A number of works have investigated using tamper-proof hardware tokens as tools to achieve a variety of cryptographic tasks. In particular, Goldreich and Ostrovsky considered the problem of software protection via oblivious RAM. Goldwasser, Kalai, and Rothblum introduced the concept of
: in a one-time program, an honest sender sends a set of
hardware tokens to a (potentially malicious) receiver. The hardware tokens allow the receiver to execute a secret program specified by the sender’s tokens exactly once (or, more generally, up to a fixed
times). A recent line of work initiated by Katz examined the problem of achieving UC-secure computation using hardware tokens.
Motivated by the goal of unifying and strengthening these previous notions, we consider the general question of basing secure computation on hardware tokens. We show that the following tasks, which cannot be realized in the “plain” model, become feasible if the parties are allowed to generate and exchange tamper-proof hardware tokens.
Unconditional and non-interactive secure computation.
We show that by exchanging simple
hardware tokens, any functionality can be realized with
security against malicious parties. In the case of two-party functionalities
) which take their inputs from a sender and a receiver and deliver their output to the receiver, our protocol is non-interactive and only requires a unidirectional communication of simple stateful tokens from the sender to the receiver. This strengthens previous feasibility results for one-time programs both by providing
security and by offering general protection against
. As is typically the case for unconditionally secure protocols, our protocol is in fact
. This improves over previous works on UC-secure computation based on hardware tokens, which provided computational security under cryptographic assumptions.
Interactive secure computation from stateless tokens based on one-way functions.
We show that
hardware tokens are sufficient to base general secure (in fact, UC-secure) computation on the existence of
Obfuscation from stateless tokens.
We consider the problem of realizing non-interactive secure computation from stateless tokens for functionalities which allow the receiver to provide an arbitrary number of inputs (these are the only functionalities one can hope to realize non-interactively with
tokens). By building on recent techniques for resettably secure computation, we obtain a general positive result under standard cryptographic assumptions. This gives the first general feasibility result for program obfuscation using
tokens, while strengthening the standard notion of obfuscation by providing security against a malicious sender.