Results 1 
7 of
7
Garbled circuits for leakageresilience: Hardware implementation and evaluation of onetime programs
 CRYPTOLOGY EPRINT ARCHIVE, REPORT 2010/276
, 2010
"... The power of sidechannel leakage attacks on cryptographic implementations is evident. Today’s practical defenses are typically attackspecific countermeasures against certain classes of sidechannel attacks. The demand for a more general solution has given rise to the recent theoretical research th ..."
Abstract

Cited by 15 (8 self)
 Add to MetaCart
(Show Context)
The power of sidechannel leakage attacks on cryptographic implementations is evident. Today’s practical defenses are typically attackspecific countermeasures against certain classes of sidechannel attacks. The demand for a more general solution has given rise to the recent theoretical research that aims to build provably leakageresilient cryptography. This direction is, however, very new and still largely lacks practitioners ’ evaluation with regard to both efficiency and practical security. A recent approach, OneTime Programs (OTPs), proposes using Yao’s Garbled Circuit (GC) and very simple tamperproof hardware to securely implement oblivious transfer, to guarantee leakage resilience. Our main contributions are (i) a generic architecture for using GC/ OTP modularly, and (ii) hardware implementation and efficiency analysis of GC/OTP evaluation. We implemented two FPGAbased prototypes: a systemonaprogrammablechip with access to hardware crypto accelerator (suitable for smartcards and future smartphones), and a standalone hardware implementation (suitable for ASIC design). We chose AES as a representative complex function for implementation and measurements. As a result of this work, we are able to understand, evaluate and improve the practicality of employing GC/OTP as a leakageresistance approach.
Interactive Locking, ZeroKnowledge PCPs, and Unconditional Cryptography
, 2010
"... Motivated by the question of basing cryptographic protocols on stateless tamperproof hardware tokens, we revisit the question of unconditional twoprover zeroknowledge proofs for NP. We show that such protocols exist in the interactive PCP model of Kalai and Raz (ICALP ’08), where one of the prove ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Motivated by the question of basing cryptographic protocols on stateless tamperproof hardware tokens, we revisit the question of unconditional twoprover zeroknowledge proofs for NP. We show that such protocols exist in the interactive PCP model of Kalai and Raz (ICALP ’08), where one of the provers is replaced by a PCP oracle. This strengthens the feasibility result of BenOr, Goldwasser, Kilian, and Wigderson (STOC ’88) which requires two stateful provers. In contrast to previous zeroknowledge PCPs of Kilian, Petrank, and Tardos (STOC ’97), in our protocol both the prover and the PCP oracle are efficient given an NP witness. Our main technical tool is a new primitive that we call interactive locking, an efficient realization of an unconditionally secure commitment scheme in the interactive PCP model. We implement interactive locking by adapting previous constructions of interactive hashing protocols to our setting, and also provide a direct construction which uses a minimal amount of interaction and improves over our interactive hashing based constructions. Finally, we apply the above results towards showing the feasibility of basing unconditional cryptography on stateless tamperproof hardware tokens, and obtain the following results:
BiTR: Builtin Tamper Resilience
"... Abstract. The assumption of the availability of tamperproof hardware tokens has been used extensively in the design of cryptographic primitives. For example, Katz (Eurocrypt 2007) suggests them as an alternative to other setup assumptions, towards achieving general UCsecure multiparty computation ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Abstract. The assumption of the availability of tamperproof hardware tokens has been used extensively in the design of cryptographic primitives. For example, Katz (Eurocrypt 2007) suggests them as an alternative to other setup assumptions, towards achieving general UCsecure multiparty computation. On the other hand, a lot of recent research has focused on protecting security of various cryptographic primitives against physical attacks such as leakage and tampering. In this paper we put forward the notion of Builtin Tamper Resilience (BiTR) for cryptographic protocols, capturing the idea that the protocol that is encapsulated in a hardware token is designed in such a way so that tampering gives no advantage to an adversary. Our definition is within the UC model, and can be viewed as unifying and extending several prior related works. We provide a composition theorem for BiTR security of protocols, impossibility results, as well as several BiTR constructions for specific cryptographic protocols or tampering function classes. In particular, we achieve general UCsecure computation based on a hardware token that may be susceptible to affine tampering attacks. We also prove that two existing identification and signature schemes (by Schnorr and Okamoto, respecitively) are already BiTR against affine attacks (without requiring any modification or endcoding). We next observe that nonmalleable codes can be used as state encodings to achieve the BiTR property, and show new positive results for deterministic nonmalleable encodings for various classes of tampering functions. 1
(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens
, 2013
"... We continue the line of work initiated by Katz (Eurocrypt 2007) on using tamperproof hardware for universally composable secure computation. As our main result, we show an efficient oblivioustransfer (OT) protocol in which two parties each create and exchange a single, stateless token and can then ..."
Abstract
 Add to MetaCart
(Show Context)
We continue the line of work initiated by Katz (Eurocrypt 2007) on using tamperproof hardware for universally composable secure computation. As our main result, we show an efficient oblivioustransfer (OT) protocol in which two parties each create and exchange a single, stateless token and can then run an unbounded number of OTs. Our result yields what we believe is the most practical and efficient known approach for oblivious transfer based on tamperproof tokens, and implies that the parties can perform (repeated) secure computation of arbitrary functions without exchanging additional tokens. Motivated by this result, we investigate the minimal number of stateless tokens needed for universally composable OT / secure computation. We prove that our protocol is optimal in this regard for constructions making blackbox use of the tokens (in a sense we define). We also show that nonblackbox techniques can be used to obtain a construction using only a single stateless token.
Activities on Design and Analysis of Primitives and Protocols Editor
"... PU Public X PP Restricted to other programme participants (including the Commission services) RE Restricted to a group specified by the consortium (including the Commission services) CO Confidential, only for members of the consortium (including the Commission services) Final Report on Jointly Execu ..."
Abstract
 Add to MetaCart
(Show Context)
PU Public X PP Restricted to other programme participants (including the Commission services) RE Restricted to a group specified by the consortium (including the Commission services) CO Confidential, only for members of the consortium (including the Commission services) Final Report on Jointly Executed Research
Studies in the Efficiency and (versus) Security of Cryptographic Tasks
"... In this thesis, we deal with the following questions: (1) How efficient a cryptographic algorithm can be while achieving a desired level of security? (2) Since mathematical conjectures like P = NP are necessary for the possibility of secure cryptographic primitives in the standard models of computa ..."
Abstract
 Add to MetaCart
(Show Context)
In this thesis, we deal with the following questions: (1) How efficient a cryptographic algorithm can be while achieving a desired level of security? (2) Since mathematical conjectures like P = NP are necessary for the possibility of secure cryptographic primitives in the standard models of computation: (a) Can we base cryptography solely based on the widely believed assumption of P = NP, or do we need stronger assumptions? (b) Which alternative nonstandard models offer us provable security unconditionally, while being implementable in real life? First we study the question of security vs. efficiency in publickey cryptography and prove tight bounds on the efficiency of blackbox constructions of keyagreement and (publickey) digital signatures that achieve a desired level of security using “randomlike ” functions. Namely, we prove that any keyagreement protocol in the random oracle model where the parties ask at most n oracle queries can be broken by an adversary who asks at most O(n 2) oracle queries and finds the key with high probability. This improves upon the previous Õ(n 6)query attack of Impagliazzo and Rudich [98] and proves that a simple keyagreement protocol due to Merkle [118] is optimal. We also prove that any signature scheme in the