Feasibility and Infeasibility of Secure Computation with Malicious PUFs

A recent line of work has explored the use of physically unclonable functions (PUFs) for secure computation, with the goals of (1) achieving universal composability without additional setup and/or (2) obtaining unconditional security (i.e., avoiding complexity-theoretic assumptions). Initial work assumed that all PUFs, even those created by an attacker, are honestly generated. Subsequently, researchers have investigated models in which an adversary can create malicious PUFs with arbitrary behavior. Researchers have considered both malicious PUFs that might be stateful , as well as malicious PUFs that can have arbitrary behavior but are guaranteed to be stateless . We settle the main open questions regarding secure computation in the malicious-PUF model: We prove that unconditionally secure oblivious transfer is impossible, even in the stand-alone setting, if the adversary can construct (malicious) stateful PUFs. We show that if the attacker is limited to creating (malicious) stateless PUFs, then universally composable two-party computation is possible, unconditionally.

[1]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[2]  Ulrich Rührmair,et al.  PUFs in Security Protocols: Attack Models and Security Evaluations , 2013, 2013 IEEE Symposium on Security and Privacy.

[3]  Yuval Ishai,et al.  Interactive Locking, Zero-Knowledge PCPs, and Unconditional Cryptography , 2010, Electron. Colloquium Comput. Complex..

[4]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[5]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[6]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[7]  Boaz Barak,et al.  Merkle’s Key Agreement Protocol is Optimal: An $$O(n^2)$$O(n2) Attack on Any Key Agreement from Random Oracles , 2017, Journal of Cryptology.

[8]  Stefan Katzenbeisser,et al.  Physically Uncloneable Functions in the Universal Composition Framework , 2011, CRYPTO.

[9]  Stefan Katzenbeisser,et al.  PUFs: Myth, Fact or Busted? A Security Evaluation of Physically Unclonable Functions (PUFs) Cast in Silicon , 2012, CHES.

[10]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[11]  Boaz Barak,et al.  Merkle Puzzles Are Optimal - An O(n2)-Query Attack on Any Key Exchange from a Random Oracle , 2009, CRYPTO.

[12]  Ulrich Rührmair,et al.  Physical Unclonable Functions in Cryptographic Protocols: Security Proofs and Impossibility Results , 2012, IACR Cryptol. ePrint Arch..

[13]  Ingrid Verbauwhede,et al.  Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions , 2010, Towards Hardware-Intrinsic Security.

[14]  Rafail Ostrovsky,et al.  Unconditional UC-Secure Computation with (Stronger-Malicious) PUFs , 2017, EUROCRYPT.

[15]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[16]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[17]  Ulrich Rührmair,et al.  Strong PUFs: Models, Constructions, and Security Proofs , 2010, Towards Hardware-Intrinsic Security.

[18]  Frederik Armknecht,et al.  A Formalization of the Security Features of Physical Functions , 2011, 2011 IEEE Symposium on Security and Privacy.

[19]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation Without Set-Up Assumptions , 2003, Journal of Cryptology.

[20]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[21]  Ulrich Rührmair,et al.  Oblivious Transfer Based on Physical Unclonable Functions , 2010, TRUST.

[22]  Rafail Ostrovsky,et al.  Universally Composable Secure Computation with (Malicious) Physically Uncloneable Functions , 2012, IACR Cryptol. ePrint Arch..

[23]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[24]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[25]  Silvio Micali,et al.  How to play any mental game, or a completeness theorem for protocols with honest majority , 2019, Providing Sound Foundations for Cryptography.

[26]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[27]  Ivan Damgård,et al.  Unconditionally Secure and Universally Composable Commitments from Physical Assumptions , 2013, IACR Cryptol. ePrint Arch..

[28]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.