Feasibility and Infeasibility of Secure Computation with Malicious PUFs
A recent line of work has explored the use of physically uncloneable functions (PUFs) for secure computation, with the goals of (1) achieving universal composability without (additional) setup, and/or (2) obtaining unconditional security (i.e., avoiding complexity-theoretic assumptions). Initial work assumed that all PUFs, even those created by an attacker, are honestly generated. Subsequently, researchers have investigated models in which an adversary can create malicious PUFs with arbitrary behavior. Researchers have considered both malicious PUFs that might be stateful, as well as malicious PUFs that can have arbitrary behavior but are guaranteed to be stateless.
We prove that unconditionally secure oblivious transfer is impossible, even in the stand-alone setting, if the adversary can construct (malicious) stateful PUFs.
We show that universally composable two-party computation is possible if the attacker is limited to creating (malicious) stateless PUFs. Our protocols are simple and efficient, and do not require any cryptographic assumptions.
KeywordsRandom Oracle Secure Computation Oblivious Transfer Physically Uncloneable Function Unconditional Security
- 1.Armknecht, F., Maes, R., Sadeghi, A.R., Standaert, F.X., Wachsmann, C.: A formalization of the security features of physical functions. In: IEEE Symposium on Security and Privacy, pp. 397–412. IEEE Computer Society Press (2011)Google Scholar
- 2.Barak, B., Mahmoody, M.: Merkle’s key agreement protocol is optimal: An o(n2) attack on any key agreement from a random oracle (2013) (manuscript ), http://www.cs.virginia.edu/~mohammad/files/papers/MerkleFull.pdf
- 4.Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for noncryptographic fault-tolerant distributed computations. In: 20th Annual ACM Symposium on Theory of Computing, pp. 1–10. ACM Press (1988)Google Scholar
- 6.Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, pp. 136–145. IEEE Computer Society Press (2001)Google Scholar
- 10.Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game, or a completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM Press (1987)Google Scholar
- 12.Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: 21st Annual ACM Symposium on Theory of Computing, pp. 44–61. ACM Press (1989)Google Scholar
- 15.Katzenbeisser, S., Kocabaş, Ü., Rožić, V., Sadeghi, A.-R., Verbauwhede, I., Wachsmann, C.: PUFs: Myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 283–301. Springer, Heidelberg (2012)CrossRefGoogle Scholar
- 17.Maes, R., Verbauwhede, I.: Physically unclonable functions: A study on the state of the art and future research directions. In: Towards Hardware-Intrinsic Security, pp. 3–37. Springer (2010)Google Scholar
- 19.Pappu, R.S.: Physical One-Way Functions. Phd thesis, Massachusetts Institute of Technology (2001)Google Scholar
- 22.Rührmair, U., Katzenbeisser, S., Busch, H.: Strong PUFs: Models, constructions, and security proofs. In: Towards Hardware-Intrinsic Security, pp. 79–96. Springer (2010)Google Scholar
- 23.van Dijk, M., Rührmair, U.: PUFs in security protocols: attack models and security evaluations. In: IEEE Symposium on Security and Privacy, pp. 286–300. IEEE Computer Society Press (2013)Google Scholar