Theory of Cryptography

Volume 2951 of the series Lecture Notes in Computer Science pp 258-277

Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering

  • Rosario GennaroAffiliated withIBM T.J. Watson Research Center
  • , Anna LysyanskayaAffiliated withDepartment of Computer Science, Brown University
  • , Tal MalkinAffiliated withDepartment of Computer Science, Columbia University
  • , Silvio MicaliAffiliated withM.I.T. Laboratory for Computer Science
  • , Tal RabinAffiliated withIBM T.J. Watson Research Center


Traditionally, secure cryptographic algorithms provide security against an adversary who has only black-box access to the secret information of honest parties. However, such models are not always adequate. In particular, the security of these algorithms may completely break under (feasible) attacks that tamper with the secret key.

In this paper we propose a theoretical framework to investigate the algorithmic aspects related to tamper-proof security. In particular, we define a model of security against an adversary who is allowed to apply arbitrary feasible functions f to the secret key sk, and obtain the result of the cryptographic algorithms using the new secret key f(sk).

We prove that in the most general setting it is impossible to achieve this strong notion of security. We then show minimal additions to the model, which are needed in order to obtain provable security.

We prove that these additions are necessary and also sufficient for most common cryptographic primitives, such as encryption and signature schemes.

We discuss the applications to portable devices protected by PINs and show how to integrate PIN security into the generic security design.

Finally we investigate restrictions of the model in which the tampering powers of the adversary are limited. These restrictions model realistic attacks (like differential fault analysis) that have been demonstrated in practice. In these settings we show security solutions that work even without the additions mentioned above.