[Busec] BUSEC Seminar tomorrow postponed to 2pm

Ran Canetti canetti at bu.edu
Tue Jan 21 23:58:41 EST 2014

*BUSec Seminar *
*Universally Composable Secure Computation with PUFs*
*Alessandra Scafuro, UCLA *
*Wednesday, January 22, 2014 at 2pm in MCS 137*

A PUF [Pappu01] is a physical device, that when stimulated, it magically
produces an output which is "unpredictable"?.  In particular a PUF does
not keep state, and does not have secrets to be protected (in contrast
with tamper-proof hardware, for example). As such, PUFs are naturally
very appealing for cryptographic applications.

Universal Composition [Can01] is a security notion that provides strong
security guarantees: a protocol that is Universally Composable (UC)
remains secure even when is run concurrently with any other (possibly
insecure) protocol.  Sadly, UC-security is impossible to achieve in the
plain-model. Consequently, UC-secure protocols proposed in literature
are either based on trusted setups (e.g., the CRS model) or  physical
assumptions (e.g., tamper-proof hardware model).

A natural question is: can we achieve UC-security using PUFs?

A positive answer was given in [BFSK11] by Bruzska et al. They propose a
way to model PUFs in the UC-framework, and they show unconditional
UC-secure protocols in such model.  However, this model might be a bit
too optimistic as it assumes that even an adversary plays with honestly
generated PUFs. A perhaps more natural model is to assume that only
honest parties use honest PUFs, while  malicious parties can play with
arbitrarily malicious hardware (as long as it "looks like" a PUF).

In this talk -- after having introduced you to the magic behind  PUFs'
behavior -- I will discuss an extension of BFK11 model, called Malicious
PUF model (that we introduced in [OSVW13]) and prove that UC-security is
still achievable, using computational assumptions. Moreover, if we
restrict ourself to the commitment functionality, I will show (maybe
only mention) that we can even obtain unconditional security [DS13].

More information about the Busec mailing list