Formal abstractions for attested execution secure processors

Rafael Pass, Elaine Shi, Florian Tramèr*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

44 Scopus citations

Abstract

Realistic secure processors, including those built for academic and commercial purposes, commonly realize an “attested execution” abstraction. Despite being the de facto standard for modern secure processors, the “attested execution” abstraction has not received adequate formal treatment. We provide formal abstractions for “attested execution” secure processors and rigorously explore its expressive power. Our explorations show both the expected and the surprising. On one hand, we show that just like the common belief, attested execution is extremely powerful, and allows one to realize powerful cryptographic abstractions such as stateful obfuscation whose existence is otherwise impossible even when assuming virtual blackbox obfuscation and stateless hardware tokens. On the other hand, we show that surprisingly, realizing composable two-party computation with attested execution processors is not as straightforward as one might anticipate. Specifically, only when both parties are equipped with a secure processor can we realize composable two-party computation. If one of the parties does not have a secure processor, we show that composable two-party computation is impossible. In practice, however, it would be desirable to allow multiple legacy clients (without secure processors) to leverage a server’s secure processor to perform a multi-party computation task. We show how to introduce minimal additional setup assumptions to enable this. Finally, we show that fair multi-party computation for general functionalities is impossible if secure processors do not have trusted clocks. When secure processors have trusted clocks, we can realize fair two-party computation if both parties are equipped with a secure processor; but if only one party has a secure processor (with a trusted clock), then fairness is still impossible for general functionalities.

Original languageEnglish
Title of host publicationAdvances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
EditorsJesper Buus Nielsen, Jean-Sebastien Coron
PublisherSpringer Verlag
Pages260-289
Number of pages30
ISBN (Print)9783319566191
DOIs
StatePublished - 2017
Externally publishedYes
Event36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2017 - Paris, France
Duration: 30 Apr 20174 May 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10210 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2017
Country/TerritoryFrance
City Paris
Period30/04/174/05/17

Fingerprint

Dive into the research topics of 'Formal abstractions for attested execution secure processors'. Together they form a unique fingerprint.

Cite this