Embedded SFE: Offloading Server and Network Using Hardware Tokens

  • Kimmo Järvinen
  • Vladimir Kolesnikov
  • Ahmad-Reza Sadeghi
  • Thomas Schneider
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6052)


We consider Secure Function Evaluation (SFE) in the client-server setting where the server issues a secure token to the client. The token is not trusted by the client and is not a trusted third party.

We show how to take advantage of the token to drastically reduce the communication complexity of SFE and computation load of the server.

Our main contribution is the detailed consideration of design decisions, optimizations, and trade-offs, associated with the setting and its strict hardware requirements for practical deployment. In particular, we model the token as a computationally weak device with small constant-size memory and limit communication between client and server.

We consider semi-honest, covert, and malicious adversaries. We show the feasibility of our protocols based on a FPGA implementation.


Smart Card Advance Encryption Standard Random Oracle Trusted Third Party Message Authentication Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: STOC 2002, pp. 494–503 (2002)Google Scholar
  2. 2.
    Canright, D.: A very compact S-box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Chandran, N., Goyal, V., Sahai, A.: New constructions for UC secure computation using tamper-proof hardware. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 545–562. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Damgård, I., Nielsen, J.B., Wichs, D.: Universally composable multiparty computation with partially isolated parties. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 315–331. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Feldhofer, M., Wolkerstorfer, J.: Strong crypto for RFID tags — a comparison of low-power hardware implementations. In: IEEE Symp. Circuits and Systems (ISCAS 2007), pp. 1839–1842 (2007)Google Scholar
  6. 6.
    Fort, M., Freiling, F.C., Penso, L.D., Benenson, Z., Kesdogan, D.: Trustedpals: Secure multiparty computation implemented with smart cards. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 34–48. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Goyal, V., Mohassel, P., Smith, A.: Efficient two party and multi party computation against covert adversaries. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 289–306. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Gunupudi, V., Tate, S.: Generalized non-interactive oblivious transfer using count-limited objects with applications to secure mobile agents. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 98–112. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Hazay, C., Lindell, Y.: Constructions of truly practical secure protocols using standard smartcards. In: Proc. ACM CCS, pp. 491–500. ACM, New York (2008)Google Scholar
  10. 10.
    Hofheinz, D., Müller-Quade, J., Unruh, D.: Universally composable zero-knowledge arguments and commitments from signature cards. In: Central European Conference on Cryptology (MoraviaCrypt 2005) (2005)Google Scholar
  11. 11.
    Iliev, A., Smith, S.: More efficient secure function evaluation using tiny trusted third parties. Technical Report TR2005-551, Dartmouth College, Computer Science, Hanover, NH (July 2005)Google Scholar
  12. 12.
    Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Järvinen, K., Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: Embedded SFE: Offloading server and network using hardware tokens. In: Cryptology ePrint Archive, Report 2009/591 (2009),
  14. 14.
    Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 115–128. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Kolesnikov, V., Schneider, T.: Improved garbled circuit: Free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Lindell, Y., Pinkas, B.: An efficient protocol for secure two-party computation in the presence of malicious adversaries. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 52–78. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Lindell, Y., Pinkas, B., Smart, N.: Implementing two-party computation efficiently with security against malicious adversaries. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 2–20. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay — a secure two-party computation system. In: USENIX Security Symposium 2004. USENIX Association (2004)Google Scholar
  19. 19.
    Moran, T., Segev, G.: David and goliath commitments: UC computation for asymmetric parties using tamper-proof hardware. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 527–544. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: ACM-SIAM Symposium on Discrete Algorithms (SODA 2001), pp. 448–457. SIAM, Philadelphia (2001)Google Scholar
  21. 21.
    NIST, U.S. National Institute of Standards and Technology. Federal Information Processing Standards (FIPS 197). Advanced Encryption Standard (AES) (November 2001),
  22. 22.
    NIST, U.S. National Institute of Standards and Technology. Federal Information Processing Standards (FIPS 180-2). Announcing the Secure Hash Standard (August 2002),
  23. 23.
    Pinkas, B., Schneider, T., Smart, N.P., Williams, S.C.: Secure two-party computation is practical. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 250–267. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Song, J.H., Poovendran, R., Lee, J., Iwata, T.: The AES-CMAC Algorithm. RFC 4493 (Informational) (June 2006),
  25. 25.
    Tate, S., Vishwanathan, R.: Improving cut-and-choose in verifiable encryption and fair exchange protocols using trusted computing technology. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security XXIII. LNCS, vol. 5645, pp. 252–267. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    Yao, A.C.: How to generate and exchange secrets. In: IEEE Symposium on Foundations of Computer Science (FOCS 1986), pp. 162–167. IEEE, Los Alamitos (1986)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Kimmo Järvinen
    • 1
  • Vladimir Kolesnikov
    • 2
  • Ahmad-Reza Sadeghi
    • 3
  • Thomas Schneider
    • 3
  1. 1.Dep. of Information and Comp. ScienceAalto UniversityFinland
  2. 2.Alcatel-Lucent Bell LaboratoriesMurray HillUSA
  3. 3.Horst Görtz Institute for IT-SecurityRuhr-University BochumGermany

Personalised recommendations