CRII: SaTC: Towards Stronger and Verified Security for Real-World Cryptography

CRII：SaTC：为现实世界的密码学提供更强且经过验证的安全性

• 批准号: 1755539
• 负责人: Viet Tung Hoang
• 金额: $ 17.45万
• 依托单位: Florida State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-05-01 至 2023-04-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1755539&HistoricalAwards=false
• 关键词: CRII; SaTC; Towards; Stronger; Verified

Many real-world cryptographic schemes are based on the provable-security paradigm, certifying their security via some proof. However, in several important settings, existing proofs for the in-use constructions give weak security bounds, even to the extent that these results are not meaningful. Moreover, many proofs in the literature are buggy, giving false confidence on the security of constructions which are in fact vulnerable. Even worse, practitioners may introduce seemingly harmless optimizations into a secure scheme, only to find out later that these optimizations completely undermine the security of these schemes. This project aims to partially address these issues from several fronts: (1) improving security guarantees of important applications, (2) weeding out insecure optimizations of real-world protocols by devising attacks, and (3) developing tools for automatic verification of cryptographic proofs.This research aims to develop some message-recovery attacks on real-world format-preserving encryption schemes, which are widely used for encrypting credit-card numbers. The work targets some national standards as well as other constructions that are widely used. The research also studies how to provide meaningful provable security guarantees assuming that the discovered weaknesses are fixed properly. Furthermore, the research revisits the current approach for extracting high-quality randomness from random sources, with the goal to improve both security and efficiency. This is a fundamental problem in cryptography, as many cryptographic scenarios crucially rely on the use of randomness. Finally, the research investigates how to improve current methods of automatically verifying cryptographic proofs.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

许多现实世界的密码方案都是基于可证明安全的范式，通过一些证明来证明它们的安全性。然而，在几个重要的设置，现有的证明中使用的结构给出弱的安全界限，甚至到了这些结果是没有意义的程度。此外，文献中的许多证明是错误的，对实际上易受攻击的构造的安全性给予错误的信心。更糟糕的是，从业者可能会将看似无害的优化引入安全方案，但后来发现这些优化完全破坏了这些方案的安全性。该项目旨在从几个方面部分解决这些问题：（1）提高重要应用的安全性保证;（2）通过设计攻击来消除真实世界协议的不安全优化;（3）开发用于密码证明的自动验证工具。本研究旨在开发对真实世界格式保持加密方案的消息恢复攻击，其广泛用于加密信用卡号码。本工作针对一些国家标准以及其他广泛使用的结构。该研究还研究了如何提供有意义的可证明的安全保证，假设所发现的弱点被正确修复。此外，该研究重新审视了当前从随机源中提取高质量随机性的方法，目的是提高安全性和效率。这是密码学中的一个基本问题，因为许多密码学场景严重依赖于随机性的使用。最后，研究调查如何改善目前的自动验证密码proofs.This奖项的方法反映了NSF的法定使命，并已被认为是值得通过使用基金会的智力价值和更广泛的影响审查标准进行评估的支持。

项目成果

Security of Streaming Encryption in Google's Tink Library

• DOI: 10.1145/3372297.3417273
• 发表时间: 2020-10
• 期刊: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
• 作者: V. Hoang;Yaobin Shen

The Multi-user Security of GCM, Revisited: Tight Bounds for Nonce Randomization

• DOI: 10.1145/3243734.3243816
• 发表时间: 2018-10
• 期刊: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
• 作者: V. Hoang;Stefano Tessaro;Aishwarya Thiruvengadam

Security Analysis of NIST CTR-DRBG

• DOI: 10.1007/978-3-030-56784-2_8
• 发表时间: 2020-08
• 作者: V. Hoang;Yaobin Shen

How to Break FF3 on Large Domains

如何在大型域上破解 FF3

• DOI: 10.1007/978-3-030-17656-3_4
• 发表时间: 2019
• 期刊: Advances in Cryptology – EUROCRYPT 2019
• 作者: Hoang, V.T.;Miller, D.;Trieu, Ni
• 通讯作者: Trieu, Ni

The Curse of Small Domains: New Attacks on Format-Preserving Encryption

小域的诅咒：对格式保留加密的新攻击

• DOI: 10.1007/978-3-319-96884-1_8
• 发表时间: 2018
• 期刊: Advances in Cryptology – CRYPTO 2018
• 作者: Viet Tung Hoang, Stefano Tessaro