Dominique Unruh

DOI: https://doi.org/10.1007/978-3-642-13190-5_25

2009-10-16

Abstract:The Universal Composability model (UC) by Canetti (FOCS 2001) allows for secure composition of arbitrary protocols. We present a quantum version of the UC model which enjoys the same compositionality guarantees. We prove that in this model statistically secure oblivious transfer protocols can be constructed from commitments. Furthermore, we show that every statistically classically UC secure protocol is also statistically quantum UC secure. Such implications are not known for other quantum security definitions. As a corollary, we get that quantum UC secure protocols for general multi-party computation can be constructed from commitments.

Quantum Physics,Cryptography and Security

Jérémy Thibault,Roberto Blanco,Dongjae Lee,Sven Argo,Arthur Azevedo de Amorim,Aïna Linn Georges,Catalin Hritcu,Andrew Tolmach

2024-07-01

Abstract:Undefined behavior in C often causes devastating security vulnerabilities. One practical mitigation is compartmentalization, which allows developers to structure large programs into mutually distrustful compartments with clearly specified privileges and interactions. In this paper we introduce SECOMP, a compiler for compartmentalized C code that comes with machine-checked proofs guaranteeing that the scope of undefined behavior is restricted to the compartments that encounter it and become dynamically compromised. These guarantees are formalized as the preservation of safety properties against adversarial contexts, a secure compilation criterion similar to full abstraction, and this is the first time such a strong criterion is proven for a mainstream programming language. To achieve this we extend the languages of the CompCert verified C compiler with isolated compartments that can only interact via procedure calls and returns, as specified by cross-compartment interfaces. We adapt the passes and optimizations of CompCert as well as their correctness proofs to this compartment-aware setting. We then use compiler correctness as an ingredient in a larger secure compilation proof that involves several proof engineering novelties, needed to scale formally secure compilation up to a C compiler.

Programming Languages,Cryptography and Security

Ling Zhang,Yuting Wang,Jinhua Wu,Jérémie Koenig,Zhong Shao

DOI: https://doi.org/10.1145/3632914

2023-11-18

Abstract:Verified compilation of open modules (i.e., modules whose functionality depends on other modules) provides a foundation for end-to-end verification of modular programs ubiquitous in contemporary software. However, despite intensive investigation in this topic for decades, the proposed approaches are still difficult to use in practice as they rely on assumptions about the internal working of compilers which make it difficult for external users to apply the verification results. We propose an approach to verified compositional compilation without such assumptions in the setting of verifying compilation of heterogeneous modules written in first-order languages supporting global memory and pointers. Our approach is based on the memory model of CompCert and a new discovery that a Kripke relation with a notion of memory protection can serve as a uniform and composable semantic interface for the compiler passes. By absorbing the rely-guarantee conditions on memory evolution for all compiler passes into this Kripke Memory Relation and by piggybacking requirements on compiler optimizations onto it, we get compositional correctness theorems for realistic optimizing compilers as refinements that directly relate native semantics of open modules and that are ignorant of intermediate compilation processes. Such direct refinements support all the compositionality and adequacy properties essential for verified compilation of open modules. We have applied this approach to the full compilation chain of CompCert with its Clight source language and demonstrated that our compiler correctness theorem is open to composition and intuitive to use with reduced verification complexity through end-to-end verification of non-trivial heterogeneous modules that may freely invoke each other (e.g., mutually recursively).

Programming Languages

Taiga Hiroka,Fuyuki Kitagawa,Ryo Nishimaki,Takashi Yamakawa

2023-12-05

Abstract:A robust combiner combines many candidates for a cryptographic primitive and generates a new candidate for the same primitive. Its correctness and security hold as long as one of the original candidates satisfies correctness and security. A universal construction is a closely related notion to a robust combiner. A universal construction for a primitive is an explicit construction of the primitive that is correct and secure as long as the primitive exists. It is known that a universal construction for a primitive can be constructed from a robust combiner for the primitive in many cases. Although robust combiners and universal constructions for classical cryptography are widely studied, robust combiners and universal constructions for quantum cryptography have not been explored so far. In this work, we define robust combiners and universal constructions for several quantum cryptographic primitives including one-way state generators, public-key quantum money, quantum bit commitments, and unclonable encryption, and provide constructions of them. On a different note, it was an open problem how to expand the plaintext length of unclonable encryption. In one of our universal constructions for unclonable encryption, we can expand the plaintext length, which resolves the open problem.

Quantum Physics

Matthis Kruse,Michael Backes,Marco Patrignani

2024-10-08

Abstract:To ensure that secure applications do not leak their secrets, they are required to uphold several security properties such as spatial and temporal memory safety as well as cryptographic constant time. Existing work shows how to enforce these properties individually, in an architecture-independent way, by using secure compiler passes that each focus on an individual property. Unfortunately, given two secure compiler passes that each preserve a possibly different security property, it is unclear what kind of security property is preserved by the composition of those secure compiler passes. This paper is the first to study what security properties are preserved across the composition of different secure compiler passes. Starting from a general theory of property composition for security-relevant properties (such as the aforementioned ones), this paper formalises a theory of composition of secure compilers. Then, it showcases this theory a secure multi-pass compiler that preserves the aforementioned security-relevant properties. Crucially, this paper derives the security of the multi-pass compiler from the composition of the security properties preserved by its individual passes, which include security-preserving as well as optimisation passes. From an engineering perspective, this is the desirable approach to building secure compilers.

Cryptography and Security,Programming Languages

Andrew C. C. Yao,Frances F. Yao,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-540-72504-6_43

2007-01-01

Abstract:We clarify the potential limitation of the general feasibility for generalized universal composability (GUC) proposed in the recent work [8], and discuss a general principle for fully realizing universal composability. This in particular demonstrates the hardness of achieving generalized universal composability, and prevents potential misinterpretation in applications. We also propose some fixing approaches, which involve a source/session-authentic ID-based trapdoor commitment scheme via the hash-then-commit paradigm that could possibly be of independent interest.

An Wang,Zheng Li,Xianwen Yang,Yanyan Yu

DOI: https://doi.org/10.1007/978-3-642-21031-0_29

2011-01-01

Abstract:Nowadays, cryptographic devices are widely used, so how to assess the security of them becomes a pivotal issue. There are two conventional ways to do this, by analyzing the underlying cryptographic protocols or by estimating if the devices meet standards such as FIPS 140-2 or Common Criteria Standard Documents. However, neither of them provides a comprehensive view of the security of the devices.In this paper, we first propose a bottom-up method to prove the UC (Universally Composable) security of the cryptographic devices composed by hardware, software and protocols, and give a general security framework of them. Base on the framework, we present a method that describes the local physical security of cryptographic SoC hardware as UC security. Then we establish the equivalence of software codes and the real-world models in the condition of "Exactly Realize", which illustrate the UC security of software. Besides, we propose methods to construct UC secure cryptographic modules from UC secure cryptographic SoC and a further method to construct UC secure cryptographic devices. Furthermore, based on the idea of bottom-up, we can develop new UC secure cryptographic devices which are more powerful by the combination of the existed UC secure cryptographic devices.

Danny Harnik,Joe Kilian,Moni Naor,Omer Reingold,Alon Rosen

DOI: https://doi.org/10.1007/11426639_6

2005-01-01

Abstract:A (1,2)-robust combiner for a cryptographic primitive $${\mathcal P}$$ is a construction that takes two candidate schemes for $${\mathcal P}$$and combines them into one scheme that securely implement $${\mathcal P}$$even if one of the candidates fails. Robust combiners are a useful tool for ensuring better security in applied cryptography, and also a handy tool for constructing cryptographic protocols. For example, we discuss using robust combiners for obtaining universal schemes for cryptographic primitives (a universal scheme is an explicit construction that implements $${\mathcal P}$$under the sole assumption that $${\mathcal P}$$exists).In this paper we study what primitives admit robust combiners. In addition to known and very simple combiners for one-way functions and equivalent primitives, we show robust combiners for protocols in the world of public key cryptography, namely for Key Agreement(KA).The main point we make is that things are not as nice for Oblivious Transfer (OT) and in general for secure computation. We prove that there are no ”transparent black-box” robust combiners for OT, giving an indication to the difficulty of finding combiners for OT. On the positive side we show a black box construction of a (2,3)-robust combiner for OT, as well as a generic construction of (1,n)-robust OT-combiners from any (1,2)-robust OT-combiner.

Vedran Dunjko,Joseph F. Fitzsimons,Christopher Portmann,Renato Renner

DOI: https://doi.org/10.1007/978-3-662-45608-8_22

2014-09-14

Abstract:Delegating difficult computations to remote large computation facilities, with appropriate security guarantees, is a possible solution for the ever-growing needs of personal computing power. For delegated computation protocols to be usable in a larger context---or simply to securely run two protocols in parallel---the security definitions need to be composable. Here, we define composable security for delegated quantum computation. We distinguish between protocols which provide only blindness---the computation is hidden from the server---and those that are also verifiable---the client can check that it has received the correct result. We show that the composable security definition capturing both these notions can be reduced to a combination of several distinct "trace-distance-type" criteria---which are, individually, non-composable security definitions. Additionally, we study the security of some known delegated quantum computation protocols, including Broadbent, Fitzsimons and Kashefi's Universal Blind Quantum Computation protocol. Even though these protocols were originally proposed with insufficient security criteria, they turn out to still be secure given the stronger composable definitions.

Quantum Physics,Cryptography and Security,Information Theory

Andrew Chi-chih Yao,Frances f. Yao,Yunlei Zhao

DOI: https://doi.org/10.1017/S0960129508007330

2009-01-01

Mathematical Structures in Computer Science

Abstract:In this paper we study (interpret) the precise composability guarantee of the generalised universal composability (GUC) feasibility with global setups that was proposed in the recent paper Canetti et al. (2007) from the point of view of full universal composability (FUC), that is, composability with arbitrary protocols, which was the original security goal and motivation for UC. By observing a counter-intuitive phenomenon, we note that the GUC feasibility implicitly assumes that the adversary has limited access to arbitrary external protocols. We then clarify a general principle for achieving FUC security, and propose some approaches for fixing the GUC feasibility under the general principle. Finally, we discuss the relationship between GUC and FUC from both technical and philosophical points of view. This should be helpful in gaining a precise understanding of the GUC feasibility, and for preventing potential misinterpretations and/or misuses in practice.

Yannis Juglaret,Catalin Hritcu,Arthur Azevedo de Amorim,Benjamin C. Pierce,Antal Spector-Zabusky,Andrew Tolmach

DOI: https://doi.org/10.48550/arXiv.1510.00697

2015-10-03

Abstract:Secure compilation prevents all low-level attacks on compiled code and allows for sound reasoning about security in the source language. In this work we propose a new attacker model for secure compilation that extends the well-known notion of full abstraction to ensure protection for mutually distrustful components. We devise a compiler chain (compiler, linker, and loader) and a novel security monitor that together defend against this strong attacker model. The monitor is implemented using a recently proposed, generic tag-based protection framework called micro-policies, which comes with hardware support for efficient caching and with a formal verification methodology. Our monitor protects the abstractions of a simple object-oriented language---class isolation, the method call discipline, and type safety---against arbitrary low-level attackers.

Programming Languages,Cryptography and Security

Myrto Arapinis,Vincent Cheval,Stéphanie Delaune

DOI: https://doi.org/10.48550/arXiv.1407.5444

2014-10-21

Abstract:Security protocols are used in many of our daily-life applications, and our privacy largely depends on their design. Formal verification techniques have proved their usefulness to analyse these protocols, but they become so complex that modular techniques have to be developed. We propose several results to safely compose security protocols. We consider arbitrary primitives modeled using an equational theory, and a rich process algebra close to the applied pi calculus. Relying on these composition results, we are able to derive some security properties on a protocol from the security analysis performed on each sub-protocol individually. We consider parallel composition and the case of key-exchange protocols. Our results apply to deal with confidentiality but also privacy-type properties (e.g. anonymity, unlinkability) expressed using a notion of equivalence. We illustrate the usefulness of our composition results on protocols from the 3G phone application and electronic passport.

Cryptography and Security

Qizhi Zhang,Bingsheng Zhang,Lichun Li,Shan Yin,Juanjuan Sun

2021-01-01

Abstract:Secure computation enables two or more parties to jointly evaluate a function without revealing to each other their private input.G-module is an abelian groupM,where the groupG acts compatibly with the abelian group structure onM. In this work, we present several secure computation protocols forG-module operations in the online/offline mode. We then show how to instantiate those protocols to implement many widely used secure computation primitives in privacy-preserving machine learning and data mining, such as oblivious cyclic shift, oneround shared OT, oblivious permutation, oblivious shuffle, secure comparison,oblivious selection,DReLU,andReLU,etc. All the proposed protocols are constant-round, and they are 2X 10X more efficient than the-state-of-the-art constant-round protocols in terms of communication complexity.

Dahan Pan,Jianqiang Wang,Yingpeng Chen,Donghui Yu,Wenbo Yang,Yuanyuan Zhang

DOI: https://doi.org/10.1109/cscloud62866.2024.00029

2024-01-01

Abstract:Cloud-native-based software development is in trend now. The end-users use the cloud services to save the local computation resources for other intensive tasks. Compiling is one of the vital required services. The compiling-on-the-cloud service like CloudCompiling or CityCloud requires the user to upload their source code for online compiling. However, the latest online compiling service can neither protect the users' source code privacy nor prove the integrity of the whole compiling process. To fill this gap, we designed COM URICE to provide a user-transparent, secure compiling service employing the trusted execution environment (TEE) to enforce security by blocking all the attempts in code or data theft during the compiling procedure. COM URICE leverages the hardware security feature of TEE to prevent the compiling process from malicious access and modification while encrypting the communication channel to protect the integrity and privacy of the source code. The challenges in realizing COM URICE lie in porting a fully functional compiler such as GCC or LLVM and designing an efficient compiling service to minimize the performance lag brought by confidential computing. According to the characteristics of the compiling process, it consists of several routines, pre-processing, compiling/obfuscation, and linking. The division of the routines requires multiple enclaves to run simultaneously. In the experiment, we compare COM URICE'S compiling service with nativeLLVM, SCONELLVM, and GrapheneLLVM. From a performance perspective, COM URICE pays a fair cost for security. Generally, a project compiling with COM URICE suffers 1–2 times more performance loss than nativeLLVM. Compared to other confidential compiling techniques like GrapheneLLVM or SCONELLVM, COM URICE is up to 20 times faster when compiling the same projects.

Brandon Broadnax,Alexander Koch,Jeremias Mechler,Tobias Müller,Jörn Müller-Quade,Matthias Nagel

DOI: https://doi.org/10.2478/popets-2021-0072

2021-07-23

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract In practice, there are numerous settings where mutually distrusting parties need to perform distributed computations on their private inputs. For instance, participants in a first-price sealed-bid online auction do not want their bids to be disclosed. This problem can be addressed using secure multi-party computation (MPC), where parties can evaluate a publicly known function on their private inputs by executing a specific protocol that only reveals the correct output, but nothing else about the private inputs. Such distributed computations performed over the Internet are susceptible to remote hacks that may take place during the computation. As a consequence, sensitive data such as private bids may leak. All existing MPC protocols do not provide any protection against the consequences of such remote hacks. We present the first MPC protocols that protect the remotely hacked parties’ inputs and outputs from leaking. More specifically, unless the remote hack takes place before the party received its input or all parties are corrupted, a hacker is unable to learn the parties’ inputs and outputs, and is also unable to modify them. We achieve these strong (privacy) guarantees by utilizing the fact that in practice parties may not be susceptible to remote attacks at every point in time, but only while they are online, i.e. able to receive messages. To this end, we model communication via explicit channels. In particular, we introduce channels with an airgap switch (disconnect-able by the party in control of the switch), and unidirectional data diodes . These channels and their isolation properties, together with very few, similarly simple and plausibly remotely unhackable hardware modules serve as the main ingredient for attaining such strong security guarantees. In order to formalize these strong guarantees, we propose the UC with Fortified Security (UC#) framework, a variant of the Universal Composability (UC) framework.

Lennart Beringer,Gordon Stewart,Robert Dockins,Andrew W. Appel

DOI: https://doi.org/10.1007/978-3-642-54833-8_7

2014-01-01

Abstract:We present a new architecture for specifying and proving optimizing compilers in the presence of shared-memory interactions such as buffer-based system calls, shared-memory concurrency, and separate compilation. The architecture, which is implemented in the context of CompCert, includes a novel interaction-oriented model for C-like languages, and a new proof technique, called logical simulation relations, for compositionally proving compiler correctness with respect to this interaction model. We apply our techniques to CompCert’s primary memory-reorganizing compilation phase, Cminorgen. Our results are formalized in Coq, building on the recently released CompCert 2.0.

Sepideh Avizheh,Mahmudun Nabi,Reihaneh Safavi-Naini

DOI: https://doi.org/10.1109/tdsc.2024.3372848

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Outsourcing computation enables a weak client to expand its computational power as the need arises. A basic requirement of outsourcing computation is the guarantee that the computation result is correct. Cryptographic solutions that provide verifiability for the computation result when the computation is outsourced to a single server, are complex and fragile. We consider the intuitive approach of verifiable computation, called verifiable computation by replication, when the computation is replicated on multiple servers, and a referee decides the result of the final computation using the outputs of all servers. We consider the case when a smart contact is used as the referee. We propose a security model in the Universal Composability (UC) framework of Canetti, and design a 2-server and an n-server protocol with proved security in our model. Our protocols build on the Refereed Delegation of Computation (RDoC) framework of Canetti, Riva, and Rothblum, underline the challenges of using a smart contract as a referee, and address those challenges in the designed protocols. We give the efficiency analysis of the protocols, provide a proof of concept implementation for our protocols using Ethereum smart contact, and give concrete cost values for an example computation.

computer science, information systems, software engineering, hardware & architecture

Theodoros Kapourniotis,Elham Kashefi,Dominik Leichtle,Luka Music,Harold Ollivier

DOI: https://doi.org/10.1088/2058-9565/ad466d

2024-05-04

Abstract:With the advent of cloud-based quantum computing, it has become vital to provide strong guarantees that computations delegated by clients to quantum service providers have been executed faithfully. Secure - blind and verifiable - Delegated Quantum Computing (SDQC) has emerged as one of the key approaches to address this challenge, yet current protocols lack at least one of the following three ingredients: composability, noise-robustness and modularity. To tackle this question, our paper lays out the fundamental structure of SDQC protocols, namely mixing two components: the computation which the client would like the server to perform and tests that are designed to detect a server's malicious behaviour. Using this abstraction, our main technical result is a set of sufficient conditions on these components which imply the security and noise-robustness of generic SDQC protocols in the composable Abstract Cryptography framework. This is done by establishing a correspondence between these security properties and the error-detection capabilities of the test computations. Changing the types of tests and how they are mixed with the client's computation automatically yields new SDQC protocols with different security and noise-robustness capabilities. This approach thereby provides the desired modularity as our sufficient conditions on test computations simplify the steps required to prove the security of the protocols and allows to focus on the design and optimisation of test rounds to specific situations. We showcase this by systematising the search for improved SDQC protocols for Bounded-error Quantum Polynomial-time computations. The resulting protocols do not require more hardware on the server's side than what is necessary to blindly delegate the computation without verification, and they outperform all previously known results.

Quantum Physics

Matteo Busi,Pierpaolo Degano,Letterio Galletta

DOI: https://doi.org/10.48550/arXiv.1901.05082

2019-01-15

Programming Languages

Abstract:Secure compilation aims to build compilation chains that preserve security properties when translating programs from a source to a target language. Recent research led to the definition of secure compilation principles that, if met, guarantee that the compilation chain in hand never violates specific families of security properties. Still, to the best of our knowledge, no effective procedure is available to check if a compilation chain meets such requirements. Here, we outline our ongoing research inspired by translation validation, to effectively check one of those principles.