Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering

  • Rosario Gennaro
  • Anna Lysyanskaya
  • Tal Malkin
  • Silvio Micali
  • Tal Rabin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2951)


Traditionally, secure cryptographic algorithms provide security against an adversary who has only black-box access to the secret information of honest parties. However, such models are not always adequate. In particular, the security of these algorithms may completely break under (feasible) attacks that tamper with the secret key.

In this paper we propose a theoretical framework to investigate the algorithmic aspects related to tamper-proof security. In particular, we define a model of security against an adversary who is allowed to apply arbitrary feasible functions f to the secret key sk, and obtain the result of the cryptographic algorithms using the new secret key f(sk).

We prove that in the most general setting it is impossible to achieve this strong notion of security. We then show minimal additions to the model, which are needed in order to obtain provable security.

We prove that these additions are necessary and also sufficient for most common cryptographic primitives, such as encryption and signature schemes.

We discuss the applications to portable devices protected by PINs and show how to integrate PIN security into the generic security design.

Finally we investigate restrictions of the model in which the tampering powers of the adversary are limited. These restrictions model realistic attacks (like differential fault analysis) that have been demonstrated in practice. In these settings we show security solutions that work even without the additions mentioned above.


Smart Card Signature Scheme Cryptographic Algorithm Public Parameter Honest Party 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [AARR03]
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. [AK96]
    Anderson, R., Kuhn, M.: Tamper Resistance - a Cautionary Note. In: Proceedings of the Second Usenix Workshop on Electronic Commerce, November 1996, pp. 1–11 (1996)Google Scholar
  3. [BDL01]
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. Journal of Cryptology 14(2), 101–119 (2001)MATHCrossRefMathSciNetGoogle Scholar
  4. [BS97]
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)Google Scholar
  5. [CGGM00]
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In: Proc. 32nd Annual ACM Symposium on Theory of Computing (STOC), pp. 235–244 (2000)Google Scholar
  6. [CS99]
    Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. In: Proc. 6th ACM Conference on Computer and Communications Security, November 1999, pp. 46–52. ACM Press, New York (1999)CrossRefGoogle Scholar
  7. [FS87]
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  8. [GHR99]
    Gennaro, R., Halevi, S., Rabin, T.: Secure hash-and-sign signatures without the random oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139. Springer, Heidelberg (1999)Google Scholar
  9. [GM84]
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)MATHCrossRefMathSciNetGoogle Scholar
  10. [GMR88]
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281–308 (1988)MATHCrossRefMathSciNetGoogle Scholar
  11. [GMW87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proc. 19th Annual ACM Symposium on Theory of Computing (STOC), pp. 218–229 (1987)Google Scholar
  12. [Gol98]
    Goldreich, O.: Secure multi-party computation (1998) (manuscript), Available from:
  13. [Gol01]
    Goldreich, O.: Foundations of Cryptography. Cambridge University Press, Cambridge (2001)MATHCrossRefGoogle Scholar
  14. [GQ88]
    Guillou, L.C., Quisquater, J.-J.: A “Paradoxical” identity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, Heidelberg (1990)Google Scholar
  15. [ISW03]
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: Securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. [KJJ99]
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  17. [MR03]
    Micali, S., Reyzin, L.: Physically observable cryptography (2003),
  18. [Ped92]
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  19. [QS01]
    Quisquater, J.J., Samyde, D.: Electro magnetic analysis (EMA): Measures and countermeasures for smart cards. In: International Conference on Research in Smart Cards – Esmart. LNCS, vol. 435, pp. 200–210. Springer, Heidelberg (2001)Google Scholar
  20. [SA03]
    Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. [Sch91]
    Schnorr, C.P.: Efficient signature generation for smart cards. Journal of Cryptology 4(3), 239–252 (1991)CrossRefMathSciNetGoogle Scholar
  22. [Yao82]
    Yao, A.C.: Protocols for secure computations. In: Proc. 23rd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 160–164 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Rosario Gennaro
    • 1
  • Anna Lysyanskaya
    • 2
  • Tal Malkin
    • 3
  • Silvio Micali
    • 4
  • Tal Rabin
    • 1
  1. 1.IBM T.J. Watson Research Center 
  2. 2.Department of Computer ScienceBrown University 
  3. 3.Department of Computer ScienceColumbia University 
  4. 4.M.I.T. Laboratory for Computer Science 

Personalised recommendations