Paper 2019/519
Security in the Presence of Key Reuse: Context-Separable Interfaces and their Applications
Christopher Patton and Thomas Shrimpton
Abstract
Key separation is often difficult to enforce in practice. While key reuse can be catastrophic for security, we know of a number of cryptographic schemes for which it is provably safe. But existing formal models, such as the notions of joint security (Haber-Pinkas, CCS ’01) and agility (Acar et al., EUROCRYPT ’10), do not address the full range of key-reuse attacks—in particular, those that break the abstraction of the scheme, or exploit protocol interactions at a higher level of abstraction. This work attends to these vectors by focusing on two key elements: the game that codifies the scheme under attack, as well as its intended adversarial model; and the underlying interface that exposes secret key operations for use by the game. Our main security experiment considers the implications of using an interface (in practice, the API of a software library or a hardware platform such as TPM) to realize the scheme specified by the game when the interface is shared with other unspecified, insecure, or even malicious applications. After building up a definitional framework, we apply it to the analysis of two real-world schemes: the EdDSA signature algorithm and the Noise protocol framework. Both provide some degree of context separability, a design pattern for interfaces and their applications that aids in the deployment of secure protocols.
Note: The latest version revises the statement of Theorem 1 (see Section 1.1).
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- A major revision of an IACR publication in CRYPTO 2019
- Keywords
- Key-reuseAPIsDiffie-HellmanEdDSANoise
- Contact author(s)
- cjpatton @ ufl edu
- History
- 2020-07-13: last of 5 revisions
- 2019-05-20: received
- See all versions
- Short URL
- https://ia.cr/2019/519
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/519, author = {Christopher Patton and Thomas Shrimpton}, title = {Security in the Presence of Key Reuse: Context-Separable Interfaces and their Applications}, howpublished = {Cryptology {ePrint} Archive, Paper 2019/519}, year = {2019}, url = {https://eprint.iacr.org/2019/519} }