Abstract
A recent line of work has explored the use of physically unclonable functions (PUFs) for secure computation, with the goals of (1) achieving universal composability without additional setup and/or (2) obtaining unconditional security (i.e., avoiding complexity-theoretic assumptions). Initial work assumed that all PUFs, even those created by an attacker, are honestly generated. Subsequently, researchers have investigated models in which an adversary can create malicious PUFs with arbitrary behavior. Researchers have considered both malicious PUFs that might be stateful, as well as malicious PUFs that can have arbitrary behavior but are guaranteed to be stateless. We settle the main open questions regarding secure computation in the malicious-PUF model:
We prove that unconditionally secure oblivious transfer is impossible, even in the stand-alone setting, if the adversary can construct (malicious) stateful PUFs.
We show that if the attacker is limited to creating (malicious) stateless PUFs, then universally composable two-party computation is possible, unconditionally.
Similar content being viewed by others
Notes
This is easy to do by having \({\mathcal {S}}\) choose a random “trapdoor” \(\mathsf{td}\), and then create a circuit with the following behavior: on input \(x \ne \mathsf{td}\), return \(h_k(x)\) and concatenate x to the state; on input \(\mathsf{td}\), return the current state. Note that creating PUFs in this way will have only a negligible effect on the output of an honest execution of any PUF-based protocol, since the probability that the PUF is queried with \(\mathsf{td}\) during execution of the protocol is negligible.
References
F. Armknecht, R. Maes, A.-R. Sadeghi, F.-X. Standaert, C. Wachsmann, A formalization of the security features of physical functions, in IEEE Symposium on Security and Privacy (IEEE, Washington, 2011), pp. 397–412
S. Badrinarayanan, D. Khurana, R. Ostrovsky, I. Visconti, Unconditional UC-secure computation with (stronger-malicious) PUFs, in Advances in Cryptology—Eurocrypt 2017, Part I, Volume 10210 of LNCS (Springer, Berlin, 2017), pp. 382–411
B. Barak, M. Mahmoody-Ghidary, Merkle puzzles are optimal—an \(O(n^2)\)-query attack on any key exchange from a random oracle. J. Cryptol.30(3), 699–734 (2017)
M. Ben-Or, S. Goldwasser, A. Wigderson, Completeness theorems for noncryptographic fault-tolerant distributed computations, in 20th Annual ACM Symposium on Theory of Computing (STOC) (ACM Press, London, 1988), pp. 1–10
C. Brzuska, M. Fischlin, H. Schröder, S. Katzenbeisser, Physically uncloneable functions in the universal composition framework, in Advances in Cryptology—Crypto 2011, Volume 6841 of LNCS (Springer, Berlin, 2011), pp. 51–70
R. Canetti. Universally composable security: a new paradigm for cryptographic protocols, in 42nd Annual Symposium on Foundations of Computer Science (FOCS) (IEEE, Washington, 2001), pp. 136–145. Full version available at http://eprint.iacr.org/2000/067/
R. Canetti, Y. Dodis, R. Pass, S. Walfish, Universally composable security with global setup, in 4th Theory of Cryptography Conference—TCC 2007, Volume 4392 of LNCS (Springer, Berlin, 2007), pp. 61–85
R. Canetti, M. Fischlin, Universally composable commitments, in Advances in Cryptology—Crypto 2001, Volume 2139 of LNCS (Springer, Berlin, 2001), pp. 19–40
R. Canetti, E. Kushilevitz, Y. Lindell, On the limitations of universally composable two-party computation without set-up assumptions. J. Cryptol.19(2), 135–167 (2006)
I. Damgård, A. Scafuro, Unconditionally secure and universally composable commitments from physical assumptions, In Advances in Cryptology—Asiacrypt 2013, Part II, Volume 8270 of LNCS (Springer, Berlin, 2013), pp. 100–119
Y. Dodis, R. Ostrovsky, L. Reyzin, A. Smith, Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput.38(1), 97–139 (2008)
V. Goyal, Y. Ishai, M. Mahmoody, A. Sahai, Interactive locking, zero-knowledge PCPs, and unconditional cryptography, in Advances in Cryptology—Crypto 2010, Volume 6223 of LNCS (Springer, Berlin, 2010), pp. 173–190
R. Impagliazzo, S. Rudich, Limits on the provable consequences of one-way permutations, in 21st Annual ACM Symposium on Theory of Computing (STOC) (ACM Press, New York, 1989), pp. 44–61
Y. Ishai, M. Prabhakaran, A. Sahai, Founding cryptography on oblivious transfer—efficiently, in Advances in Cryptology—Crypto 2008, Volume 5157 of LNCS (Springer, Berlin, 2008), pp. 572–591
J. Katz, Universally composable multi-party computation using tamper-proof hardware, in Advances in Cryptology—Eurocrypt 2007, Volume 4515 of LNCS (Springer, Berlin, 2007), pp. 115–128
S. Katzenbeisser, Ü. Koçabas, V. Rozic, A.-R. Sadeghi, I. Verbauwhede, C. Wachsmann, PUFs: Myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon, in Cryptographic Hardware and Embedded Systems—CHES 2012, Volume 7428 of LNCS (Springer, Berlin, 2012), pp. 283–301
Y. Lindell, B. Pinkas, A proof of security of Yao’s protocol for two-party computation. J. Cryptol.22(2), 161–188 (2009)
R. Ostrovsky, A. Scafuro, I. Visconti, A. Wadia, Universally composable secure computation with (malicious) physically uncloneable functions, in Advances in Cryptology—Eurocrypt 2013, Volume 7881 of LNCS (Springer, Berlin, 2013), pp. 702–718
R.S. Pappu, Physical One-Way Functions. PhD thesis, Massachusetts Institute of Technology (2001)
R.S. Pappu, B. Recht, J. Taylor, N. Gershenfeld, Physical one-way functions. Science297, 2026–2030 (2002)
U. Rührmair, Oblivious transfer based on physical uncloneable functions, in Trust and Trustworthy Computing, Volume 6101 of LNCS (Springer, Berlin, 2010), pp. 430–440
U. Rührmair, S. Katzenbeisser, H. Busch. Strong PUFs: models, constructions, and security proofs, in Towards Hardware-Intrinsic Security (Springer, Berlin, 2010), pp. 79–96
U. Rührmair, M. van Dijk, PUFs in security protocols: attack models and security evaluations, in IEEE Symposium on Security and Privacy (IEEE, Washington, 2013), pp. 286–300
M. van Dijk, U. Rührmair, Physical unclonable functions in cryptographic protocols: security proofs and impossibility results. Cryptology ePrint Archive, Report 2012/228 (2012)
Acknowledgements
Work of Nils Fleischhacker and Dominique Schröder was done in part while at Saarland University and while visiting the University of Maryland. Their work was supported by the German Federal Ministry of Education and Research (BMBF) through funding for the Center for IT-Security, Privacy, and Accountability (CISPA; see www.cispa-security.org). The visit of Nils Fleischhacker was supported by the Saarbrücken Graduate School of Computer Science funded by the German National Excellence Initiative, and the visit of Dominique Schröder was supported by NSF Award #1223623. Work of Dominique Schröder was also supported by an Intel Early Career Faculty Honor Program Award. Work of Jonathan Katz was supported in part by NSF Award #1223623, as well as by a Humboldt Award. Work of Anna Lysyanskaya was supported by NSF Awards #0964379 and #1012060.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Serge Fehr.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Dachman-Soled, D., Fleischhacker, N., Katz, J. et al. Feasibility and Infeasibility of Secure Computation with Malicious PUFs. J Cryptol 33, 595–617 (2020). https://doi.org/10.1007/s00145-019-09329-9
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-019-09329-9