On Tamper-Resistance from a Theoretical Viewpoint
- Cite this paper as:
- Mateus P., Vaudenay S. (2009) On Tamper-Resistance from a Theoretical Viewpoint. In: Clavier C., Gaj K. (eds) Cryptographic Hardware and Embedded Systems - CHES 2009. Lecture Notes in Computer Science, vol 5747. Springer, Berlin, Heidelberg
Tamper-proof devices are pretty powerful. They can be used to have better security in applications. In this work we observe that they can also be maliciously used in order to defeat some common privacy protection mechanisms. We propose the theoretical model of trusted agent to formalize the notion of programmable secure hardware. We show that protocols not using tamper-proof devices are not deniable if malicious verifiers can use trusted agents. In a strong key registration model, deniability can be restored, but only at the price of using key escrow. As an application, we show how to break invisibility in undeniable signatures, how to sell votes in voting schemes, how to break anonymity in group/ring signatures, and how to carry on the Mafia fraud in non-transferable protocols. We conclude by observing that the ability to put boundaries in computing devices prevents from providing full control on how private information spreads: the concept of sealing a device is in some sense incompatible with privacy.