On Tamper-Resistance from a Theoretical Viewpoint

The Power of Seals
  • Paulo Mateus
  • Serge Vaudenay
Conference paper

DOI: 10.1007/978-3-642-04138-9_29

Volume 5747 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Mateus P., Vaudenay S. (2009) On Tamper-Resistance from a Theoretical Viewpoint. In: Clavier C., Gaj K. (eds) Cryptographic Hardware and Embedded Systems - CHES 2009. Lecture Notes in Computer Science, vol 5747. Springer, Berlin, Heidelberg

Abstract

Tamper-proof devices are pretty powerful. They can be used to have better security in applications. In this work we observe that they can also be maliciously used in order to defeat some common privacy protection mechanisms. We propose the theoretical model of trusted agent to formalize the notion of programmable secure hardware. We show that protocols not using tamper-proof devices are not deniable if malicious verifiers can use trusted agents. In a strong key registration model, deniability can be restored, but only at the price of using key escrow. As an application, we show how to break invisibility in undeniable signatures, how to sell votes in voting schemes, how to break anonymity in group/ring signatures, and how to carry on the Mafia fraud in non-transferable protocols. We conclude by observing that the ability to put boundaries in computing devices prevents from providing full control on how private information spreads: the concept of sealing a device is in some sense incompatible with privacy.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Paulo Mateus
    • 1
  • Serge Vaudenay
    • 2
  1. 1.SQIG /Instituto de Telecomunicações - IST/TULisbonLisboaPortugal
  2. 2.EPFLLausanneSwitzerland