We reinvestigate a notion of one-time programs introduced in the CRYPTO 2008 paper by Goldwasser et al. A one-time program is a device containing a program C, with the property that the program C can be executed on at most one input. Goldwasser et al. show how to implement one-time programs on devices equipped with special hardware gadgets called one-time memory tokens. We provide an alternative construction that does not rely on the hardware gadgets. Instead, it is based on the following assumptions: (1) the total amount of data that can leak from the device is bounded, and (2) the total memory on the device (available both to the honest user and to the attacker) is also restricted, which is essentially the model used recently by Dziembowski et al. (TCC 2011, CRYPTO 2011) to construct one-time computable pseudorandom functions and key-evolution schemes.
One-Time Programs with Limited Memory / Konrad, Durnoga; Dziembowski, Stefan; Tomasz, Kazana; Michal, Zaja̧c. - 8567:(2014), pp. 377-394. (Intervento presentato al convegno 9th International Conference, Inscrypt 2013 tenutosi a Guangzhou, China nel November 27-30, 2013) [10.1007/978-3-319-12087-4_24].
One-Time Programs with Limited Memory
DZIEMBOWSKI, STEFAN;
2014
Abstract
We reinvestigate a notion of one-time programs introduced in the CRYPTO 2008 paper by Goldwasser et al. A one-time program is a device containing a program C, with the property that the program C can be executed on at most one input. Goldwasser et al. show how to implement one-time programs on devices equipped with special hardware gadgets called one-time memory tokens. We provide an alternative construction that does not rely on the hardware gadgets. Instead, it is based on the following assumptions: (1) the total amount of data that can leak from the device is bounded, and (2) the total memory on the device (available both to the honest user and to the attacker) is also restricted, which is essentially the model used recently by Dziembowski et al. (TCC 2011, CRYPTO 2011) to construct one-time computable pseudorandom functions and key-evolution schemes.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
