Hardware security without secure hardware: How to decrypt with a password and a server - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Article Dans Une Revue Theoretical Computer Science Année : 2021

Hardware security without secure hardware: How to decrypt with a password and a server

Résumé

Hardware security tokens have now been used for several decades to store cryptographic keys. When deployed, the security of the corresponding schemes fundamentally relies on the tamper-resistance of the tokens – a very strong assumption in practice. Moreover, even secure tokens, which are expensive and cumbersome, can often be subverted. We introduce a new cryptographic primitive called Encryption schemes with Password-protected Assisted Decryption (EPAD schemes), in which a user's decryption key is shared between a user device (or token) on which no assumption is made, and an online server. The user shares a human-memorizable password with the server. To decrypt a ciphertext, the user launches, from a public computer, a distributed protocol with the device and the server, authenticating herself to the server with her password (unknown to the device); in such a way that her secret key is never reconstructed during the interaction. We propose a strong security model which guarantees that (1) for an efficient adversary to infer any information about a user's plaintexts, it must know her password and have corrupted her device (secrecy is guaranteed if only one of the two conditions is fulfilled), (2) the device and the server are unable to infer any information about the ciphertexts they help to decrypt (even though they could together reconstruct the secret key), and (3) the user is able to verify that the device and the server both performed the expected computations. These EPAD schemes are in the password-only model, meaning that the user is not required to remember a trusted public key, and her password remains safe even if she is led to interact with a wrong server and a malicious device. We then give a practical pairing-based EPAD scheme. Our construction is provably secure under standard computational assumptions, using non-interactive proof systems which can be efficiently instantiated in the standard security model, i.e., without relying on the random oracle heuristic.
Fichier principal
Vignette du fichier
2020-1571.pdf (687.13 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03378464 , version 1 (13-12-2021)

Identifiants

Citer

Olivier Blazy, Laura Brouilhet, Celine Chevalier, Patrick Towa, Ida Tucker, et al.. Hardware security without secure hardware: How to decrypt with a password and a server. Theoretical Computer Science, 2021, 895, pp.178-211. ⟨10.1016/j.tcs.2021.09.042⟩. ⟨hal-03378464⟩
138 Consultations
206 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More