Skip to main content
SpringerLink
Log in

Resettable Public-Key Encryption: How to Encrypt on a Virtual Machine

  • Conference paper
Topics in Cryptology - CT-RSA 2010 (CT-RSA 2010)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 5985))

Included in the following conference series:

Abstract

Typical security models used for proving security of deployed cryptographic primitives do not allow adversaries to rewind or reset honest parties to an earlier state. Thus, it is common to see cryptographic protocols rely on the assumption that fresh random numbers can be continually generated. In this paper, we argue that because of the growing popularity of virtual machines and, specifically, their state snapshot and revert features, the security of cryptographic protocols proven under these assumptions is called into question. We focus on public-key encryption security in a setting where resetting is possible and random numbers might be reused. We show that existing schemes and security models are insufficient in this setting. We then provide new formal security models and show that making a simple and efficient modification to any existing PKE scheme gives us security under our new models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. http://aws.amazon.com/ec2/

  2. http://www.openssl.org/

  3. Barak, B., Goldreich, O., Goldwasser, S., Lindell, Y.: Resettably-sound zero-knowledge and its applications. In: 42nd Annual Symposium on Foundations of Computer Science – FOCS 2001, pp. 116–125. IEEE, Los Alamitos (2001)

    Google Scholar 

  4. Bellare, M., Boldyreva, A., Kurosawa, K., Staddon, J.: Multi-recipient encryption schemes: Efficient constructions and their security. IEEE Transactions on Information Theory 53(11) (2007)

    Google Scholar 

  5. Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  6. Bellare, M., Brakerski, Z., Naor, M., Ristenpart, T., Segev, G., Shacham, H., Yilek, S.: Hedged public-key encryption: How to protect against bad randomness. In: ASIACRYPT 2009. LNCS, pp. 232–249. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  7. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)

    Google Scholar 

  8. Bellare, M., Fischlin, M., Goldwasser, S., Micali, S.: Identification protocols secure against reset attacks. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 495–511. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Bellare, M., Kohno, T., Shoup, V.: Stateful public-key cryptosystems: How to encrypt with one 160-bit exponentiation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security – CCS 2006, pp. 380–389. ACM, New York (2006)

    Chapter  Google Scholar 

  10. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of 1st ACM Conference on Computer and Communications Security – CCS 1993, pp. 62–73. ACM, New York (1993)

    Chapter  Google Scholar 

  11. Bellare, M., Rogaway, P.: Code-based game-playing proofs and the security of triple encryption. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge. In: Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing – STOC 2000, pp. 235–244. ACM, New York (2000)

    Chapter  Google Scholar 

  13. Chen, P.M., Noble, B.D.: When virtual is better than real. In: Proceedings of the 2001 Workshop on Hot Topics in Operating Systems, pp. 133–138 (2001)

    Google Scholar 

  14. Cox, R.S., Gribble, S.D., Levy, H.M., Hansen, J.G.: A safety-oriented platform for web applications. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp. 350–364. IEEE, Los Alamitos (2006)

    Google Scholar 

  15. Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing 33(1), 167–226 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  16. Desai, A., Hevia, A., Yin, Y.L.: A practice-oriented treatment of pseudorandom number generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 368–383. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  17. Garfinkel, T., Rosenblum, M.: When virtual is harder than real: Security challenges in virtual machine based computing environments. In: Proceedings of the 10th Workshop on Hot Topics in Operating Systems – HotOS-X (May 2005)

    Google Scholar 

  18. Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  19. Goyal, V., Sahai, A.: Resettably secure computation. In: EUROCRYPT 2009. Springer, Heidelberg (2009)

    Google Scholar 

  20. Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  21. Micali, S., Reyzin, L.: Soundness in the public-key model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 542. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  22. Provos, N.: A virtual honeypot framework. In: Proceedings of the 13th USENIX Security Symposium, pp. 1–14 (2004)

    Google Scholar 

  23. Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)

    Google Scholar 

  24. Ristenpart, T., Yilek, S.: When good randomness goes bad: Virtual machine reset vulnerabilities and hedging deployed cryptography. In: Proceedings of the Network and Distributed System Security Symposium – NDSS 2010. Internet Society (to appear, 2010)

    Google Scholar 

  25. Rogaway, P., Shrimpton, T.: Deterministic authenticated-encryption: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  26. Yilek, S.: Resettable public-key encryption: How to encrypt on a virtual machine. Cryptology ePrint Archive, Report 2009/474 (2009), http://eprint.iacr.org/2009/474

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University of California at San Diego, 9500 Gilman Drive, La Jolla, CA, 92093, USA

    Scott Yilek

Authors
  1. Scott Yilek
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Macquarie University, NSW 2109, Sydney, Australia

    Josef Pieprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yilek, S. (2010). Resettable Public-Key Encryption: How to Encrypt on a Virtual Machine. In: Pieprzyk, J. (eds) Topics in Cryptology - CT-RSA 2010. CT-RSA 2010. Lecture Notes in Computer Science, vol 5985. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11925-5_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11925-5_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11924-8

  • Online ISBN: 978-3-642-11925-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation