Feasibility and Infeasibility of Secure Computation with Malicious - - PowerPoint PPT Presentation

▶

Jan 14, 2023 141 likes •550 views

Feasibility and Infeasibility of Secure Computation with Malicious PUFs Dana Dachman-Soled 1 Nils Fleischhacker 2 Jonathan Katz 1 Anna Lysyanskaya 3 oder 2 Dominique Schr 1 University of Maryland, College Park 2 Saarland University 3 Brown

SLIDE 1

Feasibility and Infeasibility of Secure Computation with Malicious PUFs

Dana Dachman-Soled1 Nils Fleischhacker2 Jonathan Katz1 Anna Lysyanskaya3 Dominique Schr¨

der2

1University of Maryland, College Park 2Saarland University 3Brown University

August 20, 2014

SLIDE 2

What are PUFs?

Physically Uncloneable Function

SLIDE 3

What are PUFs?

Physically Uncloneable Function

x y

SLIDE 4

What are PUFs?

Physically Uncloneable Function

x y x y′

=

SLIDE 5

What are PUFs?

Physically Uncloneable Function

x y x y′

=

SLIDE 6

What are PUFs...

... And why do we care?

1. Avoiding cryptographic assumptions.

— ”Unconditional Security”

2. UC from physical assumptions (and no trusted setup)

SLIDE 7

Honest or Malicious PUFs? [BFSK11][OSVW13] Here’s my PUF!

SLIDE 8

Honest or Malicious PUFs? [BFSK11][OSVW13] Here’s my PUF! Are you sure that thing works correctly?

SLIDE 9

Maliciously generated PUFs Stateless Stateful

SLIDE 10

Maliciously generated PUFs Stateless k x Fk(x) Stateful

SLIDE 11

Maliciously generated PUFs Stateless k x Fk(x) Stateful x1 y1 x1 y1

SLIDE 12

Maliciously generated PUFs Stateless k x Fk(x) Stateful x2 y2 x1 y1 x2 y2

SLIDE 13

Maliciously generated PUFs Stateless k x Fk(x) Stateful x3 y3 x1 y1 x2 y2 x3 y3

SLIDE 14

Secure Computation from PUFs [BFSK11] [OSVW13]

? ?

Honest Malicious Stateless Malicious Stateful Unconditional Under Assumptions

SLIDE 15

Secure Computation from PUFs [BFSK11] [OSVW13] This Paper This Paper Honest Malicious Stateless Malicious Stateful Unconditional Under Assumptions

SLIDE 16

Our Results

Stateless

There exists an unconditionally UC-secure OT-protocol if the attacker is limited to creating stateless malicious PUFs.

Stateful

If the attacker can create stateful malicious PUFs, then OT cannot exist without additional assumptions.

SLIDE 17

Oblivious Transfer

Did she choose 0 or 1? Ok, now what’s s1−b? s0, s1 b sb

SLIDE 18

Stateless Malicious PUFs

[BFSK11] [OSVW13] This Paper This Paper Honest Malicious Stateless Malicious Stateful Unconditional Under Assumptions

SLIDE 19

Oblivious Transfer from honest PUFs [BFSK11] S R Create PUF c ← {0, 1}λ r := PUF(c) PUF Setup Phase

SLIDE 20

Oblivious Transfer from honest PUFs S(s0, s1) R(b) x0, x1 ← {0, 1}λ x0, x1 v := c ⊕ xb v S0 := s0 ⊕ PUF(v ⊕ x0) S1 := s1 ⊕ PUF(v ⊕ x1) S0, S1 sb := Sb ⊕ r Protocol Phase

SLIDE 21

Oblivious Transfer from stateless malicious PUFs Protocol adapted from [BFSK11]: S R Create PUFS Create PUFR PUFS c ← {0, 1}λ r := PUFS(c) ⊕ PUFR(c) PUFS, PUFR Setup Phase

SLIDE 22

Oblivious Transfer from stateless malicious PUFs S(s0, s1) R(b) x0, x1 ← {0, 1}λ x0, x1 v := c ⊕ xb v S0 := s0 ⊕ PUFS(v ⊕ x0) ⊕ PUFR(v ⊕ x0) S1 := s1 ⊕ PUFS(v ⊕ x1) ⊕ PUFR(v ⊕ x1) S0, S1 sb := Sb ⊕ r Protocol Phase

SLIDE 23

Stateful Malicious PUFs

[BFSK11] [OSVW13] This Paper This Paper Honest Malicious Stateless Malicious Stateful Unconditional Under Assumptions

SLIDE 24

Barak and Mahmoody for Key Exchange [BM09][IR89]

00101010010000011100011 0010000011111100001110 1011101100110001111001

B A P

0010101001000001110001 001000001111110000111 101110110011000111100

SLIDE 25

Extending Barak and Mahmoody for OT

00101010010000011100011 0010000011111100001110 1011101100110001111001

B A P s0, s1 b sb

SLIDE 26

Impossibility of OT