Basing cryptographic protocols on tamper-evident seals

In this article, we attempt to formally study two very intuitive physical models: sealed envelopes and locked boxes, often used as illustrations for common cryptographic operations. We relax the security properties usually required from locked boxes [such as in bit-commitment (BC) protocols] and require only that a broken lock or torn envelope be identifiable to the original sender. Unlike the completely impregnable locked box, this functionality may be achievable in real life, where containers having this property are called ''tamper-evident seals''. Another physical object with this property is the ''scratch-off card'', often used in lottery tickets. We consider three variations of tamper-evident seals, and show that under some conditions they can be used to implement oblivious transfer, BC and coin flipping (CF). We also show a separation between the three models. One of our results is a strongly fair CF protocol with bias bounded by O(1/r) (where r is the number of rounds); this was a stepping stone towards achieving such a protocol in the standard model (in subsequent work).

[1]  Dominic Mayers Unconditionally secure quantum bit commitment is impossible , 1997 .

[2]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[3]  Matt Blaze Safecracking for the computer scientist , 2004 .

[4]  Ivan Damgård,et al.  Unfair Noisy Channels and Oblivious Transfer , 2003, TCC.

[5]  Ivan Damgård,et al.  On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions , 1998, EUROCRYPT.

[6]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[7]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[8]  Claude Crépeau,et al.  Efficient Cryptographic Protocols Based on Noisy Channels , 1997, EUROCRYPT.

[9]  Oded Goldreich,et al.  How to Solve any Protocol Problem - An Efficiency Improvement , 1987, CRYPTO.

[10]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[11]  Moni Naor,et al.  Polling with Physical Envelopes: A Rigorous Analysis of a Human-Centric Protocol , 2006, EUROCRYPT.

[12]  Matt Blaze Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks , 2002, IACR Cryptol. ePrint Arch..

[13]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[14]  Peter Winkler,et al.  Comparing information without leaking it , 1996, CACM.

[15]  Andrew Chi-Chih Yao,et al.  Quantum bit escrow , 2000, STOC '00.

[16]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[17]  Joe Kilian,et al.  Achieving oblivious transfer using weakened security assumptions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[18]  David Flannery,et al.  In Code: A Mathematical Journey , 2002 .

[19]  Markus Jakobsson,et al.  Cryptographic Randomized Response Techniques , 2003, Public Key Cryptography.

[20]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[21]  H. F. Chau,et al.  Why quantum bit commitment and ideal quantum coin tossing are impossible , 1997 .

[22]  Matt Blaze,et al.  Rights Amplification in Master-Keyed Mechanical Locks , 2003, IEEE Secur. Priv..