Cryptology ePrint Archive: Report 2016/1027

Formal Abstractions for Attested Execution Secure Processors

Rafael Pass and Elaine Shi and Florian Tramer

Abstract: Realistic secure processors, including those built for academic and commercial purposes, commonly realize an “attested execution” abstraction. Despite being the de facto standard for modern secure processors, the “attested execution” abstraction has not received adequate formal treatment. We provide formal abstractions for “attested execution” secure processors and rigorously explore its expressive power. Our explorations show both the expected and the surprising.

On one hand, we show that just like the common belief, attested execution is extremely powerful, and allows one to realize powerful cryptographic abstractions such as stateful obfuscation whose existence is otherwise impossible even when assuming virtual blackbox obfuscation and stateless hardware tokens. On the other hand, we show that surprisingly, realizing composable two-party computation with attested execution processors is not as straightforward as one might anticipate. Specifically, only when both parties are equipped with a secure processor can we realize composable two-party computation. If one of the parties does not have a secure processor, we show that composable two-party computation is impossible. In practice, however, it would be desirable to allow multiple legacy clients (without secure processors) to leverage a server’s secure processor to perform a multi-party computation task. We show how to introduce minimal additional setup assumptions to enable this. Finally, we show that fair multi-party computation for general functionalities is impossible if secure processors do not have trusted clocks. When secure processors have trusted clocks, we can realize fair two-party computation if both parties are equipped with a secure processor; but if only one party has a secure processor (with a trusted clock), then fairness is still impossible for general functionalities.

Category / Keywords: cryptographic protocols / trusted hardware, attested execution, protocol, universal composition, modelling

Original Publication (with major differences): IACR-EUROCRYPT-2017

Date: received 29 Oct 2016, last revised 17 Feb 2017

Contact author: tramer at stanford edu

Available format(s): PDF | BibTeX Citation

Version: 20170217:234948 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]