Universally Composable Secure Computation with PUFs: Alessandra Scafuro, UCLA

Starts:
10:00 am on Wednesday, January 22, 2014
Ends:
11:30 am on Wednesday, January 22, 2014
Location:
MCS 137
Abstract: A PUF [Pappu01] is a physical device, that when stimulated, it magically produces an output which is "unpredictable"?. In particular a PUF does not keep state, and does not have secrets to be protected (in contrast with tamper-proof hardware, for example). As such, PUFs are naturally very appealing for cryptographic applications. Universal Composition [Can01] is a security notion that provides strong security guarantees: a protocol that is Universally Composable (UC) remains secure even when is run concurrently with any other (possibly insecure) protocol. Sadly, UC-security is impossible to achieve in the plain-model. Consequently, UC-secure protocols proposed in literature are either based on trusted setups (e.g., the CRS model) or physical assumptions (e.g., tamper-proof hardware model). A natural question is: can we achieve UC-security using PUFs? A positive answer was given in [BFSK11] by Bruzska et al. They propose a way to model PUFs in the UC-framework, and they show unconditional UC-secure protocols in such model. However, this model might be a bit too optimistic as it assumes that even an adversary plays with honestly generated PUFs. A perhaps more natural model is to assume that only honest parties use honest PUFs, while malicious parties can play with arbitrarily malicious hardware (as long as it "looks like" a PUF). In this talk -- after having introduced you to the magic behind PUFs' behavior -- I will discuss an extension of BFK11 model, called Malicious PUF model (that we introduced in [OSVW13]) and prove that UC-security is still achievable, using computational assumptions. Moreover, if we restrict ourself to the commitment functionality, I will show (maybe only mention) that we can even obtain unconditional security [DS13].