Paper 2019/519

Security in the Presence of Key Reuse: Context-Separable Interfaces and their Applications

Christopher Patton and Thomas Shrimpton

Abstract

Key separation is often difficult to enforce in practice. While key reuse can be catastrophic for security, we know of a number of cryptographic schemes for which it is provably safe. But existing formal models, such as the notions of joint security (Haber-Pinkas, CCS ’01) and agility (Acar et al., EUROCRYPT ’10), do not address the full range of key-reuse attacks—in particular, those that break the abstraction of the scheme, or exploit protocol interactions at a higher level of abstraction. This work attends to these vectors by focusing on two key elements: the game that codifies the scheme under attack, as well as its intended adversarial model; and the underlying interface that exposes secret key operations for use by the game. Our main security experiment considers the implications of using an interface (in practice, the API of a software library or a hardware platform such as TPM) to realize the scheme specified by the game when the interface is shared with other unspecified, insecure, or even malicious applications. After building up a definitional framework, we apply it to the analysis of two real-world schemes: the EdDSA signature algorithm and the Noise protocol framework. Both provide some degree of context separability, a design pattern for interfaces and their applications that aids in the deployment of secure protocols.

Note: The latest version revises the statement of Theorem 1 (see Section 1.1).

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in CRYPTO 2019
Keywords
Key-reuseAPIsDiffie-HellmanEdDSANoise
Contact author(s)
cjpatton @ ufl edu
History
2020-07-13: last of 5 revisions
2019-05-20: received
See all versions
Short URL
https://ia.cr/2019/519
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/519,
      author = {Christopher Patton and Thomas Shrimpton},
      title = {Security in the Presence of Key Reuse: Context-Separable Interfaces and their Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2019/519},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/519}},
      url = {https://eprint.iacr.org/2019/519}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.