TY - JOUR
T1 - Everlasting UC Commitments from Fully Malicious PUFs
AU - Magri, Bernardo
AU - Malavolta, Giulio
AU - Schröder, Dominique
AU - Unruh, Dominique
N1 - Funding Information:
Partially supported by the Deutsche Forschungsgemeinschaft (DFG, 442893093) and by the State of Bavaria through the Nuremberg Campus of Technology (NCT). Supported by the ERC consolidator grant CerQuS (819317), by the PRG team grant “Secure Quantum Technology” (PRG946) from the Estonian Research Council, by the United States Air Force Office of Scientific Research (AFOSR) via AOARD Grant “Verification of Quantum Cryptography” (FA2386-17-1-4022), and by the Estonian Centre of Exellence in IT (EXCITE) funded by ERDF.
Publisher Copyright:
© 2022, The Author(s).
PY - 2022/7/1
Y1 - 2022/7/1
N2 - Everlasting security models the setting where hardness assumptions hold during the execution of a protocol but may get broken in the future. Due to the strength of this adversarial model, achieving any meaningful security guarantees for composable protocols is impossible without relying on hardware assumptions (Müller-Quade and Unruh, JoC’10). For this reason, a rich line of research has tried to leverage physical assumptions to construct well-known everlasting cryptographic primitives, such as commitment schemes. The only known everlastingly UC secure commitment scheme, due to Müller-Quade and Unruh (JoC’10), assumes honestly generated hardware tokens. The authors leave the possibility of constructing everlastingly UC secure commitments from malicious hardware tokens as an open problem. Goyal et al. (Crypto’10) constructs unconditionally UC-secure commitments and secure computation from malicious hardware tokens, with the caveat that the honest tokens must encapsulate other tokens. This extra restriction rules out interesting classes of hardware tokens, such as physically uncloneable functions (PUFs). In this work, we present the first construction of an everlastingly UC-secure commitment scheme in the fully malicious token model without requiring honest token encapsulation. Our scheme assumes the existence of PUFs and is secure in the common reference string model. We also show that our results are tight by giving an impossibility proof for everlasting UC-secure computation from non-erasable tokens (such as PUFs), even with trusted setup.
AB - Everlasting security models the setting where hardness assumptions hold during the execution of a protocol but may get broken in the future. Due to the strength of this adversarial model, achieving any meaningful security guarantees for composable protocols is impossible without relying on hardware assumptions (Müller-Quade and Unruh, JoC’10). For this reason, a rich line of research has tried to leverage physical assumptions to construct well-known everlasting cryptographic primitives, such as commitment schemes. The only known everlastingly UC secure commitment scheme, due to Müller-Quade and Unruh (JoC’10), assumes honestly generated hardware tokens. The authors leave the possibility of constructing everlastingly UC secure commitments from malicious hardware tokens as an open problem. Goyal et al. (Crypto’10) constructs unconditionally UC-secure commitments and secure computation from malicious hardware tokens, with the caveat that the honest tokens must encapsulate other tokens. This extra restriction rules out interesting classes of hardware tokens, such as physically uncloneable functions (PUFs). In this work, we present the first construction of an everlastingly UC-secure commitment scheme in the fully malicious token model without requiring honest token encapsulation. Our scheme assumes the existence of PUFs and is secure in the common reference string model. We also show that our results are tight by giving an impossibility proof for everlasting UC-secure computation from non-erasable tokens (such as PUFs), even with trusted setup.
KW - Commitment scheme
KW - Everlasting security
KW - PUF
KW - Universal composability
U2 - 10.1007/s00145-022-09432-4
DO - 10.1007/s00145-022-09432-4
M3 - Article
AN - SCOPUS:85133138955
SN - 0933-2790
VL - 35
JO - Journal of Cryptology
JF - Journal of Cryptology
IS - 3
M1 - 20
ER -