guarantee for any adversary you want to say there is a simulator that so we want to say the adversary doesn't learn anything beyond black box access to the circuit essentially he definitely gets at least black box access he also we allow him to tampering but that doesn't reveal extra information is what you want to claim and the way you formalize you say well there's a simulator who can learn whatever the adversary learns with only black box access to the circuit that's the security guarantee we would like to give we give a slightly weaker security guarantee and we allow the simulator to learn log bits of leakage okay and we want to emphasize that for practical security that's not I mean you can guess it with one over polyprobability so if you think about if you use it as for cryptographic applications it shouldn't ruin security this log many bits of leakage and what this leakage is actually going to be this log bits of leakage will essentially tell the simulator so the adversary is running this circuit many many times the simulator needs to know when the self-destruct happens once you know it can simulate everything he doesn't need to learn anything else so that's kind of the log bits of leakage that you learn when self-destruct happens and that's inherent actually and I'll talk about in a minute okay so now we talked about the model we talked about the tampering what's our result so we show this compiler takes any circuit to a tamper zillion circuit now I explain what tamper zillion means and the resilience is the constant tampering rate so we can fact that in each run the adversary can tamper with the concentration of the wires and tampering gates and the result is information theoretic so we don't have any bounds on the adversary or any time bounds on the adversary nor do we rely on any computational assumptions okay so now let me compare it with the work of Ishae and Tal Mordito so let me first try the improvement and then I'll say the downside of our work so first they get tampering rate which is only one over the size of the original circuit we get constant tampering rate they use randomness gate so in the tamper zillion circuit there are gates to just produce randomness and they or they can get around it by using computational assumption or pseudo random functions we don't need any of that our result is information theoretic and we don't need randomness at all because now everything is deterministic and one can show that if you don't use any randomness then this log bits of leakage is inherent you can't get around it so we get log bits of leakage they don't and also they can handle persistent faults and we cannot okay so let me tell you a little bit about kind of more related work in this area so the area that's related is the area of fault tolerant computation there have been tons of work in this area starting from von Neumann and essentially in this area people try to construct circuits that are fault tolerant namely they are still correct even if there's some tampering they still produce the correct output they didn't care about secrecy here in this line of work and then there's also a long line of work on tampering only with memory gates that's the work that Fenghao Fenghao's work is in this category and as far as I'm aware of there's been actually very little work on trying to protect circuits against tampering during the computation itself and positive results on this and so there's the work of Ichaita that I've been talking about all along and then there's another work by Fassbetsack and Venturi and they also get this log bits of leakage so the adversary can tamper and the guarantee is that you don't learn anything more but anything more than log bits of leakage so they also have this log bits of leakage but their result and they also consider only tampering with wires but their result is essentially in the for random errors so they allow the adversary to tamper with a wire but then this tampering kind of with probability p does not occur so it's essentially like a random error model as opposed to adversarial error model okay so in the last four minutes let me show you, give you an overview of our construction so how do we get our result okay so the starting point is the idea of Ichaita where we say you know we'll take the original circuit and we'll just add a little component that checks whether tampering occurred and if tampering occurred the component will self destruct the idea as well the problem which they had to deal with too is that this component needs to be tamper resilient because the adversary can just tamper with this component so the question is how do you get that to be tamper resilient and here's the key our key idea the key idea is to make the tamper detection component in complexity class let me explain to you what I mean so I want this detection component to be of the following form many many many small kind of components each of constant size and the number of them is big it's proportional to the size of the circuit why is that what I want because now let's say the adversary tamper is because each one of the constant size and because there are so many of them they're proportional to the size of the circuit the adversary cannot tamper with all of them okay so the adversary can only tamper with some constant fraction of them how is that there's some constant fraction of this tamper detection components that we're not tampered with so even if the adversary tries to tamper with all of them there's just too many of them and since each one of them is of constant size there's always going to be some if you make the constant small enough there's always going to be some that he won't tamper with and these are the ones who are going to override the memory with zeros so that's the basic idea of course there's much more to it because how do they override all the memory and so on and so forth but that's kind of the main idea so how do we get this tamper detection component of this form that's a bunch of little components each one of constant size the technique is what's on PCPs of proximity which was put forth by Ben Sasone Tal so let me tell you I'm not going to define what PCPs of proximities are but let me kind of give you continue this overview of our construction so what we do our compiler takes a circuit and converts it to the following circuit it first computes the circuit so the tamper resilient circuit what it does it computes the circuit and then it proves to himself that he computed it correctly okay so he proves to himself that's the PCP proof probabilistically charcoal proof and the proof needs to be such that you can verify it by reading only very few bits of it at a time so if you just use what's called probability to check about proofs for those who know what that means then you can these are proofs that essentially allows you to read only constant number of bits from the proof and check okay so here are all the components each one reads constant number of bits and now it checks the correctness and if it's not that one of them it's not that one of them is a construct and the idea is that okay because there are many of them and each one has constant size there are always going to be some that the adversary will not tamper with and these the orange ones are going to actually feed into the memory and put zeros everywhere okay overwrite with zeros now PCP's as is don't work the reason is they indeed only query the PCP query the input X and the memory S everywhere okay and we need them to also query the memory in the the S and X also on constant constant number of locations and that's why PCP's are not enough and what we need is PCP's of proximity so I'm not going to define what these are but okay I'm not going to know to understand this is actually our circuit but because we the PCP's of proximity because they cannot access the entire X and the entire secret memory what we'll need is essentially to encode the input X in an error correcting code to encode the memory in an error correcting code then we do the circuit computation we do the proof the PCP the PCP of proximity computation and then we have all the the small verification circuits okay so to summarize so we have a general compiler that converts a circuit C into a tamper resilient one we are resilient to constant fraction of tampering our results are information theoretical and it also we have results extending to continue a leakage and tampering but I'll leave that for the paper okay thank you very much