 So good morning ladies and gentlemen So we are a bit late on schedule. So I propose that we we start right now So I'm Serge Vaudonnais from EPFL in Switzerland I'm It's my honor and pleasure to Share this session. So as you know the program committee decided to award a few papers In these conferences we have we have seen one presentation on Monday we have seen one presentation yesterday and Today we will see the presentation of a served a paper with which received which was awarded by the program committee and this paper Apparently creates a new branch of cryptography cryptography so the The paper is by Alexander Russell Matthew and Hong Sung Choo and the talk will be given by Kang Tan Everybody hear me well Thank you for the introduction and also we thank the PC members to for the recognition of the paper Dr. Copeland's already gave us this very strong motivation We need to provide some some tools for the little David to fight against the giant Goliaths. So here is a is one I'm going to talk about Cryptography clipping the power of kleptographic attacks is joined work with Alex Russell, Moti Young and Hong Sung Choo So we know that modern cryptography have achieved splendid success in the last couple of decades both in practice and theory in particular a Large amount of efforts have been devoted in crypto theory trying to precisely Define security models for a capture real-world attacks so that we can Establish some kind of rigorous security arguments while Real life is sophisticated the simple-minded crypto is very challenging for the simple-minded crypto to perfectly More capture all the real-world attacks. So that's the quote I put here Despite all those great advancement still has long way to go in fact There's still a huge gap between the security practice and the crypto theory. I Still this picture from the economist which originally trying to describe the post election life Which I also found quite fit here as you might You may guess depending which community I'm talking to I might swap the names of the two sides But the reason it makes perfect sense is that the gap actually due to responsibilities from both community one fact of In this gap is that there exists an implicit assumption essentially in every single cryptographic Models that the security can only be guaranteed unless we trust the implementation So the current tradition is that once cryptographers have designed and analyzed the cryptographic algorithms Then little job is done someone gonna implement it correctly While putting trust on implementation. It's very dangerous That you already give us a great demonstration that all kind of possible attacks could happen Besides the Intentional countless bugs due to the programmers More and more evidence was shown that intentional sabotage on the implementation could happen here I can give you more real-world examples So this is something called Xcode ghost, which is a pirate version of Xcode It embeds back door to every single app that is compiled from it If you use the app compiled here, then it's likely your personal information will be revealed This is the notorious wolf's wagon the emissions scandal they intentionally tune our device To change the behavior when they are tested for a mission while the specification doesn't say so I Guess most of you have heard of this touching letter from Apple that they claimed They do not want to cooperate with FBI to even unlock One of the terrorist iPhone But a hidden message behind this letter or the unintentionally is that they do have the capability to unlock everybody's iPhone Quite interestingly this reason that real-world attacks were actually formally demonstrated 20 years ago in some theory It's which is called kleptography, which is a science of stealing information Subliminally from black box implementations. This is due to Adam young and multi young Very simple example can be seen as follows. We all know and love RSA a version of the textbook Rca generation could be done as follows. We choose to run and prime so multiply them And you and we choose a random exponent as a public key While the implementation do not have to follow exactly as the specification It may it still generates public key and secret key, but it may contain some backdoor or special instruction to that To guide the the adversely at the malicious implementation to do something different And to give the adversary some more advantage in particular a Special attack can be seen as follows Again the malicious implementation generates a prime factor as before but Instead of sampling the running exponent or the exponent Runly they directly encode one of the prime factor into the public exponent now it follows immediately that To the implementation provider who has the backdoor can directly decode from the public key to get the prime factor and completely break the security of RSA Well, what's worse is that to everybody else who does not have this backdoor The maliciously generated public maliciously generated output of this public a public exponent actually looks perfectly fine as Like randomly distributed very quite unfortunately Adam and Morty got quite lonely for quite some time The security community don't really take this attack so seriously Maybe it's mainly considered as some theoretic and geeky attacks 20 years later this gentleman Tells the word Siri can't go to practice But not in a nice way So in the Snowden revelation there's actually exactly a less something called due easy student name generator Which exactly carries this type of attack by generating malicious public malicious public parameters So the the real threat of such kind of collateral attack is that the adversarial implementation can leak information Well, this is not something surprising But this can be done Even the output distribution of the malicious implementation can be almost the same as that of the specification So this means no black box test a no black box testing ever find this kind of suppression So after the Snowden revelation this big impact on real-world Consequences our community started to react and a lot of great work emerged but quite unfortunately most of them are Studying some kind of more powerful more sophisticated attacks and showing more depressing impossibility result Well, our life is already miserable enough. Can we get more positive news? In particular one of the most in notable noticeable result Will was due to Bollari Paterson and Ragui Crypto 14 they essentially show that any type of random subverted randomized algorithm can be used to launch this type of Cryptographic attack. That's quite devastating But the state of the art for defending is a little bit less Satisfying because of the subliminal subliminal channel attack It was that was suggested that we may have to give up on randomized algorithms One immediate consequence is that we have to assume the key generation to be honest Also, the encryption algorithms We have to use deterministic version. So this means we can never achieve CPA security for public encryption Also, the crackness of the malicious implementation is essentially directly assumed There are also some other interesting perspective considering defending One of the most interesting one probably due to the artist at all using assuming some kind of trusted reverse firewall but the critical Factor here is that they need some trusted source of randomness Which is not clear where we can get if we can't have trusted randomness actually It seems the subliminal channel attack will simply go away So the status is somehow looks a little bit like this to me So it's for defending actually is the situation is widely open from theoretical point of view, we don't even have a Agreement on what is the right model? what do we mean by security in this new setting and We essentially know very little Equivalent to know what to do about the subverted randomized algorithms If we think just simply giving it up. It's also a good option and Very few functionality have been considered This is far from being understood basically we don't have understanding at all So the long-term goal is that we want to design some kind of system that can be immune to such kind of kleptographic attack and We won't even want to build a parallel theory of cryptography in this new setting We call it cryptography we do devoted quite some effort and made some Progress along this line the first of course is definition with cryptographers love definitions and We want to lay down the foundation of this kleptography So we propose a general definition of framework which enabled us to derive our hierarchy of definitions a Quick remark here is that we explicitly permit the adversary to subvert every single algorithm within one cryptographic primitive This is a quite different with previous works that assume some algorithms such as key generation to be honestly implemented with the taxonomy settled We would like to some do some real job Can we actually mitigating the damage of subverted algorithms? Can we somehow dance with this subliminal channel so that? still the Some of the primitives can be preserved the secure in this very devastating setting and we want to achieve this with a minimal change in the existing specification so that it can be immediately deployed To be more concrete we consider the subversion resistant trapdoor augmentation to run a number generator and digital signatures Let's have a brief look of the what we mean by kleptographic model So the story now goes as follows the adversary implements some Functionality and post it for use so the regular user what can I do? They can simply they can only take it and use it hoping it's secure Well, I also exist a new entity called watchdog who has the specification can be denoted by some industrial lab or whatever He will take the implementation and interrogate it compare with the specification try to do some detection In more detail, there will be three participants in this security model So again adversely is still there, but it's more powerful because now the adversary is allowed to Not only playing the game to break security, but also provide malicious implementations The challenger also still there, but the challenger got much more restricted because he's now only allowed to use malicious implementation to play the game to play the traditional game with the adversary Well, the new entity watchdog simply just do a black box testing Cute feature a characteristic to mention here is that normally such kind of powerful attack Launched by implementation providers or specification for all standardization agent agency, right? They are they might be quite malicious. They want to break security But in some sense, they're also proud. They don't want the public to know what they are doing They want to keep the subversion under the radar So the adversely is a goal here is two-fold break security, but keep the subversion under the radar So the security in this new setting is just the other way around Either the watchdog can detect the subversion or the primitives will still be secure in the some kind of Upgraded the security game when when user simply using malicious implementation Actually the real modeling procedure is quite Sophisticated depending on the quantifier the power of the watchdog the form of implementation actually there exist Multiple variants of the definition. We encourage you to take a look of the paper of all possible models One might immediately Have a question since in the kleptographic attack is essentially demonstrated No watchdog can find out the subversion, right? That was the point of having this watchdog What was the use of it? The watchdog can at least do some very minimal thing to ensure the implementation at least is not completely crazy For example for deterministic algorithm with a public input distribution The watchdog can simply just sample evaluate and compare right to ensure the consistency But for randomness of a randomized algorithm, for example, randomness generation No watchdog can ensure the output to be uniform But at least that the watchdog can ensure the randomness The output has certain amount of entropy. Otherwise the watchdog can simply observe a lot of collisions by repeatedly running the implementation So the main idea of this whole cryptography actually is how we can amplify This very minimum trust or very minimal guarantee provided by the watchdog by very delegate Specification design so that we can boost this very tiny Tiny guarantee to ensure the security of the whole cryptographic print. We want to mitigate subliminal channel as the major task and One critical factor here is the key generation has to be randomized. So we have to deal with this situation Let's consider one of the most basic building block in crypto, which is one way permutation. Everybody knows what it is and Suppose some adversary want to launch the klepto attack on one way permutation. What can he do? She can simply Supply a malicious key generation or index generation implementation and keep the implementation somehow undetectable Here I ignore the evaluation component because it is a deterministic Function with a public input distribution. So it would be almost consistent The attack is actually very simple It simply echoes the folklore knowledge that random padding is dangerous So imagine there's a part of the index actually will be directly output So this redundancy will be explored and used to embed the back door or Here the back door is directly in the form of a trap. So the attack here itself is not super exciting But it tells us some intuition that if the attacker wants to launch a klepto attack She has to make the output Contain some kind of structured information to help her to gain some advantage Thus in order to mitigate this subliminal channel, we have to mess up with this structure This reminds us some conventional wisdom in life called nothing up my sleeve Which is usually done by magicians when they are do the open right showing nothing is hidden here and Actually, it's very interesting such kind of concept was widely deployed in security practice Something called nothing of my sleep numbers so if Consider we want to have some public parameter or public constant We don't want to be under control of any of the agency We can simply go to the mother nature to choose some part of pie or the base of the natural logarithm So this taken as a Constant ensures no one can have full control of it, right? No human can have control on the nature These are great brilliant practical ideas, but We want to bring One step further we need some kind of key generation, right? So we need still introduce some kind of uncertainty We need to in order to mitigate some such kind of subverted key generation Essentially you want to build something like a nothing on my sleep keys or parameters? It's quite nature or intuitive to think if we Proposed the specification to Contain two component one again is the key generation and together with a harsh So the actual output is that will be the harsh applied on output of the key generation a Quick note here is that both component can be subverted neither of them can be trusted The only thing is in force is that the specification has to contain these two component Well, the intuition why this works is quite simple So for any backdoor it can only influence a very sparse subset of the indexes I mean otherwise the specification itself will be insecure So Mapping a polluted index by dispersing it to kind of a uniform random points in the domain We are very likely to map it to a safe place Well here why we can use the subverted the harsh function again It is because of the fact the harsh function is a public is a deterministic function with public input distribution if we check carefully So with this intuition we can actually formally demonstrate with the Slightly adapted the new specification and assuming the specification of the harsh function is modeled as run Oracle Then we can show this is actually subversion resistant Well, this simple idea can be bring further One of the the first interesting observation is that we may be able to do the same thing to say Do you see children I'm a generator and What it makes more interesting it is that it was demonstrated in Eurocript paper due to Dottis at all they essentially prove that it's impossible to clean the output of the do you see should run a generator by even applying a trusted run or so these are just Just clean different part of the PRG Give us opportunity to sidestep this impossibility result So these are this basic building block. We want also want to do something more to build a high-level Crypto schemes for example one thing we choose to consider is We similarly save trapdoor or representation and then we try to use this as a building block To construct the full domain hash to save the key generation of the full domain hash signature scheme Along this way we find we have some more interesting observations So the simple full domain hash proof actually cannot go through in this new setting, which is quite surprising I will explain a little bit more why But fortunately the reduction from one implementation to PRG still preserves This facts hint a little bit that the whole landscape of cryptography in this new setting Might be completely different. So we may reconsider consider a lot of things so I Guess a lot of you many of you are very familiar with the full domain hash proof so that the the critical parts here is the Reduction has to somehow embed the one-way presentation challenge into the run Oracle purists of the adversary of the signature and This is folk knowledge. I already knows but in the crypto setting the one-way permutation challenge Has to be generated by the malicious implementation While the run Oracle curies can be made even before the adversary is actually building the implementation so now there's no way to similarly embed this challenge into the run Oracle Curie because When when asked for run Oracle curie the reduction may not even see the challenge yet So to fix this Signatures again, we need to revise for domain hash a little bit The idea is also quite simple. We want to force all the useful queries that made by the signature adversary All have to be after the implementation is provided This can be achieved by simply hushing the public key together with the message why this works because the public key itself has to be Generated by the malicious implementation. Well, if the adversary don't supply the implementation He will never get any useful query Or if the adversary wants to carry a real useful message He has to get the public key first, which she should provide implementation first So a quick summary here that the real message I would like to deliver is It's actually possible for us to do something meaningful that we can defend against such powerful attack on randomized algorithm, but with only with also very minimal trust and very Minimal change by redesigning the specification for another a little bit more theoretical note is that The whole landscape of cryptography when we add in this one more dimension Without the trust on the implementation might drastically change So the impact there are those five words in this setting might be completely different So many results here was revisiting since this is really The beginning of a largely unexplored area many things are many problems remain open. So I only highlight some of the Most interesting or critical question to us Here for example, all we talk about in this paper is try to mitigate in subliminal channel But the subliminal channel here still exists at least that the whatever we do here Still the adversary can leak at least like one bit of information For some primitive might be fine as we demonstrate in this paper But for other primitives like encryption one bit of leakage already destroyed the CPA security Also, there exists another much simpler attack. It's called a hidden trigger Just imagine a signing algorithm which directly reveals the sacred key when sign a specific message It turns out that this very simple attack is much more challenging to defend Of course, you can also consider how to remove the run or call blah blah blah So before I close the talk actually there are more good news So we do make some progress along these two most important questions. We just I just mentioned with another trick of the Of the specification we can actually destroy the subliminal channel generically by introducing a very mild assumption of independent execution and Doing this can help us to save the most important cryptographic primitive public encryption and also preserve the standard security Also, we want to achieve digital. We also achieve the digital signature with only our offline watchdog So what does that mean? So the current signature scheme to defend against the hidden trigger We have to introduce some kind of online version of the watchdog Which is piggybacked at the implementation which checks every single transcript, which is very hard to instantiate so this involves some quite new technique of self-correcting run or call then we would It get them a quite interesting result for signature So with these two pieces of good news, I will finish my talk and take question. Thank you Any question for you? I'm curious with the with the idea of the nothing up your sleeve number I think that there's I mean obviously you never know where a parameters come from if it came from NIST For example and people have asked and then this doesn't remember can't figure it out And so maybe there's something up their sleeve and maybe not but how like what's a really good metric for determining when We actually would want to nothing up your sleeve number versus something well formed Because I can imagine one way to backdoor a specification would in fact be to put a nothing up your sleeve number into the Specification when in fact you wanted something that was like well formed in some way It wasn't just totally random and by using something that's totally random you've actually backdoored the specification So how do we have a rigorous analysis of of those in terms of specifications? That's a great question. So what I mentioned here is that yeah, we only In the talk we only consider the example that the parameter should be uniform somehow without any structure But if we indeed need a structured data, we can have a very simple paradigm that splits any randomized algorithm into two parts London is generation and the other deterministic part turn the random coin to the structure the output Right, actually, that's how people do in practice. It's simply whenever they need a random coin They call some external library right what we need to show it ensure Here is that we just need to ensure the random coin is something nothing up my sleeve Well, if you really need the structure later, then we just feed the clean the coin to the sampler But great great question any other question, so I guess it's time to have a break. Let's thank the speaker again