Abstract
We address the problem of using untrusted (potentially malicious) cryptographic helpers. We provide a formal security definition for securely outsourcing computations from a computationally limited device to an untrusted helper. In our model, the adversarial environment writes the software for the helper, but then does not have direct communication with it once the device starts relying on it. In addition to security, we also provide a framework for quantifying the efficiency and checkability of an outsourcing implementation. We present two practical outsource-secure schemes. Specifically, we show how to securely outsource modular exponentiation, which presents the computational bottleneck in most public-key cryptography on computationally limited devices. Without outsourcing, a device would need O(n) modular multiplications to carry out modular exponentiation for n-bit exponents. The load reduces to O(log2 n) for any exponentiation-based scheme where the honest device may use two untrusted exponentiation programs; we highlight the Cramer-Shoup cryptosystem [13] and Schnorr signatures [28] as examples. With a relaxed notion of security, we achieve the same load reduction for a new CCA2-secure encryption scheme using only one untrusted Cramer-Shoup encryption program.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abadi, M., Feigenbaum, J., Kilian, J.: On hiding information from an oracle. Journal of Comput. Syst. Sci. 39(1), 21–50 (1989)
Beaver, D., Feigenbaum, J.: Hiding instances in multioracle queries. In: Proceedings of STAC 1990, pp. 37–48 (1990)
Beaver, D., Feigenbaum, J., Kilian, J., Rogaway, P.: Locally random reductions: Improvements and applications. Journal of Cryptology 10(1), 17–36 (1997)
Ben-Or, M., Goldwasser, S., Kilian, J., Wigderson, A.: Multi-prover interactive proofs: How to remove intractability assumptions. In: Proceedings of STOC, pp. 113–131 (1988)
Blum, M., Kannan, S.: Designing programs that check their work. Journal of the ACM, 269–291 (1995)
Blum, M., Luby, M., Rubinfeld, R.: Program result checking against adaptive programs and in cryptographic settings. DIMACS Series in Discrete Mathematics and Theoretical Computer Science, pp. 107–118 (1991)
Blum, M., Luby, M., Rubinfeld, R.: Self-testing/correcting with applications to numerical problems. Journal of Computer and System Science, 549–595 (1993)
Boyko, V., Peinado, M., Venkatesan, R.: Speeding up discrete log and factoring based schemes via precomputations. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 221–235. Springer, Heidelberg (1998), citeseer.ist.psu.edu/boyko98speeding.html
Brickell, E.F., Gordon, D.M., McCurley, K.S., Wilson, D.B.: Fast exponentiation with precomputation. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 200–207. Springer, Heidelberg (1993)
Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)
Chaum, D., Pedersen, T.P.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)
Clarke, D., Devadas, S., van Dijk, M., Gassend, B., Suh, G.E.: Speeding up Exponentiation using an Untrusted Computational Resource. Technical Report Memo 469, MIT CSAIL Computation Structures Group (August 2003)
Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal of Computing (2003) (to appear), Available at http://www.shoup.net/papers
de Rooij, P.: On the security of the Schnorr scheme using preprocessing. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 71–80. Springer, Heidelberg (1991)
de Rooij, P.: On Schnorr’s preprocessing for digital signature schemes. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 435–439. Springer, Heidelberg (1994)
de Rooij, P.: Efficient exponentiation using precomputation and vector addition chains. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 389–399. Springer, Heidelberg (1995)
de Rooij, P.: On Schnorr’s preprocessing for digital signature schemes. Journal of Cryptology 10(1), 1–16 (1997)
Franklin, M., Yung, M.: The blinding of weak signatures (extended abstract). In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 67–76. Springer, Heidelberg (1995)
Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A secure environment for untrusted helper applications. In: Proceedings of the 6th Usenix Security Symposium (1996)
Halevi, S., Micali, S.: Practical and provably-secure commitment schemes from collision-free hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–212. Springer, Heidelberg (1996)
Lim, C.H., Lee, P.J.: More flexible exponentiation with precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994)
Matsumoto, T., Kato, K., Imai, H.: Speeding up secret computations with insecure auxiliary devices. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 497–506. Springer, Heidelberg (1990)
Necula, G.C., Rahul, S.P.: Oracle-based checking of untrusted software. ACM SIGPLAN Notices 36(3), 142–154 (2001)
Nguyen, P.Q., Shparlinski, I.: On the insecurity of a server-aided RSA protocol. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 21–35. Springer, Heidelberg (2001)
Nguyen, P.Q., Shparlinski, I., Stern, J.: Distribution of modular sums and the security of server aided exponentiation. In: Proceedings of the Workshop on Comp. Number Theory and Crypt., pp. 1–16 (1999)
Rackoff, C., Simon, D.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)
Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)
Schnorr, C.-P.: Efficient signature generation by smart cards. Journal of Cryptography 4, 161–174 (1991)
Trusted Computing Group. Trusted computing platform alliance, main specification version 1.1b (2004) (Date of Access: February 10 2004)
Wagner, D.A.: Janus: an approach for confinement of untrusted applications. Technical Report CSD-99-1056, UC Berkeley, 12 (1999)
Waters, B.R., Felten, E.W., Sahai, A.: Receiver anonymity via incomparable public keys. In: Proceedings of the 10th ACM CCS Conference, pp. 112–121 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hohenberger, S., Lysyanskaya, A. (2005). How to Securely Outsource Cryptographic Computations. In: Kilian, J. (eds) Theory of Cryptography. TCC 2005. Lecture Notes in Computer Science, vol 3378. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30576-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-30576-7_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24573-5
Online ISBN: 978-3-540-30576-7
eBook Packages: Computer ScienceComputer Science (R0)