Paper 2021/269

Steel: Composable Hardware-based Stateful and Randomised Functional Encryption

Pramod Bhatotia, Markulf Kohlweiss, Lorenzo Martinico, and Yiannis Tselekounis


Trusted execution enviroments (TEEs) enable secure execution of program on untrusted hosts and cryptographically attest the correctness of outputs. As these are complex systems, it is hard to capture the exact security achieved by protocols employing TEEs. Crucially TEEs are typically employed in multiple protocols at the same time, thus composable security (with global subroutines) is a natural goal for such systems. We show that under an attested execution setup $G_\mathsf{att}$ we can realise cryptographic functionalities that are unrealizable in the standard model. We propose a new primitive of Functional Encryption for Stateful and Randomised functionalities (FESR) and an associated protocol, Steel, that realizes it. We show that Steel UC-realises FESR in the universal composition with global subroutines model (TCC 2020). Our work is also a validation of the compositionality of earlier work (Iron), CCS 2017) capturing (non-stateful) hardware-based functional encryption. As the existing functionality for attested execution of Pass et al. (Eurocrypt 2017) is too strong for real world use, we propose a weaker functionality that allows the adversary to conduct rollback and forking attacks. We show that the stateful variant of Steel, contrary to the stateless variant corresponding to Iron, is not secure in this setting and propose several mitigation techniques.

Note: Full version - includes appendix

Available format(s)
Public-key cryptography
Publication info
A major revision of an IACR publication in PKC 2021
Trusted Execution EnvironmentsUniversal CompositionUCFunctional Encryption
Contact author(s)
lorenzo martinico @ ed ac uk
2021-09-24: last of 3 revisions
2021-03-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Pramod Bhatotia and Markulf Kohlweiss and Lorenzo Martinico and Yiannis Tselekounis},
      title = {Steel: Composable Hardware-based Stateful and Randomised Functional Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2021/269},
      year = {2021},
      doi = {10.1007/978-3-030-75248-4_25},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.