CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks

Intel Software Guard Extensions (SGX) allows users to perform secure computation on platforms that run untrusted software. To validate that the computation is correctly initialized and that it executes on trusted hardware, SGX supports attestation providers that can vouch for the user’s computation. Communication with these attestation providers is based on the Extended Privacy ID (EPID) protocol, which not only validates the computation but is also designed to maintain the user’s privacy. In particular, EPID is designed to ensure that the attestation provider is unable to identify the host on which the computation executes. In this work we investigate the security of the Intel implementation of the EPID protocol. We identify an implementation weakness that leaks information via a cache side channel. We show that a malicious attestation provider can use the leaked information to break the unlinkability guarantees of EPID. We analyze the leaked information using a lattice-based approach for solving the hidden number problem, which we adapt to the zero-knowledge proof in the EPID scheme, extending prior attacks on signature schemes.

Download Full-text

Side-Channel Protections for Picnic Signatures

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i4.239-282 ◽

2021 ◽

pp. 239-282

Author(s):

Diego F. Aranha ◽

Sebastian Berndt ◽

Thomas Eisenbarth ◽

Okan Seker ◽

Akira Takahashi ◽

...

Keyword(s):

Hash Function ◽

Proof System ◽

Side Channel ◽

Side Channel Attacks ◽

Zero Knowledge ◽

Signature Schemes ◽

First Order ◽

The Third ◽

Zero Knowledge Proof

We study masking countermeasures for side-channel attacks against signature schemes constructed from the MPC-in-the-head paradigm, specifically when the MPC protocol uses preprocessing. This class of signature schemes includes Picnic, an alternate candidate in the third round of the NIST post-quantum standardization project. The only previously known approach to masking MPC-in-the-head signatures suffers from interoperability issues and increased signature sizes. Further, we present a new attack to demonstrate that known countermeasures are not sufficient when the MPC protocol uses a preprocessing phase, as in Picnic3.We overcome these challenges by showing how to mask the underlying zero-knowledge proof system due to Katz–Kolesnikov–Wang (CCS 2018) for any masking order, and by formally proving that our approach meets the standard security notions of non-interference for masking countermeasures. As a case study, we apply our masking technique to Picnic. We then implement different masked versions of Picnic signing providing first order protection for the ARM Cortex M4 platform, and quantify the overhead of these different masking approaches. We carefully analyze the side-channel risk of hashing operations, and give optimizations that reduce the CPU cost of protecting hashing in Picnic by a factor of five. The performance penalties of the masking countermeasures ranged from 1.8 to 5.5, depending on the degree of masking applied to hash function invocations.

Download Full-text

Zero-Knowledge Proof for Lattice-Based Group Signature Schemes with Verifier-Local Revocation

Advances in Network-Based Information Systems - Lecture Notes on Data Engineering and Communications Technologies ◽

10.1007/978-3-319-98530-5_68 ◽

2018 ◽

pp. 772-782 ◽

Cited By ~ 6

Author(s):

Maharage Nisansala Sevwandi Perera ◽

Takeshi Koshiba

Keyword(s):

Group Signature ◽

Zero Knowledge ◽

Signature Schemes ◽

Zero Knowledge Proof

Download Full-text

Return of the Hidden Number Problem.

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2019.i1.146-168 ◽

2018 ◽

pp. 146-168 ◽

Cited By ~ 1

Author(s):

Keegan Ryan

Keyword(s):

Side Channel ◽

Proof Of Concept ◽

Private Key ◽

Side Channels ◽

Signature Generation ◽

Number Problem ◽

Minimum Number ◽

Hidden Number Problem ◽

State Changes ◽

Full Proof

Side channels have long been recognized as a threat to the security of cryptographic applications. Implementations can unintentionally leak secret information through many channels, such as microarchitectural state changes in processors, changes in power consumption, or electromagnetic radiation. As a result of these threats, many implementations have been hardened to defend against these attacks. Despite these mitigations, this work presents a novel side-channel attack against ECDSA and DSA. The attack targets a common implementation pattern that is found in many cryptographic libraries. In fact, about half of the libraries that were tested exhibited the vulnerable pattern. This pattern is exploited in a full proof of concept attack against OpenSSL, demonstrating that it is possible to extract a 256-bit ECDSA private key using a simple cache attack after observing only a few thousand signatures. The target of this attack is a previously unexplored part of (EC)DSA signature generation, which explains why mitigations are lacking and the issue is so widespread. Finally, estimates are provided for the minimum number of signatures needed to perform the attack, and countermeasures are suggested to protect against this attack.

Download Full-text

The hidden number problem of least significant bits

Future Communication Technology ◽

10.2495/icct130551 ◽

2014 ◽

Author(s):

Zhenqi Kang ◽

Kewei Lv

Keyword(s):

Number Problem ◽

Hidden Number Problem ◽

Least Significant Bits

Download Full-text

Exploiting Pairing-Based Zero Knowledge Proof (ZKP) for Tactical Network Authentication

10.21236/ada558415 ◽

2012 ◽

Author(s):

Kui Ren

Keyword(s):

Zero Knowledge ◽

Network Authentication ◽

Zero Knowledge Proof

Download Full-text

Zero-Knowledge Proof-of-Identity: Sybil-Resistant, Anonymous Authentication on Permissionless Blockchains and Incentive Compatible, Strictly Dominant Cryptocurrencies

SSRN Electronic Journal ◽

10.2139/ssrn.3392331 ◽

2019 ◽

Author(s):

David Cerezo Sánchez

Keyword(s):

Zero Knowledge ◽

Anonymous Authentication ◽

Incentive Compatible ◽

Zero Knowledge Proof

Download Full-text

An access control model for the Internet of Things based on zero-knowledge token and blockchain

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-021-01986-4 ◽

2021 ◽

Vol 2021 (1) ◽

Author(s):

Lihua Song ◽

Xinran Ju ◽

Zongke Zhu ◽

Mengchen Li

Keyword(s):

Internet Of Things ◽

Access Control ◽

Single Point ◽

Control Model ◽

Third Party ◽

Security Level ◽

Zero Knowledge ◽

Access Control Model ◽

Test Analysis ◽

Zero Knowledge Proof

AbstractInformation security has become a hot topic in Internet of Things (IoT), and traditional centralized access control models are faced with threats such as single point failure, internal attack, and central leak. In this paper, we propose a model to improve the access control security of the IoT, which is based on zero-knowledge proof and smart contract technology in the blockchain. Firstly, we deploy attribute information of access control in the blockchain, which relieves the pressure and credibility problem brought by the third-party information concentration. Secondly, encrypted access control token is used to gain the access permission of the resources, which makes the user's identity invisible and effectively avoids attribute ownership exposure problem. Besides, the use of smart contracts solves the problem of low computing efficiency of IoT devices and the waste of blockchain computing power resources. Finally, a prototype of IoT access control system based on blockchain and zero-knowledge proof technology is implemented. The test analysis results show that the model achieves effective attribute privacy protection, compared with the Attribute-Based Access Control model of the same security level, the access efficiency increases linearly with the increase of access scale.

Download Full-text

PipeZK: Accelerating Zero-Knowledge Proof with a Pipelined Architecture

2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA) ◽

10.1109/isca52012.2021.00040 ◽

2021 ◽

Author(s):

Ye Zhang ◽

Shuo Wang ◽

Xian Zhang ◽

Jiangbin Dong ◽

Xingzhong Mao ◽

...

Keyword(s):

Zero Knowledge ◽

Pipelined Architecture ◽

Zero Knowledge Proof

Download Full-text

An Application of p-Fibonacci Error-Correcting Codes to Cryptography

Mathematics ◽

10.3390/math9070789 ◽

2021 ◽

Vol 9 (7) ◽

pp. 789

Author(s):

Emanuele Bellini ◽

Chiara Marcolla ◽

Nadir Murru

Keyword(s):

Error Correcting Code ◽

Error Correcting Codes ◽

Multiparty Computation ◽

Zero Knowledge ◽

Signature Schemes ◽

Standardization Process ◽

Technology Standardization

In addition to their usefulness in proving one’s identity electronically, identification protocols based on zero-knowledge proofs allow designing secure cryptographic signature schemes by means of the Fiat–Shamir transform or other similar constructs. This approach has been followed by many cryptographers during the NIST (National Institute of Standards and Technology) standardization process for quantum-resistant signature schemes. NIST candidates include solutions in different settings, such as lattices and multivariate and multiparty computation. While error-correcting codes may also be used, they do not provide very practical parameters, with a few exceptions. In this manuscript, we explored the possibility of using the error-correcting codes proposed by Stakhov in 2006 to design an identification protocol based on zero-knowledge proofs. We showed that this type of code offers a valid alternative in the error-correcting code setting to build such protocols and, consequently, quantum-resistant signature schemes.

Download Full-text