Skip to main content

Steel: Composable Hardware-Based Stateful and Randomised Functional Encryption

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12711)

Abstract

Trusted execution environments (TEEs) enable secure execution of programs on untrusted hosts and cryptographically attest the correctness of outputs. As these are complex systems, it is essential to formally capture the exact security achieved by protocols employing TEEs, and ultimately, prove their security under composition, as TEEs are typically employed in multiple protocols, simultaneously.

Our contribution is twofold. On the one hand, we show that under existing definitions of attested execution setup, we can realise cryptographic functionalities that are unrealisable in the standard model. On the other hand, we extend the adversarial model to capture a broader class of realistic adversaries, we demonstrate weaknesses of existing security definitions this class, and we propose stronger ones.

Specifically, we first define a generalization of Functional Encryption that captures Stateful and Randomised functionalities (\(\mathrm {FESR}\)). Then, assuming the ideal functionality for attested execution of Pass et al. (Eurocrypt ’2017), we construct the associated protocol, \(\mathsf {Steel}\), and we prove that \(\mathsf {Steel}\) UC-realises \(\mathrm {FESR}\) in the universal composition with global subroutines model by Badertscher et al. (TCC ’2020). Our work is also a validation of the compositionality of the \(\mathsf {Iron}\) protocol by Fisch et al. (CCS ’2017), capturing (non-stateful) hardware-based functional encryption.

As the existing functionality for attested execution of Pass et al. is too strong for real world use, we propose a weaker functionality that allows the adversary to conduct rollback and forking attacks. We demonstrate that \(\mathsf {Steel}\) (realising stateful functionalities), contrary to the stateless variant corresponding to \(\mathsf {Iron}\), is not secure in this setting and discuss possible mitigation techniques.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-75248-4_25
  • Chapter length: 28 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   109.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-75248-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   149.99
Price excludes VAT (USA)

Notes

  1. 1.

    Here we omit some standard UC-related hybrids.

  2. 2.

    Here CCA security is a requirement as the adversary is allowed to tamper with honestly generated ciphertexts.

  3. 3.

    In a nutshell the inconsistency arises from a discrepancy in the proof that emulation for a single-challenge session version, called EUC (used to prove protocols secure), implies UC-emulation for the multi-challenge GUC notion (used to prove the composition theorem).

References

  1. Abdalla, M., Benhamouda, F., Kohlweiss, M., Waldner, H.: Decentralizing inner-product functional encryption. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 128–157. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_5

    CrossRef  Google Scholar 

  2. Agrawal, S., Wu, D.J.: Functional encryption: deterministic to randomized functions from simple assumptions. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 30–61. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_2

    CrossRef  Google Scholar 

  3. Agrawal, S., Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption: new perspectives and lower bounds. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 500–518. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_28

    CrossRef  Google Scholar 

  4. Ahmad, A., Joe, B., Xiao, Y., Zhang, Y., Shin, I., Lee, B.: OBFUSCURO: a commodity obfuscation engine on intel SGX. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24–27, 2019. The Internet Society (2019). ISBN 1-891562-55-X. https://www.ndss-symposium.org/ndss-paper/obfuscuro-a-commodity-obfuscation-engine-on-intel-sgx/

  5. Cloud, A.: TEE-based confidential computing. https://www.alibabacloud.com/help/doc-detail/164536.htm (2020)

  6. Ateniese, G., Kiayias, A., Magri, B., Tselekounis, Y., Venturi, D.: Secure outsourcing of cryptographic circuits manufacturing. In: Baek, J., Susilo, W., Kim, J. (eds.) ProvSec 2018. LNCS, vol. 11192, pp. 75–93. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01446-9_5

    CrossRef  Google Scholar 

  7. Aumasson, J., Merino, L.: SGX secure enclaves in practice: security and crypto review. Black Hat 2016, 10 (2016)

    Google Scholar 

  8. Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 324–356. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_11

    CrossRef  Google Scholar 

  9. Badertscher, C., Canetti, R., Hesse, J., Tackmann, B., Zikas, V.: Universal composition with global subroutines: capturing global setup within plain UC. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12552, pp. 1–30. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_1

    CrossRef  Google Scholar 

  10. Badertscher, C., Canetti, R., Hesse, J., Tackmann, B., Zikas, V.: Universal composition with global subroutines: capturing global setup within plain UC. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12552, pp. 1–30. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_1

    CrossRef  Google Scholar 

  11. Badertscher, C., Kiayias, A., Kohlweiss, M., Waldner, H.: Consistency for functional encryption. Cryptology ePrint Archive, Report 2020/137 (2020). https://eprint.iacr.org/2020/137

  12. Baghery, K., Kohlweiss, M., Siim, J., Volkhov, M.: Another look at extraction and randomization of groth’s zk-SNARK. Cryptology ePrint Archive, Report 2020/811 (2020). https://eprint.iacr.org/2020/811

  13. Bahmani, R., et al.: Secure multiparty computation from SGX. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 477–497. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_27

    CrossRef  Google Scholar 

  14. Bailleu, M., Thalheim, J., Bhatotia, P., Fetzer, C., Honda, M., Vaswani, K.: SPEICHER: securing lsm-based key-value stores using shielded execution. In: Merchant, A., Weatherspoon, H. (eds.) 17th USENIX Conference on File and Storage Technologies, FAST 2019, Boston, MA, February 25–28, 2019, pages 173–190. USENIX Association (2019). URL https://www.usenix.org/conference/fast19/presentation/bailleu

  15. Barbosa, M., Portela, B., Scerri, G., Warinschi, B.: Foundations of hardware-based attested computation and application to SGX. Cryptology ePrint Archive, Report 2016/014 (2016). http://eprint.iacr.org/2016/014

  16. Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_16

    CrossRef  Google Scholar 

  17. Brandenburger, M., Cachin, C., Lorenz, M., Kapitza, R.: Rollback and forking detection for trusted execution environments using lightweight collective memory. CoRR (2017). URL http://arxiv.org/abs/1701.00981v2

  18. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (2000). http://eprint.iacr.org/2000/067

  19. Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_4

    CrossRef  Google Scholar 

  20. Canetti, R., Shahaf, D., Vald, M.: Universally composable authentication and key-exchange with global PKI. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 265–296. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49387-8_11

    CrossRef  MATH  Google Scholar 

  21. Cen, S., Zhang, B.: Trusted time and monotonic counters with intel software guard extensions platform services (2017). https://software.intel.com/sites/default/files/managed/1b/a2/Intel-SGX-Platform-Services.pdf

  22. Cheng, R., et al.: Ekiden: a platform for confidentiality-preserving, trustworthy, and performant smart contract execution. CoRR, abs/1804.05141 (2018). URL http://arxiv.org/abs/1804.05141

  23. Chotard, J., Dufour Sans, E., Gay, R., Phan, D.H., Pointcheval, D.: Decentralized multi-client functional encryption for inner product. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 703–732. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_24

    CrossRef  Google Scholar 

  24. Choudhuri, A.R., Green, M., Jain, A., Kaptchuk, G., Miers, I.: Fairness in an unfair world: fair multiparty computation from public bulletin boards. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS, Dallas, TX, USA, Oct. 31 - Nov. 2, 2017. pp. 719–728. ACM (2017)

    Google Scholar 

  25. Chung, K.-M., Katz, J., Zhou, H.-S.: Functional encryption from (small) hardware tokens. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 120–139. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42045-0_7

    CrossRef  Google Scholar 

  26. Ciampi, M., Lu, Y., Zikas, V.: Collusion-preserving computation without a mediator. Cryptology ePrint Archive, Report 2020/497 (2020). https://eprint.iacr.org/2020/497

  27. Costan, V., Devadas, S.: Intel SGX explained. Cryptology ePrint Archive, Report 2016/086 (2016). http://eprint.iacr.org/2016/086

  28. Fisch, B., Vinayagamurthy, D., Boneh, D., Gorbunov, S.: IRON: functional encryption using intel SGX. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS, Dallas, TX, USA, Oct. 31 - Nov. 2, 2017, pp. 765–782. ACM (2017)

    Google Scholar 

  29. Garlati, C., Pinto, S.: A clean slate approach to Linux security RISC-V enclaves (2020)

    Google Scholar 

  30. Goyal, V., Jain, A., Koppula, V., Sahai, A.: Functional encryption for randomized functionalities. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 325–351. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_13

    CrossRef  Google Scholar 

  31. Gregor, F., et al.: Trust management as a service: enabling trusted execution in the face of byzantine stakeholders. CoRR, abs/2003.14099 (2020). URL https://arxiv.org/abs/2003.14099

  32. Hoang, V.T., Reyhanitabar, R., Rogaway, P., Vizár, D.: Online authenticated-encryption and its nonce-reuse misuse-resistance. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 493–517. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_24

    CrossRef  Google Scholar 

  33. Kaplan, D., Powell, J., Woller, T.: AMD memory encryption. White paper (2016)

    Google Scholar 

  34. Kiayias, A., Tselekounis, Y.: Tamper resilient circuits: the adversary at the gates. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 161–180. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42045-0_9

    CrossRef  Google Scholar 

  35. Kiayias, A., Liu, F.H., Tselekounis, Y.: Practical non-malleable codes from l-more extractable hash functions. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS, Vienna, Austria, Oct. 24–28, 2016. pp. 1317–1328. ACM (2016)

    Google Scholar 

  36. Kiayias, A., Liu, F.-H., Tselekounis, Y.: Non-malleable codes for partial functions with manipulation detection. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 577–607. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_20

    CrossRef  Google Scholar 

  37. Komargodski, I., Segev, G., Yogev, E.: Functional encryption for randomized functionalities in the private-key setting from minimal assumptions. J. Cryptol. 31(1), 60–100 (2017). https://doi.org/10.1007/s00145-016-9250-8

    MathSciNet  CrossRef  MATH  Google Scholar 

  38. Lee, D., Kohlbrenner, D., Shinde, S., Asanović, K., Song, D.: Keystone: an open framework for architecting trusted execution environments. In: Proceedings of the Fifteenth European Conference on Computer Systems, pp. 1–16 (2020)

    Google Scholar 

  39. Levin, D., Douceur, J.R., Lorch, J.R., Moscibroda, T.: Trinc: small trusted hardware for large distributed systems. NSDI 9, 1–14 (2009)

    Google Scholar 

  40. Matetic, S., et al.: ROTE: rollback protection for trusted execution. Cryptology ePrint Archive, Report 2017/048 (2017). http://eprint.iacr.org/2017/048

  41. Matt, C., Maurer, U.: A definitional framework for functional encryption. In: Fournet, C., Hicks, M. (eds.) CSF 2015Computer Security Foundations Symposium, Verona, Italy, jul 13–17, pp. 217–231 IEEE (2015)

    Google Scholar 

  42. Nayak, K., et al.: HOP: hardware makes obfuscation practical. In: NDSS 2017, San Diego, CA, USA, Feb. 26 - Mar. 1, The Internet Society (2017)

    Google Scholar 

  43. Parno, B., McCune, J.M., Perrig, A.: Bootstrapping trust in commodity computers. In: 2010 IEEE Symposium on Security and Privacy, Berkeley/Oakland, CA, USA, May 16–19, pp. 414–429. IEEE Computer Society Press (2010)

    Google Scholar 

  44. Pass, R., Shi, E., Tramèr, F.: Formal abstractions for attested execution secure processors. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 260–289. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_10

    CrossRef  Google Scholar 

  45. Pinto, S., Santos, N.: Demystifying arm trustzone: a comprehensive survey. ACM Comput. Surv. 51, 1–36 (2019)

    CrossRef  Google Scholar 

  46. Porter, N., Golanand, G., Lugani, S.: Introducing google cloud confidential computing with confidential VMs. (2020)

    Google Scholar 

  47. Russinovich, M.: Introducing azure confidential computing (2017)

    Google Scholar 

  48. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27

    CrossRef  Google Scholar 

  49. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5

    CrossRef  Google Scholar 

  50. Strackx, R., Piessens, F.: Ariadne: a minimal approach to state continuity. In: Holz, T., Savage, S. (eds.) USENIX Security, Austin, TX, USA, Aug. 10–12, 2016, pp. 875–892. USENIX (2016)

    Google Scholar 

  51. Suzuki, T., Emura, K., Ohigashi, T., Omote, K.: Verifiable functional encryption using intel SGX. Cryptology ePrint Archive, Report 2020/1221 (2020). https://eprint.iacr.org/2020/1221

  52. Tramer, F., Zhang, F., Lin, H., Hubaux, J. P., Juels, A., Shi, E.: Sealed-glass proofs: using transparent enclaves to prove and sell knowledge. Cryptology ePrint Archive, Report 2016/635 (2016). http://eprint.iacr.org/2016/635

  53. Tselekounis, I.: Cryptographic techniques for hardware security. PhD thesis, University of Edinburgh, UK (2018). http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.763966

  54. Wu, P., Shen, Q., Deng, R. H., Liu, X., Zhang, Y., Wu, Z.: ObliDC: an SGX-based oblivious distributed computing framework with formal proof. In: Galbraith, S.D., Russello, G., Susilo, W., Gollmann, D., Kirda, E., Liang, Z. (eds.) ASIACCS 19, Auckland, New Zealand, July 9–12, pp. 86–99. ACM (2019)

    Google Scholar 

  55. Yilek, S.: Resettable public-key encryption: how to encrypt on a virtual machine. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 41–56. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11925-5_4

    CrossRef  Google Scholar 

Download references

Acknowledgements

This research was partially supported by the National Cyber Security Centre, the UK Research Institute in Secure Hardware and Embedded Systems (RISE), and the European Union’s Horizon 2020 Research and Innovation Programme under grant agreement 780108 (FENTEC).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Lorenzo Martinico .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Bhatotia, P., Kohlweiss, M., Martinico, L., Tselekounis, Y. (2021). Steel: Composable Hardware-Based Stateful and Randomised Functional Encryption. In: Garay, J.A. (eds) Public-Key Cryptography – PKC 2021. PKC 2021. Lecture Notes in Computer Science(), vol 12711. Springer, Cham. https://doi.org/10.1007/978-3-030-75248-4_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-75248-4_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-75247-7

  • Online ISBN: 978-3-030-75248-4

  • eBook Packages: Computer ScienceComputer Science (R0)