Paper 2025/761

TERRA : Trojan-Resilient Reverse-Firewall for Cryptographic Applications

Chandan Kumar, Indian Institute of Technology Kharagpur
Nimish Mishra, Indian Institute of Technology Kharagpur
Suvradip Chakraborty, VISA Research, USA
Satrajit Ghosh, Indian Institute of Technology Kharagpur
Debdeep Mukhopadhyay, Indian Institute of Technology Kharagpur
Abstract

Reverse firewalls (RFs), introduced by Mironov and Stephens Davidowitz at Eurocrypt 2015, provide a defence mechanism for cryptographic protocols against subversion attacks. In a subversion setting, an adversary compromises the machines of honest parties, enabling the leakage of their secrets through the protocol transcript. Previous research in this area has established robust guarantees, including resistance against data exfiltration for an RF. In this work, we present a new perspective focused on the implementation specifics of RFs. The inherently untrusted nature of RFs exposes their real-world implementations to the risk of Trojan insertion — an especially pressing issue in today’s outsourced supply chain ecosystem. We argue how Trojan-affected RF implementations can compromise their core exfiltration resistance property, leading to a complete breakdown of the RF’s security guarantees. Building on this perspective, we propose an enhanced definition for ``Trojan-resilient Reverse Firewalls'' (Tr-RF), incorporating an additional Trojan resilience property. We then present concrete instantiations of Tr-RFs for Coin Tossing (CT) and Oblivious Transfer (OT) protocols, utilizing techniques from Private Circuit III (CCS'16) to convert legacy RFs into Tr-RFs. We also give simulation-based proofs to claim the enhanced security guarantees of our Tr-RF instantiations. Additionally, we offer concrete implementations of our Tr-RF based CT and OT protocols utilizing the Open-Portable Trusted Execution Environment (OP-TEE). Through OP-TEE, we practically realize assumptions made in Private Circuit III that are critical to ensuring Tr-RF security, bridging the gap between theoretical models and real-world applications. To the best of our knowledge, this provides the first practical implementation of reverse firewalls for any cryptographic functionality. Our work emphasizes the importance of evaluating protocol specifications within implementation-specific contexts.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Reverse FirewallTrojan-ResilientSplit Manufacturing
Contact author(s)
cchaudhary278 @ gmail com
neelam nimish @ gmail com
suvradip1111 @ gmail com
satrajit @ cse iitkgp ac in
debdeep mukhopadhyay @ gmail com
History
2025-04-30: revised
2025-04-29: received
See all versions
Short URL
https://ia.cr/2025/761
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/761,
      author = {Chandan Kumar and Nimish Mishra and Suvradip Chakraborty and Satrajit Ghosh and Debdeep Mukhopadhyay},
      title = {{TERRA} : Trojan-Resilient Reverse-Firewall for Cryptographic Applications},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/761},
      year = {2025},
      url = {https://eprint.iacr.org/2025/761}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.