Iniciativa IMDEA

Inicio > Eventos > Charlas Invitadas

Charlas Invitadas

Ida Tucker

Wednesday, January 15, 2020

10:45am Meeting room 302 (Mountain View), level 3

Ida Tucker, PhD Student,

Distributing the elliptic curve digital signature algorithm both securely and efficiently

Abstract:

The Elliptic Curve Digital Signature Algorithm (ECDSA) is a widely adopted digital signature standard; in particular it is employed to validate bitcoin transactions. In this context, the theft of a secret signing key results in an immediate financial loss, thereby creating a single point of failure. An interesting solution to reduce the risk of key theft is that of sharing the secret signing key among various devices, such that a signature can only be produced if these devices collaborate to jointly produce a signature, thereby distributing the signature protocol. In this talk I will focus on the two party case, which allows for instance to share a secret key between a mobile phone and a laptop. Unfortunately, efficient distributed variants of ECDSA are notoriously hard to achieve and prior to our work, solutions required expensive zero knowledge proofs to deal with malicious adversaries (MacKenzie et al. (Crypto’01)), relied on non standard interactive assumptions (Lindell (Crypto’17)) or induced a high communication cost (Doerner et al. (IEEE S&P’18)). I will explain how, in a recent article from Crypto’19 we overcome all of the above drawbacks, and — using class groups of imaginary quadratic fields — provide a provably secure two party ECDSA protocol, relying only on standard assumptions, which is the most efficient to date in terms of bandwidth consumption while remaining competitive in terms of timings. I will further justify that — by resorting to two recently introduced computational assumptions on class groups — we can dramatically improve the efficiency of the zero knowledge proofs needed by our protocol (and thereby that of the overall protocol).


Time and place:
10:45am Meeting room 302 (Mountain View), level 3
IMDEA Software Institute, Campus de Montegancedo
28223-Pozuelo de Alarcón, Madrid, Spain


Samira Briongos

Tuesday, January 14, 2020

10:45am Meeting room 302 (Mountain View), level 3

Samira Briongos, Post-doctoral Researcher, UPM

RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks

Abstract:

Caches have become the prime method for unintended information extraction across logical isolation boundaries. They are widely available on all major CPU platforms and, as a side-channel, caches provide great resolution, making them the most convenient channel for Spectre and Meltdown. As a consequence, several methods to stop cache attacks by detecting them have been proposed. Detection is strongly aided by the fact that observing cache activity of co-resident processes is not possible without altering the cache state and thereby forcing evictions on the observed processes. In this work, we show that this widely held assumption is incorrect. Through clever usage of the cache replacement policy, it is possible to track cache accesses of a victim's process without forcing evictions on the victim' s data. Hence, online detection mechanisms that rely on these evictions can be circumvented as they would not detect the introduced RELOAD+REFRESH attack. The attack requires a profound understanding of the cache replacement policy. We present a methodology to recover the replacement policy and apply it to the last five generations of Intel processors. We further show empirically that the performance of RELOAD+REFRESH on cryptographic implementations is comparable to that of other widely used cache attacks, while detection methods that rely on L3 cache events are successfully thwarted.


Time and place:
10:45am Meeting room 302 (Mountain View), level 3
IMDEA Software Institute, Campus de Montegancedo
28223-Pozuelo de Alarcón, Madrid, Spain


Charlas Invitadas - 2019