Abstract:A one-time program (OTP) works as follows: Alice provides Bob with the implementation of some function. Bob can have the function evaluated exclusively on a single input of his choosing. Once executed, the program will fail to evaluate on any other input. State-of-the-art one-time programs have remained theoretical, requiring custom hardware that is cost-ineffective/unavailable, or confined to adhoc/unrealistic assumptions. To bridge this gap, we explore how the Trusted Execution Environment (TEE) of modern CP… Show more
“…It is impossible to avoid any piece of software to be copied and run again without using additional instrumentation. In the literature, different approaches for OTP implementation exist, from using dedicated hardware and complex cryptographic techniques (as in the first paper itself [ 30 ] and [ 33 ]) to extremely compelling approaches based on quantum computing [ 34 , 35 , 36 ]). In particular, Ref.…”
Section: Methodsmentioning
confidence: 99%
“…In particular, Ref. [ 33 ] seems to be a very promising idea because it uses hardware that is already present on most modern mobile devices.…”
Payment apps and digital wallets are powerful tools used to exchange e-money via the internet. However, with the progressive disappearance of cash, there is a need for the digital equivalent of physical banknotes to guarantee the same level of anonymity of private payments. Few efforts to solve the double-spending problem exist in P2P payments (i.e., in avoiding the possibility of a payer retaining copies of digital coins in absence of a trusted third party (TTP)), and further research efforts are needed to explore options to preserve the privacy of payments, as per the mandates of numerous central bank digital currency (CBDC) exploratory initiatives, such as the digital euro. Moreover, generic programmability requirements and energetic impacts should be considered. In this paper, we present a sustainable offline P2P payment scheme to face the double-spending problem by means of a one-time program (OTP) approach. The approach consists of wiping the business logic out of a client’s app and allowing financial intermediaries to inject a certified payment code into the user’s device, which will execute (asynchronously and offline) at the time of payment. To do so, we wrap each coin in a program at the time of withdrawal. Then the program exploits the trusted execution environment (TEE) of modern smartphones to transfer itself from the payer to the payee via a direct IoT link. To confirm the validity of the approach, we performed qualitative and quantitative evaluations, specifically focusing on the energetic sustainability of the proposed scheme. Results show that our payment scheme is energetically sustainable as the current absorbed for sending one coin is, at most, ~1.8 mAh on an Apple smartphone. We advance the state-of-the-art because the scheme meets the programmability, anonymity, and sustainability requirements (at the same time).
“…It is impossible to avoid any piece of software to be copied and run again without using additional instrumentation. In the literature, different approaches for OTP implementation exist, from using dedicated hardware and complex cryptographic techniques (as in the first paper itself [ 30 ] and [ 33 ]) to extremely compelling approaches based on quantum computing [ 34 , 35 , 36 ]). In particular, Ref.…”
Section: Methodsmentioning
confidence: 99%
“…In particular, Ref. [ 33 ] seems to be a very promising idea because it uses hardware that is already present on most modern mobile devices.…”
Payment apps and digital wallets are powerful tools used to exchange e-money via the internet. However, with the progressive disappearance of cash, there is a need for the digital equivalent of physical banknotes to guarantee the same level of anonymity of private payments. Few efforts to solve the double-spending problem exist in P2P payments (i.e., in avoiding the possibility of a payer retaining copies of digital coins in absence of a trusted third party (TTP)), and further research efforts are needed to explore options to preserve the privacy of payments, as per the mandates of numerous central bank digital currency (CBDC) exploratory initiatives, such as the digital euro. Moreover, generic programmability requirements and energetic impacts should be considered. In this paper, we present a sustainable offline P2P payment scheme to face the double-spending problem by means of a one-time program (OTP) approach. The approach consists of wiping the business logic out of a client’s app and allowing financial intermediaries to inject a certified payment code into the user’s device, which will execute (asynchronously and offline) at the time of payment. To do so, we wrap each coin in a program at the time of withdrawal. Then the program exploits the trusted execution environment (TEE) of modern smartphones to transfer itself from the payer to the payee via a direct IoT link. To confirm the validity of the approach, we performed qualitative and quantitative evaluations, specifically focusing on the energetic sustainability of the proposed scheme. Results show that our payment scheme is energetically sustainable as the current absorbed for sending one coin is, at most, ~1.8 mAh on an Apple smartphone. We advance the state-of-the-art because the scheme meets the programmability, anonymity, and sustainability requirements (at the same time).
“…It would be interesting to see how many of these problems, if any, can benefit from the introduction of trusted hardware. One example of this coupling is given by Zhao et al [222]; they investigate how TEEs may be used to realize one-time programs, ultimately building a system that uses Intel TXT in conjunction with the TPM. A unique and tailored approach to hardware-assisted computation may be necessary for each of the above problems, or it may be the case that several problems share characteristics that allow them to be tackled in a similar manner; such exploration would be an interesting direction for future work.…”
When two or more parties need to compute a common result while safeguarding their sensitive inputs, they use secure multiparty computation (SMC) techniques such as garbled circuits. The traditional enabler of SMC is cryptography, but the significant number of cryptographic operations required results in these techniques being impractical for most real-time, online computations. Trusted execution environments (TEEs) provide hardware-enforced isolation of code and data in use, making them promising candidates for making SMC more tractable. This paper revisits the history of improvements to SMC over the years and considers the possibility of coupling trusted hardware with SMC. This paper also addresses three open challenges: (1) defeating malicious adversaries, (2) mobile-friendly TEE-supported SMC, and (3) a more general coupling of trusted hardware and privacy-preserving computation.
“…However, it is easy to see that such programs cannot be fully software-based, as it is always possible to copy and re-execute a piece of software. Consequently, constructions for one-time programs found in the literature require tamperproof hardware, e.g., [17,20,23] or are based on trusted execution environments [32].…”
Delegation of cryptographic signing rights has found many application in the literature and the real world. However, despite very advanced functionalities and specific use cases, existing solutions share the natural limitation that the number of usages of these signing rights cannot be efficiently limited, but users can at most be disincentivized to abuse their rights.In this paper, we suggest a solution to this problem based on blockchains. We let a user define a smart contract defining delegated signing rights, which needs to be triggered to successfully sign a message. By leveraging the immutability of the blockchain, our construction can now guarantee that a user-defined threshold of signature invocations cannot be exceeded, thereby circumventing the need for dedicated hardware or similar assistance in existing constructions for one-time programs.We discuss different constructions supporting different features, and provide concrete implementations in the Solidity language of the Ethereum blockchain, proving the real-world efficiency and feasibility of our construction.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.