Unconditional UC-Secure Computation with (Stronger-Malicious) PUFs

ADVANCES IN CRYPTOLOGY - EUROCRYPT 2017, PT I, pp. 382-411, 2017.

Cited by: 7|Bibtex|Views62|DOI:https://doi.org/10.1007/978-3-319-56620-7_14
EI
Other Links: dblp.uni-trier.de|academic.microsoft.com
Weibo:
As our other main result, we develop techniques to obtain unconditional UC-secure computation in the malicious encapsulated physically unclonable functions model

Abstract:

Brzuska et. al. (Crypto 2011) proved that unconditional UC-secure computation is possible if parties have access to honestly generated physically unclonable functions (PUFs). Dachman-Soled et. al. (Crypto 2014) then showed how to obtain unconditional UC secure computation based on malicious PUFs, assuming such PUFs are stateless. They als...More

Code:

Data:

0
Introduction
  • There has been a rich line of work studying how to enhance the computational capabilities of probabilistic polynomial-time players by making assumptions on hardware [33].
  • For any two party functionality F, there exists a protocol π that unconditionally and UC-securely realizes F in the malicious encapsulated PUF model.
Highlights
  • In recent years, there has been a rich line of work studying how to enhance the computational capabilities of probabilistic polynomial-time players by making assumptions on hardware [33]
  • As our other main result, we develop techniques to obtain unconditional UC-secure computation in the malicious encapsulated physically unclonable functions model
  • We demonstrate the feasibility of UC secure computation, in a model where a party may encapsulate one or more physically unclonable functions that it obtained from honest parties, inside a malicious stateless physically unclonable functions of its choice
  • We formally define ideal functionalities corresponding to honestly generated and various kinds of maliciously generated physically unclonable functions in Appendix A. We summarize these here: the model for honestly generated physically unclonable functions and for malicious stateless/stateful physically unclonable functions has been explored in prior work [7,27], and we introduce the model for encapsulated physically unclonable functions
  • We describe a protocol secure against general bounded stateful physically unclonable functions in Sect. 5
  • The protocol ΠK in Fig. 3 allows us to use an -bounded stateful physically unclonable functions to obtain K secure oblivious transfers, such that a malicious sender can obtain at most bits of additional universal leakage on the joint distribution of the receiver’s choice input bits (b1, b2, . . . bK)
Results
  • UC Security with Bounded Stateful PUFs. A malicious PUF is allowed to maintain state, and can generate outputs as a function of the current query and the previous queries that it received as input.
  • The protocol Π1 in Fig. 2 UC-securely and unconditionally realizes 2-choose-1 OT in the malicious stateless PUF model, between a sender S and receiver R, with the following restrictions: 1.
  • The protocol as specified in [7], even though private, does not allow for straight-line extraction of the sender’s input messages, unless one is willing to make the strong assumption that the simulator can make queries to a PUF that an adversary created, even when this malicious PUF is in the adversary’s possession.
  • The protocol ΠK in Fig. 3 allows them to use an -bounded stateful PUF to obtain K secure oblivious transfers, such that a malicious sender can obtain at most bits of additional universal leakage on the joint distribution of the receiver’s choice input bits (b1, b2, .
  • The protocol ΠK unconditionally UC-securely realizes K instances of OT(Fo[⊗t K]) in an -bounded-stateful PUF model, except that a malicious sender can obtain at most bits of additional universal leakage on joint distribution of the receiver’s choice bits over all Fo[⊗t K].
  • In Fig. 4, the authors give the basic construction of an OT extractor that securely obtains a single oblivious transfer from K = (2 + 2n) OTs, when a receiver can obtain at most bits of universal leakage from the joint distribution of sender inputs over all the OTs. Let E : {0, 1}K × {0, 1}n {0, 1} be a strong randomness (K, 2−n)-extractor for seed length d = O(n).
Conclusion
  • The protocol in Fig. 5 UC-securely realizes 2-choose-1 OT in a stronger model, where a malicious party is allowed to create malicious PUFs that encapsulate other honest PUFs. 1.
  • The authors construct unconditional UC commitments using stateless PUFs. The model the authors consider is incomparable with respect to the one of [8] since in the model an adversary can encapsulate honest PUFs when creating malicious stateless encapsulated PUFs. Note that the protocol does not require any honest party to have the ability to encapsulate PUFs, but is secure against parties that do have this ability.
Summary
  • There has been a rich line of work studying how to enhance the computational capabilities of probabilistic polynomial-time players by making assumptions on hardware [33].
  • For any two party functionality F, there exists a protocol π that unconditionally and UC-securely realizes F in the malicious encapsulated PUF model.
  • UC Security with Bounded Stateful PUFs. A malicious PUF is allowed to maintain state, and can generate outputs as a function of the current query and the previous queries that it received as input.
  • The protocol Π1 in Fig. 2 UC-securely and unconditionally realizes 2-choose-1 OT in the malicious stateless PUF model, between a sender S and receiver R, with the following restrictions: 1.
  • The protocol as specified in [7], even though private, does not allow for straight-line extraction of the sender’s input messages, unless one is willing to make the strong assumption that the simulator can make queries to a PUF that an adversary created, even when this malicious PUF is in the adversary’s possession.
  • The protocol ΠK in Fig. 3 allows them to use an -bounded stateful PUF to obtain K secure oblivious transfers, such that a malicious sender can obtain at most bits of additional universal leakage on the joint distribution of the receiver’s choice input bits (b1, b2, .
  • The protocol ΠK unconditionally UC-securely realizes K instances of OT(Fo[⊗t K]) in an -bounded-stateful PUF model, except that a malicious sender can obtain at most bits of additional universal leakage on joint distribution of the receiver’s choice bits over all Fo[⊗t K].
  • In Fig. 4, the authors give the basic construction of an OT extractor that securely obtains a single oblivious transfer from K = (2 + 2n) OTs, when a receiver can obtain at most bits of universal leakage from the joint distribution of sender inputs over all the OTs. Let E : {0, 1}K × {0, 1}n {0, 1} be a strong randomness (K, 2−n)-extractor for seed length d = O(n).
  • The protocol in Fig. 5 UC-securely realizes 2-choose-1 OT in a stronger model, where a malicious party is allowed to create malicious PUFs that encapsulate other honest PUFs. 1.
  • The authors construct unconditional UC commitments using stateless PUFs. The model the authors consider is incomparable with respect to the one of [8] since in the model an adversary can encapsulate honest PUFs when creating malicious stateless encapsulated PUFs. Note that the protocol does not require any honest party to have the ability to encapsulate PUFs, but is secure against parties that do have this ability.
Tables
  • Table1: The symbol (resp. ×) indicates that the construction satisfies (resp. does not satisfy) the corresponding security guarantee
Download tables as Excel
Reference
  • Agrawal, S., Ananth, P., Goyal, V., Prabhakaran, M., Rosen, A.: Lower bounds in the hardware token model. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 663–687. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54242-8 28
    Locate open access versionFindings
  • Armknecht, F., Moriyama, D., Sadeghi, A.-R., Yung, M.: Towards a unified security model for physically unclonable functions. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 271–287. Springer, Cham (2016). doi:10.1007/978-3-319-29485-8 16
    Locate open access versionFindings
  • Boureanu, I., Ohkubo, M., Vaudenay, S.: The limits of composable crypto with transferable setup devices. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2015, Singapore, 14– 17 April 2015, pp. 381–392. ACM (2015)
    Google ScholarLocate open access versionFindings
  • Brzuska, C., Fischlin, M., Schroder, H., Katzenbeisser, S.: Physically uncloneable functions in the universal composition framework. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 51–70. Springer, Heidelberg (2011). doi:10. 1007/978-3-642-22792-9 4
    Locate open access versionFindings
  • Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Foundations of Computer Science (FOCS 2001), pp. 136–145 (2001)
    Google ScholarFindings
  • Chandran, N., Goyal, V., Sahai, A.: New constructions for UC secure computation using tamper-proof hardware. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 545–562. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78967-3 31
    Findings
  • Dachman-Soled, D., Fleischhacker, N., Katz, J., Lysyanskaya, A., Schroder, D.: Feasibility and infeasibility of secure computation with malicious PUFs. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 405–420. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44381-1 23
    Locate open access versionFindings
  • Damgard, I., Scafuro, A.: Unconditionally secure and universally composable commitments from physical assumptions. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 100–119. Springer, Heidelberg (2013). doi:10.1007/ 978-3-642-42045-0 6
    Locate open access versionFindings
  • Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)
    Google ScholarLocate open access versionFindings
  • Dottling, N., Kraschewski, D., Muller-Quade, J., Nilges, T.: General statistically secure computation with bounded-resettable hardware tokens. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 319–344. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46494-6 14
    Locate open access versionFindings
  • Dottling, N., Mie, T., Muller-Quade, J., Nilges, T.: Implementing resettable UCfunctionalities with untrusted tamper-proof hardware-tokens. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 642–661. Springer, Heidelberg (2013). doi:10. 1007/978-3-642-36594-2 36
    Locate open access versionFindings
  • Dvir, Z., Kopparty, S., Saraf, S., Sudan, M.: Extensions to the method of multiplicities, with applications to Kakeya sets and mergers. SIAM J. Comput. 42(6), 2305–2328 (2013)
    Google ScholarLocate open access versionFindings
  • Eichhorn, I., Koeberl, P., van der Leest, V.: Logically reconfigurable PUFs: memory-based secure key storage. In: Proceedings of the Sixth ACM Workshop on Scalable Trusted Computing, STC 2011, pp. 59–64. ACM, New York (2011)
    Google ScholarLocate open access versionFindings
  • Goyal, V., Ishai, Y., Sahai, A., Venkatesan, R., Wadia, A.: Founding cryptography on tamper-proof hardware tokens. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 308–326. Springer, Heidelberg (2010). doi:10.1007/978-3-642-11799-2 19
    Locate open access versionFindings
  • Goyal, V., Maji, H.K.: Stateless cryptographic protocols. In: Ostrovsky, R. (ed.) IEEE 52nd Annual Symposium on Foundations of Computer Science, FOCS 2011, Palm Springs, CA, USA, 22–25 October 2011, pp. 678–687. IEEE Computer Society (2011)
    Google ScholarLocate open access versionFindings
  • Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007). doi:10.1007/ 978-3-540-74735-2 5
    Locate open access versionFindings
  • Gupta, D., Ishai, Y., Maji, H.K., Sahai, A.: Secure computation from leaky correlated randomness. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 701–720. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48000-7 34
    Locate open access versionFindings
  • Guruswami, V., Umans, C., Vadhan, S.P.: Unbalanced expanders and randomness extractors from Parvaresh-Vardy codes. J. ACM 56(4) (2009)
    Google ScholarLocate open access versionFindings
  • Hazay, C., Lindell, Y.: Constructions of truly practical secure protocols using standardsmartcards. In: Proceedings of the 2008 ACM Conference on Computer and Communications Security, CCS 2008, Alexandria, Virginia, USA, 27–31 October 2008, pp. 491–500 (2008)
    Google ScholarLocate open access versionFindings
  • Hazay, C., Polychroniadou, A., Venkitasubramaniam, M.: Composable security in the tamper-proof hardware model under minimal complexity. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9985, pp. 367–399. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53641-4 15
    Locate open access versionFindings
  • Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Extracting correlations. In: 50th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2009, Atlanta, Georgia, USA, 25–27 October 2009, pp. 261–270. IEEE Computer Society (2009)
    Google ScholarFindings
  • Jarvinen, K., Kolesnikov, V., Sadeghi, A., Schneider, T.: Efficient secure two-party computation with untrusted hardware tokens (full version). In: Sadeghi, A.R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security - Foundations and Practice, pp. 367–386. Springer, Heidelberg (2010)
    Google ScholarLocate open access versionFindings
  • Jarvinen, K., Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: Embedded SFE: offloading server and network using hardware tokens. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 207–221. Springer, Heidelberg (2010). doi:10.1007/ 978-3-642-14577-3 17
    Locate open access versionFindings
  • Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 115–128. Springer, Heidelberg (2007). doi:10.1007/978-3-540-72540-4 7
    Locate open access versionFindings
  • Kocabas, U., Sadeghi, A.R., Wachsmann, C., Schulz, S.: Poster: practical embedded remote attestation using physically unclonable functions. In: ACM Conference on Computer and Communications Security, pp. 797–800 (2011)
    Google ScholarLocate open access versionFindings
  • Kolesnikov, V.: Truly efficient string oblivious transfer using resettable tamperproof tokens. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 327–342. Springer, Heidelberg (2010). doi:10.1007/978-3-642-11799-2 20
    Locate open access versionFindings
  • Ostrovsky, R., Scafuro, A., Visconti, I., Wadia, A.: Universally composable secure computation with (malicious) physically uncloneable functions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 702–718. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38348-9 41
    Locate open access versionFindings
  • Pappu, R.S., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297, 2026–2030 (2002)
    Google ScholarLocate open access versionFindings
  • Pappu, R.S.: Physical one-way functions. Ph.D. thesis. MIT (2001)
    Google ScholarFindings
  • Ruhrmair, U.: On the security of PUF protocols under bad PUFs and PUFs-inside- PUFs attacks. Cryptology ePrint Archive, Report 2016/322 (2016). http://eprint.iacr.org/
    Locate open access versionFindings
  • Sadeghi, A.R., Visconti, I., Wachsmann, C.: Enhancing RFID security and privacy by physically unclonable functions. In: Sadeghi, A.R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security. Information Security and Cryptography, pp. 281–305. Springer, Heidelberg (2010)
    Google ScholarLocate open access versionFindings
  • Sadeghi, A.R., Visconti, I., Wachsmann, C.: PUF-enhanced RFID security and privacy. In: Workshop on Secure Component and System Identification (SECSI) (2010)
    Google ScholarLocate open access versionFindings
  • Standaert, F.-X., Malkin, T.G., Yung, M.: Does physical security of cryptographic devices need a formal study? (Invited talk). In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, p. 70. Springer, Heidelberg (2008). doi:10.1007/ 978-3-540-85093-9 7
    Locate open access versionFindings
  • Ta-Shma, A., Umans, C.: Better condensers and new extractors from ParvareshVardy codes. In: Proceedings of the 27th Conference on Computational Complexity, CCC 2012, Porto, Portugal, 26–29 June 2012, pp. 309–315. IEEE (2012)
    Google ScholarLocate open access versionFindings
  • Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006). doi:10. 1007/11605805 8
    Locate open access versionFindings
  • Vadhan, S.P.: Constructing locally computable extractors and cryptosystems in the bounded-storage model. J. Cryptol. 17(1), 43–77 (2004)
    Google ScholarLocate open access versionFindings
  • Wolf, S., Wullschleger, J.: Oblivious transfer is symmetric. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 222–232. Springer, Heidelberg (2006). doi:10.1007/11761679 14
    Locate open access versionFindings
Full Text
Your rating :
0

 

Tags
Comments