Founding Cryptography on Tamper-Proof Hardware Tokens

A number of works have investigated using tamper-proof hardware tokens as tools to achieve a variety of cryptographic tasks. In particular, Goldreich and Ostrovsky considered the problem of software protection via oblivious RAM. Goldwasser, Kalai, and Rothblum introduced the concept of

one-time programs

: in a one-time program, an honest sender sends a set of

simple

hardware tokens to a (potentially malicious) receiver. The hardware tokens allow the receiver to execute a secret program specified by the sender’s tokens exactly once (or, more generally, up to a fixed

t

times). A recent line of work initiated by Katz examined the problem of achieving UC-secure computation using hardware tokens.

Motivated by the goal of unifying and strengthening these previous notions, we consider the general question of basing secure computation on hardware tokens. We show that the following tasks, which cannot be realized in the “plain” model, become feasible if the parties are allowed to generate and exchange tamper-proof hardware tokens.

Unconditional and non-interactive secure computation.

We show that by exchanging simple

stateful

hardware tokens, any functionality can be realized with

unconditional

security against malicious parties. In the case of two-party functionalities

f

(

x

,

y

) which take their inputs from a sender and a receiver and deliver their output to the receiver, our protocol is non-interactive and only requires a unidirectional communication of simple stateful tokens from the sender to the receiver. This strengthens previous feasibility results for one-time programs both by providing

unconditional

security and by offering general protection against

malicious senders

. As is typically the case for unconditionally secure protocols, our protocol is in fact

UC-secure

. This improves over previous works on UC-secure computation based on hardware tokens, which provided computational security under cryptographic assumptions.

Interactive secure computation from stateless tokens based on one-way functions.

We show that

stateless

hardware tokens are sufficient to base general secure (in fact, UC-secure) computation on the existence of

one-way functions

.

Obfuscation from stateless tokens.

We consider the problem of realizing non-interactive secure computation from stateless tokens for functionalities which allow the receiver to provide an arbitrary number of inputs (these are the only functionalities one can hope to realize non-interactively with

stateless

tokens). By building on recent techniques for resettably secure computation, we obtain a general positive result under standard cryptographic assumptions. This gives the first general feasibility result for program obfuscation using

stateless

tokens, while strengthening the standard notion of obfuscation by providing security against a malicious sender.