Top

Published in:

2021 | OriginalPaper | Chapter

Steel: Composable Hardware-Based Stateful and Randomised Functional Encryption

Authors : Pramod Bhatotia, Markulf Kohlweiss, Lorenzo Martinico, Yiannis Tselekounis

Published in: Public-Key Cryptography – PKC 2021

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Trusted execution environments (TEEs) enable secure execution of programs on untrusted hosts and cryptographically attest the correctness of outputs. As these are complex systems, it is essential to formally capture the exact security achieved by protocols employing TEEs, and ultimately, prove their security under composition, as TEEs are typically employed in multiple protocols, simultaneously.

Our contribution is twofold. On the one hand, we show that under existing definitions of attested execution setup, we can realise cryptographic functionalities that are unrealisable in the standard model. On the other hand, we extend the adversarial model to capture a broader class of realistic adversaries, we demonstrate weaknesses of existing security definitions this class, and we propose stronger ones.

Specifically, we first define a generalization of Functional Encryption that captures Stateful and Randomised functionalities (\(\mathrm {FESR}\)). Then, assuming the ideal functionality for attested execution of Pass et al. (Eurocrypt ’2017), we construct the associated protocol, \(\mathsf {Steel}\), and we prove that \(\mathsf {Steel}\) UC-realises \(\mathrm {FESR}\) in the universal composition with global subroutines model by Badertscher et al. (TCC ’2020). Our work is also a validation of the compositionality of the \(\mathsf {Iron}\) protocol by Fisch et al. (CCS ’2017), capturing (non-stateful) hardware-based functional encryption.

As the existing functionality for attested execution of Pass et al. is too strong for real world use, we propose a weaker functionality that allows the adversary to conduct rollback and forking attacks. We demonstrate that \(\mathsf {Steel}\) (realising stateful functionalities), contrary to the stateless variant corresponding to \(\mathsf {Iron}\), is not secure in this setting and discuss possible mitigation techniques.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Group Encryption: Full Dynamicity, Message Filtering and Code-Based Instantiation

next chapter Adventures in Crypto Dark Matter: Attacks and Fixes for Weak Pseudorandom Functions

Here we omit some standard UC-related hybrids.

Here CCA security is a requirement as the adversary is allowed to tamper with honestly generated ciphertexts.

In a nutshell the inconsistency arises from a discrepancy in the proof that emulation for a single-challenge session version, called EUC (used to prove protocols secure), implies UC-emulation for the multi-challenge GUC notion (used to prove the composition theorem).

Abdalla, M., Benhamouda, F., Kohlweiss, M., Waldner, H.: Decentralizing inner-product functional encryption. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 128–157. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_5CrossRef

Agrawal, S., Wu, D.J.: Functional encryption: deterministic to randomized functions from simple assumptions. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 30–61. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_2CrossRef

Agrawal, S., Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption: new perspectives and lower bounds. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 500–518. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_28CrossRef

Ahmad, A., Joe, B., Xiao, Y., Zhang, Y., Shin, I., Lee, B.: OBFUSCURO: a commodity obfuscation engine on intel SGX. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24–27, 2019. The Internet Society (2019). ISBN 1-891562-55-X. https://www.ndss-symposium.org/ndss-paper/obfuscuro-a-commodity-obfuscation-engine-on-intel-sgx/

Cloud, A.: TEE-based confidential computing. https://www.alibabacloud.com/help/doc-detail/164536.htm (2020)

Ateniese, G., Kiayias, A., Magri, B., Tselekounis, Y., Venturi, D.: Secure outsourcing of cryptographic circuits manufacturing. In: Baek, J., Susilo, W., Kim, J. (eds.) ProvSec 2018. LNCS, vol. 11192, pp. 75–93. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01446-9_5CrossRef

Aumasson, J., Merino, L.: SGX secure enclaves in practice: security and crypto review. Black Hat 2016, 10 (2016)

Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 324–356. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_11CrossRef

Badertscher, C., Canetti, R., Hesse, J., Tackmann, B., Zikas, V.: Universal composition with global subroutines: capturing global setup within plain UC. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12552, pp. 1–30. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_1CrossRef

10.

11.

Badertscher, C., Kiayias, A., Kohlweiss, M., Waldner, H.: Consistency for functional encryption. Cryptology ePrint Archive, Report 2020/137 (2020). https://eprint.iacr.org/2020/137

12.

Baghery, K., Kohlweiss, M., Siim, J., Volkhov, M.: Another look at extraction and randomization of groth’s zk-SNARK. Cryptology ePrint Archive, Report 2020/811 (2020). https://eprint.iacr.org/2020/811

13.

Bahmani, R., et al.: Secure multiparty computation from SGX. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 477–497. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_27CrossRef

14.

Bailleu, M., Thalheim, J., Bhatotia, P., Fetzer, C., Honda, M., Vaswani, K.: SPEICHER: securing lsm-based key-value stores using shielded execution. In: Merchant, A., Weatherspoon, H. (eds.) 17th USENIX Conference on File and Storage Technologies, FAST 2019, Boston, MA, February 25–28, 2019, pages 173–190. USENIX Association (2019). URL https://www.usenix.org/conference/fast19/presentation/bailleu

15.

Barbosa, M., Portela, B., Scerri, G., Warinschi, B.: Foundations of hardware-based attested computation and application to SGX. Cryptology ePrint Archive, Report 2016/014 (2016). http://eprint.iacr.org/2016/014

16.

Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_16CrossRef

17.

Brandenburger, M., Cachin, C., Lorenz, M., Kapitza, R.: Rollback and forking detection for trusted execution environments using lightweight collective memory. CoRR (2017). URL http://arxiv.org/abs/1701.00981v2

18.

Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (2000). http://eprint.iacr.org/2000/067

19.

Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_4CrossRef

20.

Canetti, R., Shahaf, D., Vald, M.: Universally composable authentication and key-exchange with global PKI. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 265–296. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49387-8_11CrossRefMATH

21.

Cen, S., Zhang, B.: Trusted time and monotonic counters with intel software guard extensions platform services (2017). https://software.intel.com/sites/default/files/managed/1b/a2/Intel-SGX-Platform-Services.pdf

22.

Cheng, R., et al.: Ekiden: a platform for confidentiality-preserving, trustworthy, and performant smart contract execution. CoRR, abs/1804.05141 (2018). URL http://arxiv.org/abs/1804.05141

23.

Chotard, J., Dufour Sans, E., Gay, R., Phan, D.H., Pointcheval, D.: Decentralized multi-client functional encryption for inner product. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 703–732. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_24CrossRef

24.

Choudhuri, A.R., Green, M., Jain, A., Kaptchuk, G., Miers, I.: Fairness in an unfair world: fair multiparty computation from public bulletin boards. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS, Dallas, TX, USA, Oct. 31 - Nov. 2, 2017. pp. 719–728. ACM (2017)

25.

Chung, K.-M., Katz, J., Zhou, H.-S.: Functional encryption from (small) hardware tokens. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 120–139. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42045-0_7CrossRef

26.

Ciampi, M., Lu, Y., Zikas, V.: Collusion-preserving computation without a mediator. Cryptology ePrint Archive, Report 2020/497 (2020). https://eprint.iacr.org/2020/497

27.

Costan, V., Devadas, S.: Intel SGX explained. Cryptology ePrint Archive, Report 2016/086 (2016). http://eprint.iacr.org/2016/086

28.

Fisch, B., Vinayagamurthy, D., Boneh, D., Gorbunov, S.: IRON: functional encryption using intel SGX. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS, Dallas, TX, USA, Oct. 31 - Nov. 2, 2017, pp. 765–782. ACM (2017)

29.

Garlati, C., Pinto, S.: A clean slate approach to Linux security RISC-V enclaves (2020)

30.

Goyal, V., Jain, A., Koppula, V., Sahai, A.: Functional encryption for randomized functionalities. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 325–351. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_13CrossRef

31.

Gregor, F., et al.: Trust management as a service: enabling trusted execution in the face of byzantine stakeholders. CoRR, abs/2003.14099 (2020). URL https://arxiv.org/abs/2003.14099

32.

Hoang, V.T., Reyhanitabar, R., Rogaway, P., Vizár, D.: Online authenticated-encryption and its nonce-reuse misuse-resistance. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 493–517. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_24CrossRef

33.

Kaplan, D., Powell, J., Woller, T.: AMD memory encryption. White paper (2016)

34.

Kiayias, A., Tselekounis, Y.: Tamper resilient circuits: the adversary at the gates. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 161–180. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42045-0_9CrossRef

35.

Kiayias, A., Liu, F.H., Tselekounis, Y.: Practical non-malleable codes from l-more extractable hash functions. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS, Vienna, Austria, Oct. 24–28, 2016. pp. 1317–1328. ACM (2016)

36.

Kiayias, A., Liu, F.-H., Tselekounis, Y.: Non-malleable codes for partial functions with manipulation detection. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 577–607. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_20CrossRef

37.

Komargodski, I., Segev, G., Yogev, E.: Functional encryption for randomized functionalities in the private-key setting from minimal assumptions. J. Cryptol. 31(1), 60–100 (2017). https://doi.org/10.1007/s00145-016-9250-8MathSciNetCrossRefMATH

38.

Lee, D., Kohlbrenner, D., Shinde, S., Asanović, K., Song, D.: Keystone: an open framework for architecting trusted execution environments. In: Proceedings of the Fifteenth European Conference on Computer Systems, pp. 1–16 (2020)

39.

Levin, D., Douceur, J.R., Lorch, J.R., Moscibroda, T.: Trinc: small trusted hardware for large distributed systems. NSDI 9, 1–14 (2009)

40.

Matetic, S., et al.: ROTE: rollback protection for trusted execution. Cryptology ePrint Archive, Report 2017/048 (2017). http://eprint.iacr.org/2017/048

41.

Matt, C., Maurer, U.: A definitional framework for functional encryption. In: Fournet, C., Hicks, M. (eds.) CSF 2015Computer Security Foundations Symposium, Verona, Italy, jul 13–17, pp. 217–231 IEEE (2015)

42.

Nayak, K., et al.: HOP: hardware makes obfuscation practical. In: NDSS 2017, San Diego, CA, USA, Feb. 26 - Mar. 1, The Internet Society (2017)

43.

Parno, B., McCune, J.M., Perrig, A.: Bootstrapping trust in commodity computers. In: 2010 IEEE Symposium on Security and Privacy, Berkeley/Oakland, CA, USA, May 16–19, pp. 414–429. IEEE Computer Society Press (2010)

44.

Pass, R., Shi, E., Tramèr, F.: Formal abstractions for attested execution secure processors. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 260–289. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_10CrossRef

45.

Pinto, S., Santos, N.: Demystifying arm trustzone: a comprehensive survey. ACM Comput. Surv. 51, 1–36 (2019)CrossRef

46.

Porter, N., Golanand, G., Lugani, S.: Introducing google cloud confidential computing with confidential VMs. (2020)

47.

Russinovich, M.: Introducing azure confidential computing (2017)

48.

Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27CrossRef

49.

Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5CrossRef

50.

Strackx, R., Piessens, F.: Ariadne: a minimal approach to state continuity. In: Holz, T., Savage, S. (eds.) USENIX Security, Austin, TX, USA, Aug. 10–12, 2016, pp. 875–892. USENIX (2016)

51.

Suzuki, T., Emura, K., Ohigashi, T., Omote, K.: Verifiable functional encryption using intel SGX. Cryptology ePrint Archive, Report 2020/1221 (2020). https://eprint.iacr.org/2020/1221

52.

Tramer, F., Zhang, F., Lin, H., Hubaux, J. P., Juels, A., Shi, E.: Sealed-glass proofs: using transparent enclaves to prove and sell knowledge. Cryptology ePrint Archive, Report 2016/635 (2016). http://eprint.iacr.org/2016/635

53.

Tselekounis, I.: Cryptographic techniques for hardware security. PhD thesis, University of Edinburgh, UK (2018). http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.763966

54.

Wu, P., Shen, Q., Deng, R. H., Liu, X., Zhang, Y., Wu, Z.: ObliDC: an SGX-based oblivious distributed computing framework with formal proof. In: Galbraith, S.D., Russello, G., Susilo, W., Gollmann, D., Kirda, E., Liang, Z. (eds.) ASIACCS 19, Auckland, New Zealand, July 9–12, pp. 86–99. ACM (2019)

55.

Yilek, S.: Resettable public-key encryption: how to encrypt on a virtual machine. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 41–56. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11925-5_4CrossRef

Title: Steel: Composable Hardware-Based Stateful and Randomised Functional Encryption
Authors: Pramod Bhatotia
Markulf Kohlweiss
Lorenzo Martinico
Yiannis Tselekounis
Publisher: Springer International Publishing
Book: Public-Key Cryptography – PKC 2021
Print ISBN: 978-3-030-75247-7

Electronic ISBN: 978-3-030-75248-4

Copyright Year: 2021
DOI: https://doi.org/10.1007/978-3-030-75248-4_25

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner