pith. sign in

arxiv: 1907.00935 · v1 · pith:ZIDQI43Fnew · submitted 2019-07-01 · 💻 cs.CR

One-Time Programs made Practical

Lianying Zhao , Joseph I. Choi , Didem Demirag , Kevin R. B. Butler , Mohammad Mannan , Erman Ayday , Jeremy Clark This is my paper

Pith reviewed 2026-05-25 11:34 UTC · model grok-4.3

classification 💻 cs.CR
keywords one-time programstrusted execution environmentgarbled circuitsone-time memorysecure computationhardware securitypractical cryptography
0
0 comments X

The pith

Trusted execution environments on modern CPUs can enforce one-time program execution without custom hardware.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

A one-time program lets Alice give Bob a function that evaluates on exactly one input of Bob's choice and then fails on any other. Earlier constructions stayed theoretical because they needed unavailable hardware or unrealistic assumptions. This paper shows that the trusted execution environment present in current CPUs can supply the required one-timeness guarantee through two constructions. In the first, the TEE itself limits the program to a single execution. In the second, the function is encoded as a garbled circuit and the TEE restricts Bob's input to a single wiring into that circuit. The two versions trade off performance according to the relative sizes of Alice's and Bob's inputs.

Core claim

We build two flavours of such a system: in the first, the TEE directly enforces the one-timeness of the program; in the second, the program is represented with a garbled circuit and the TEE ensures Bob's input can only be wired into the circuit once, equivalent to a smaller cryptographic primitive called one-time memory. These have different performance profiles: the first is best when Alice's input is small and Bob's is large, and the second for the converse.

What carries the argument

The Trusted Execution Environment (TEE) of modern CPUs, either enforcing single execution directly or securing one-time input wiring into a garbled circuit.

If this is right

  • Alice can deliver a function that Bob evaluates on only one input without requiring specialized hardware.
  • The direct TEE enforcement performs best when Alice supplies a small input and Bob supplies a large one.
  • The garbled-circuit version with TEE-enforced one-time memory performs best in the opposite input-size regime.
  • One-time programs move from theoretical constructions to implementations that run on commodity CPUs.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same TEE mechanism could support other one-time-use cryptographic building blocks such as certain oblivious-transfer variants.
  • Widespread TEE availability would reduce the hardware barrier for deploying secure two-party computation protocols that rely on one-time primitives.
  • Side-channel or rollback attacks on the TEE would directly falsify the one-timeness guarantee and could be tested with standard TEE attack toolkits.

Load-bearing premise

Modern TEEs can be relied upon to enforce one-timeness or one-time memory wiring without bypass, leakage, or failure.

What would settle it

An experiment in which the same TEE-protected one-time program successfully evaluates on two different inputs supplied by Bob.

Figures

Figures reproduced from arXiv: 1907.00935 by Didem Demirag, Erman Ayday, Jeremy Clark, Joseph I. Choi, Kevin R. B. Butler, Lianying Zhao, Mohammad Mannan.

Figure 1
Figure 1. Figure 1: Our realization of OTPs spans two phases when relying on TXT alone for the entire computation. Alice is active only during phase 1; Bob only during phase 2. initiating the flag in NVRAM, sealing (overwriting) Alice’s secret, etc. Once the normal execution mode is entered, the program will refuse to run a second time. Memory exposure. As an optional feature for certain computers with swap￾pable RAM, we expo… view at source ↗
Figure 2
Figure 2. Figure 2: In our GC-based approach to OTP, Alice generates key pairs and seals them. Bob unseals the keys that correspond to his input and locally evaluates the function. For details about Frigate and Battleship, see Appendix C key pairs are encrypted with MK. We only seal MK. This way, MK becomes per￾deployment, and reprovisioning the system will not make the sealed key pairs reusable due to the change of MK (i.e.,… view at source ↗
read the original abstract

A one-time program (OTP) works as follows: Alice provides Bob with the implementation of some function. Bob can have the function evaluated exclusively on a single input of his choosing. Once executed, the program will fail to evaluate on any other input. State-of-the-art one-time programs have remained theoretical, requiring custom hardware that is cost-ineffective/unavailable, or confined to adhoc/unrealistic assumptions. To bridge this gap, we explore how the Trusted Execution Environment (TEE) of modern CPUs can realize the OTP functionality. Specifically, we build two flavours of such a system: in the first, the TEE directly enforces the one-timeness of the program; in the second, the program is represented with a garbled circuit and the TEE ensures Bob's input can only be wired into the circuit once, equivalent to a smaller cryptographic primitive called one-time memory. These have different performance profiles: the first is best when Alice's input is small and Bob's is large, and the second for the converse.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 0 minor

Summary. The paper proposes realizing one-time programs (OTPs) practically via modern Trusted Execution Environments (TEEs). It describes two constructions: (1) the TEE directly enforces one-timeness of the program, and (2) the program is encoded as a garbled circuit with the TEE restricting Bob's input to a single wiring (realizing one-time memory). The two flavours are stated to exhibit complementary performance profiles depending on the relative sizes of Alice's and Bob's inputs.

Significance. If the security claims hold under a realistic TEE model, the work would constitute a meaningful step toward practical OTPs on commodity hardware, moving beyond prior theoretical or hardware-custom constructions. Explicitly contrasting the two performance regimes is a useful observation that could guide application choices.

major comments (2)
  1. [Abstract] Abstract: the central claim that TEEs can enforce one-timeness (or one-time memory wiring) without bypass, leakage, or replay is presented without any security model, reduction, or argument that existing enclave primitives (monotonic counters, sealed storage) suffice. This assumption is load-bearing for both constructions yet receives no formal treatment or discussion of rollback/side-channel vectors.
  2. [Abstract] Abstract: no implementation details, concrete TEE interface specification, or performance measurements are supplied to substantiate the stated performance profiles or to allow verification that the claimed trade-offs are realized.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback. We address the two major comments point-by-point below.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the central claim that TEEs can enforce one-timeness (or one-time memory wiring) without bypass, leakage, or replay is presented without any security model, reduction, or argument that existing enclave primitives (monotonic counters, sealed storage) suffice. This assumption is load-bearing for both constructions yet receives no formal treatment or discussion of rollback/side-channel vectors.

    Authors: We agree this is a valid observation. The manuscript relies on standard TEE security properties but does not supply an explicit model or reduction. In revision we will add a dedicated security model section that (1) defines OTP security under a TEE threat model, (2) shows how monotonic counters and sealed storage suffice to prevent replay and rollback for the two constructions, and (3) discusses side-channel and rollback vectors together with known mitigations (remote attestation, constant-time code). revision: yes

  2. Referee: [Abstract] Abstract: no implementation details, concrete TEE interface specification, or performance measurements are supplied to substantiate the stated performance profiles or to allow verification that the claimed trade-offs are realized.

    Authors: The performance trade-offs are argued from the known asymptotic costs of enclave operations versus garbled-circuit evaluation and from the memory constraints of current TEEs. The revision will expand this with (a) an explicit list of the TEE interface calls assumed (e.g., seal/unseal, monotonic counter increment/read) and (b) concrete big-O expressions for both constructions. Full prototype implementation and micro-benchmarks lie outside the scope of the current design paper and are planned as follow-up work. revision: partial

Circularity Check

0 steps flagged

No significant circularity in derivation chain

full rationale

The paper presents two system constructions for realizing one-time programs via TEE enforcement (direct one-timeness or garbled-circuit wiring restricted to one-time memory) with no equations, derivations, fitted parameters, or self-referential definitions present. Claims are positioned as direct applications of assumed TEE properties rather than reductions of outputs to inputs by construction; no load-bearing self-citations or uniqueness theorems are invoked to force the result. The work is therefore self-contained as an engineering proposal against external TEE assumptions.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

Review is based solely on the abstract; the primary unverified premise is the security and one-time enforcement capability of commodity TEEs. No free parameters, invented entities, or additional axioms are identifiable from the given text.

axioms (1)
  • domain assumption Trusted Execution Environments in modern CPUs can enforce one-timeness of a program or one-time wiring of inputs without bypass or leakage.
    The abstract states that TEE realizes the OTP functionality, relying on this property of TEE.

pith-pipeline@v0.9.0 · 5722 in / 1265 out tokens · 29180 ms · 2026-05-25T11:34:46.608842+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

81 extracted references · 81 canonical work pages

  1. [1]

    http://www.amd.com/en-us/solutions/ servers/virtualization (2017)

    AMD, Inc.: Virtualization Solutions. http://www.amd.com/en-us/solutions/ servers/virtualization (2017)

    work page 2017

  2. [2]

    Available at https://www

    Apple.com: iOS security guide (2018), white Paper. Available at https://www. apple.com/business/docs/iOS_Security_Guide.pdf

    work page 2018

  3. [3]

    In: Proceedings of USENIX Security Workshop on Health Information Technologies (HealthTech’13)

    Ayday, E., Raisaro, J.L., Laren, M., Jack, P., Fellay, J., Hubaux, J.P.: Privacy- preserving computation of disease risk by using genomic, clinical, and environmen- tal data. In: Proceedings of USENIX Security Workshop on Health Information Technologies (HealthTech’13). No. EPFL-CONF-187118 (2013) 18 For certain classes of circuits, Jafargholi and Wichs [...

    work page 2013

  4. [4]

    Azema, J., Fayad, G.: M-Shield mobile security technology: making wireless secure. Tech. rep., Texas Instruments (2008)

    work page 2008

  5. [5]

    In: Proceedings of the 18th ACM conference on Computer and communications security

    Baldi, P., Baronio, R., De Cristofaro, E., Gasti, P., Tsudik, G.: Countering gattaca: efficient and secure testing of fully-sequenced human genomes. In: Proceedings of the 18th ACM conference on Computer and communications security. pp. 691–702. ACM (2011)

    work page 2011

  6. [6]

    In: ASIACRYPT (2012)

    Bellare, M., Hoang, V.T., Rogaway, P.: Adaptively secure garbling with applica- tions to one-time programs and secure outsourcing. In: ASIACRYPT (2012)

    work page 2012

  7. [7]

    In: 11th USENIX Work- shop on Offensive Technologies (WOOT 17)

    Brasser, F., M¨ uller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical. In: 11th USENIX Work- shop on Offensive Technologies (WOOT 17). Vancouver, BC (2017)

    work page 2017

  8. [8]

    In: CRYPTO

    Broadbent, A., Gutoski, G., Stebila, D.: Quantum one-time programs. In: CRYPTO. pp. 344–360 (2013)

    work page 2013

  9. [9]

    In: USENIX Security Symposium

    Bulck, J.V., Minkin, M., Weisse, O., Genkin, D., Kasikci, B., Piessens, F., Sil- berstein, M., Wenisch, T.F., Yarom, Y., Strackx, R.: Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution. In: USENIX Security Symposium. pp. 991–1008. Baltimore, MD, USA (2018)

    work page 2018

  10. [10]

    IEEE Transactions on Information Technology in Biomedicine 16(1), 166–175 (2012)

    Canim, M., Kantarcioglu, M., Malin, B.: Secure management of biomedical data with cryptographic hardware. IEEE Transactions on Information Technology in Biomedicine 16(1), 166–175 (2012)

    work page 2012

  11. [11]

    Cariaso, M., Lennon, G.: SNPedia: a wiki supporting personal genome annotation, interpretation and analysis (2010), http://www.SNPedia.com

    work page 2010

  12. [12]

    In: Foundations of Computer Science, 1995

    Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: Foundations of Computer Science, 1995. Proceedings., 36th Annual Symposium on. pp. 41–50. IEEE (1995)

    work page 1995

  13. [13]

    Ermolov, M., Goryachy, M.: How to hack a turned-off computer or running un- signed code in intel management engine. Tech. rep., Black Hat Europe (2017)

    work page 2017

  14. [14]

    In: McCune, J.M., Bal- acheff, B., Perrig, A., Sadeghi, A.R., Sasse, A., Beres, Y

    Fink, R.A., Sherman, A.T., Mitchell, A.O., Challener, D.C.: Catching the cuckoo: Verifying tpm proximity using a quote timing side-channel. In: McCune, J.M., Bal- acheff, B., Perrig, A., Sadeghi, A.R., Sasse, A., Beres, Y. (eds.) Trust and Trust- worthy Computing. pp. 294–301. Springer Berlin Heidelberg, Berlin, Heidelberg (2011)

    work page 2011

  15. [15]

    Fisch, B.A., Vinayagamurthy, D., Boneh, D., Gorbunov, S.: Iron: Functional en- cryption using Intel SGX. Tech. rep., IACR eprint (2016)

    work page 2016

  16. [16]

    Gnu.org: The multiboot specification (2009), http://www.gnu.org/software/ grub/manual/multiboot/multiboot.html

    work page 2009

  17. [17]

    In: CRYPTO

    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-Time Programs. In: CRYPTO. pp. 39–56 (2008)

    work page 2008

  18. [18]

    Greene, J.: Intel R⃝ Trusted Execution Technology. Tech. rep. (2012)

    work page 2012

  19. [19]

    PLoS One 9(3), 1–9 (2014)

    Greshake, B., Bayer, P.E., Rausch, H., Reda, J.: Opensnp–a crowdsourced web resource for personal genomics. PLoS One 9(3), 1–9 (2014)

    work page 2014

  20. [20]

    In: NDSS

    Guan, L., Lin, J., Luo, B., Jing, J.: Copker: Computing with private keys without RAM. In: NDSS. San Diego, CA, USA (Feb 2014)

    work page 2014

  21. [21]

    In: Financial Cryp- tography and Data Security

    Gunupudi, V., Tate, S.R.: Generalized non-interactive oblivious transfer using count-limited objects with applications to secure mobile agents. In: Financial Cryp- tography and Data Security. pp. 98–112. FC’08 (2008)

    work page 2008

  22. [22]

    In: USENIX Security Symposium

    Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: Cold boot attacks on encryption keys. In: USENIX Security Symposium. San Jose, CA, USA (2008) 20 L. Zhao et al

    work page 2008

  23. [23]

    In: 27th USENIX Security Symposium (USENIX Security 18)

    Han, S., Shin, W., Park, J.H., Kim, H.: A bad dream: Subverting trusted platform module while you are sleeping. In: 27th USENIX Security Symposium (USENIX Security 18). pp. 1229–1246. Baltimore, MD, USA (2018)

    work page 2018

  24. [24]

    Springer (2010)

    Hazay, C., Lindell, Y.: Efficient Secure Two-Party Protocols. Springer (2010)

    work page 2010

  25. [25]

    Holzer, A., Franz, M., Katzenbeisser, S., Veith, H.: Secure Two-party Computa- tions in ANSI C. In: CCS. pp. 772–783 (2012)

    work page 2012

  26. [26]

    https:// software.intel.com/en-us/sgx (2016)

    Intel Corporation: Intel Software Guard Extensions (Intel SGX). https:// software.intel.com/en-us/sgx (2016)

    work page 2016

  27. [27]

    http://tboot

    Intel Corporation: Trusted boot (tboot) (2017), version: 1.8.0. http://tboot. sourceforge.net/

    work page 2017

  28. [28]

    Jafargholi, Z., Wichs, D.: Adaptive Security of Yao’s Garbled Circuits. In: TCC. pp. 433–458 (2016)

    work page 2016

  29. [29]

    In: CHES

    J¨ arvinen, K., Kolesnikov, V., Sadeghi, A.R., Schneider, T.: Garbled circuits for leakage-resilience: Hardware implementation and evaluation of one-time programs. In: CHES. pp. 383–397. CHES’10 (2010)

    work page 2010

  30. [30]

    Available at http://www.notebookreview.com/feature/ identify-user-upgradeable-notebooks/

    Jefferies, C.P.: How to identify user-upgradeable notebooks (June 2017), web article. Available at http://www.notebookreview.com/feature/ identify-user-upgradeable-notebooks/

    work page 2017

  31. [31]

    https://software.intel.com/ en-us/articles/intel-sgx-and-side-channels (2017)

    Johnson, S.: Intel R⃝ SGX and Side-Channels. https://software.intel.com/ en-us/articles/intel-sgx-and-side-channels (2017)

    work page 2017

  32. [32]

    IEEE Transactions on information technology in biomedicine 12(5), 606–617 (2008)

    Kantarcioglu, M., Jiang, W., Liu, Y., Malin, B.: A cryptographic approach to securely share and query genomic sequences. IEEE Transactions on information technology in biomedicine 12(5), 606–617 (2008)

    work page 2008

  33. [33]

    In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

    Kirkpatrick, M.S., Kerr, S., Bertino, E.: PUF ROKs: A hardware approach to read- once keys. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security. pp. 155–164. AsiaCCS’11, Hong Kong, China (2011)

    work page 2011

  34. [34]

    In: APKC (2017)

    Kitamura, T., Shinagawa, K., Nishide, T., Okamoto, E.: One-time Programs with Cloud Storage and Its Application to Electronic Money. In: APKC (2017)

    work page 2017

  35. [35]

    CoRR (2018)

    Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., Yarom, Y.: Spectre attacks: Exploiting speculative execution. CoRR (2018)

    work page 2018

  36. [36]

    In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018

    Kollenda, B., Koppe, P., Fyrbiak, M., Kison, C., Paar, C., Holz, T.: An exploratory analysis of microcode as a building block for system defenses. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018. pp. 1649–1666 (2018)

    work page 2018

  37. [37]

    In: 26th USENIX Security Symposium (USENIX Security 17)

    Koppe, P., Kollenda, B., Fyrbiak, M., Kison, C., Gawlik, R., Paar, C., Holz, T.: Re- verse engineering x86 processor microcode. In: 26th USENIX Security Symposium (USENIX Security 17). pp. 1163–1180. Vancouver, BC (2017)

    work page 2017

  38. [38]

    In: USENIX Security Symposium

    Kreuter, B., Shelat, A., Mood, B., Butler, K.: PCF: A Portable Circuit Format for Scalable Two-Party Secure Computation. In: USENIX Security Symposium. pp. 321–336 (2013)

    work page 2013

  39. [39]

    In: USENIX Security Symposium

    Kreuter, B., Shelat, A., Shen, C.: Billion-Gate Secure Computation with Malicious Adversaries. In: USENIX Security Symposium. pp. 285–300 (2012)

    work page 2012

  40. [40]

    In: 26th USENIX Security Symposium (USENIX Security 17)

    Lee, S., Shih, M.W., Gera, P., Kim, T., Kim, H., Peinado, M.: Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In: 26th USENIX Security Symposium (USENIX Security 17). pp. 557–574. Vancouver, BC (2017)

    work page 2017

  41. [41]

    CoRR (2018)

    Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin, D., Yarom, Y., Hamburg, M.: Meltdown. CoRR (2018)

    work page 2018

  42. [42]

    Matetic, S., Kostiainen, K., Dhar, A., Sommer, D., Ahmed, M., Gervais, A., Juels, A., Capkun, S.: Rote: Rollback protection for trusted execution. Tech. rep., ETH Zurich (2017) One-Time Programs made Practical 21

    work page 2017

  43. [43]

    McCune, J.M.: Reducing the trusted computing base for applications on commod- ity systems. Ph.D. thesis, Carnegie Mellon University (2009)

    work page 2009

  44. [44]

    In: Euro-SP (2016)

    Mood, B., Gupta, D., Carter, H., Butler, K., Traynor, P.: Frigate: A Validated, Extensible, and Efficient Compiler and Interpreter for Secure Computation. In: Euro-SP (2016)

    work page 2016

  45. [45]

    In: USENIX Security Symposium

    M¨ uller, T., Freiling, F.C., Dewald, A.: TRESOR runs encryption securely outside RAM. In: USENIX Security Symposium. San Francisco, CA, USA (Aug 2011)

    work page 2011

  46. [46]

    Naveed, M., Agrawal, S., Prabhakaran, M., Wang, X., Ayday, E., Hubaux, J.P., Gunter, C.: Controlled functional encryption. In: CCS. pp. 1280–1291. ACM (2014)

    work page 2014

  47. [47]

    In: CCS (2014)

    Naveed, M., Ayday, E., Clayton, E.W., Fellay, J., Gunter, C.A., Hubaux, J.P., Malin, B., Wang, X., et al.: Privacy and security in the genomic era. In: CCS (2014)

    work page 2014

  48. [48]

    nccgroup: Cachegrab (December 2017), available at https://github.com/ nccgroup/cachegrab

    work page 2017

  49. [49]

    In: Collaboration and Internet Computing (CIC), 2016 IEEE 2nd International Conference on

    Ngabonziza, B., Martin, D., Bailey, A., Cho, H., Martin, S.: Trustzone explained: Architectural features and use cases. In: Collaboration and Internet Computing (CIC), 2016 IEEE 2nd International Conference on. pp. 445–451. IEEE (2016)

    work page 2016

  50. [50]

    Saint-Jean, F.: Java Implementation of a Single-Database Computationally Sym- metric Private Information Retrieval (cSPIR) Protocol. Tech. rep., Yale University Department of Computer Science (2005)

    work page 2005

  51. [51]

    In: DIMVA (2017)

    Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware Guard Extension: Using SGX to Conceal Cache Attacks. In: DIMVA (2017)

    work page 2017

  52. [52]

    Sevinsky, R.: Funderbolt: Adventures in Thunderbolt DMA attacks, black Hat USA, 2013

    work page 2013

  53. [53]

    In: ACSAC (2011)

    Simmons, P.: Security through Amnesia: A software-based solution to the cold boot attack on disk encryption. In: ACSAC (2011)

    work page 2011

  54. [54]

    https://www.snpedia.com/index.php/Magnitude (2014)

    SNPedia: Magnitude. https://www.snpedia.com/index.php/Magnitude (2014)

    work page 2014

  55. [55]

    https://www.snpedia.com/index.php/Rs429358 (2017)

    SNPedia: rs429358. https://www.snpedia.com/index.php/Rs429358 (2017)

    work page 2017

  56. [56]

    Available at https://www.theverge.com/ 2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy

    Sottek, T.: NSA reportedly intercepting laptops purchased online to install spy malware (December 2013), web article. Available at https://www.theverge.com/ 2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy

    work page 2013

  57. [57]

    NPG Education (2009)

    Spivey, H.C.C.D.M.K.S.C.N.A., Smith, R.: Essentials of Genetics. NPG Education (2009)

    work page 2009

  58. [58]

    In: Proceedings of the 30th Annual Computer Security Applications Con- ference

    Strackx, R., Jacobs, B., Piessens, F.: Ice: A passive, high-speed, state-continuity scheme. In: Proceedings of the 30th Annual Computer Security Applications Con- ference. pp. 106–115. ACSAC’14, New Orleans, Louisiana, USA (2014)

    work page 2014

  59. [59]

    In: 25th USENIX Security Symposium (USENIX Security 16)

    Strackx, R., Piessens, F.: Ariadne: A minimal approach to state continuity. In: 25th USENIX Security Symposium (USENIX Security 16). pp. 875–892. Austin, TX (2016)

    work page 2016

  60. [60]

    Available at https://www.defcon.org/html/ links/dc-archives/dc-20-archive.html

    Tarnovsky, C.: Attacking tpm part 2: A look at the ST19WP18 tpm device (July 2012), dEFCON presentation. Available at https://www.defcon.org/html/ links/dc-archives/dc-20-archive.html

    work page 2012

  61. [61]

    Trusted Computing Group: TCG Platform Reset Attack Mitigation Specification (May 2008)

    work page 2008

  62. [62]

    https://trustedcomputinggroup.org/ tpm-main-specification/ (2011)

    Trusted Computing Group: Trusted Platform Module Main Specifica- tion, version 1.2, revision 116. https://trustedcomputinggroup.org/ tpm-main-specification/ (2011)

    work page 2011

  63. [63]

    Vasiliadis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: PixelVault: Using GPUs for securing cryptographic operations. In: CCS. Scottsdale, AZ, USA (Nov 2014) 22 L. Zhao et al

    work page 2014

  64. [64]

    In: 43rd Hawaii International Conference on System Sciences

    Vidas, T.: Volatile memory acquisition via warm boot memory survivability. In: 43rd Hawaii International Conference on System Sciences. pp. 1–6 (Jan 2010)

    work page 2010

  65. [65]

    Proceedings of the National Academy of Sciences 107(28), 12629–12633 (2010)

    Walsh, T., Lee, M.K., Casadei, S., Thornton, A.M., Stray, S.M., Pennil, C., Nord, A.S., Mandell, J.B., Swisher, E.M., King, M.C.: Detection of inherited mutations for breast and ovarian cancer using genomic capture and massively parallel se- quencing. Proceedings of the National Academy of Sciences 107(28), 12629–12633 (2010)

    work page 2010

  66. [66]

    Wang, X.S., Huang, Y., Zhao, Y., Tang, H., Wang, X., Bu, D.: Efficient genome- wide, privacy-preserving similar patient query based on private edit distance. In: CCS. pp. 492–503. ACM (2015)

    work page 2015

  67. [67]

    Wiklander, J.: Secure storage in OP-TEE, available at https://github.com/ OP-TEE/optee_os/blob/master/documentation/secure_storage.md

    work page

  68. [68]

    Wojtczuk, R., Rutkowska, J.: Attacking Intel trusted execution technology (Feb 2009), black Hat DC

    work page 2009

  69. [69]

    http:// invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf

    Wojtczuk, R., Rutkowska, J., Tereshkin, A.: Another way to circumvent Intel trusted execution technology (Dec 2009), technical Report. http:// invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf

    work page 2009

  70. [70]

    In: IEEE Symposium on Security and Privacy (2015)

    Xu, Y., Cui, W., Peinado, M.: Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In: IEEE Symposium on Security and Privacy (2015)

    work page 2015

  71. [71]

    In: FOCS (1982)

    Yao, A.C.: Protocols for secure computations. In: FOCS (1982)

    work page 1982

  72. [72]

    Zhang, N., Sun, K., Shands, D., Lou, W., Hou, Y.T.: Truspy: Cache side-channel information leakage from the secure world on ARM devices. IACR Cryptology ePrint Archive 2016, 980 (2016) One-Time Programs made Practical 23 The appendices are organized as follows: • Appendix A provides additional background helpful for understanding on one-time programs, gar...

    work page 2016

  73. [73]

    Exemplified by Intel TXT, this type of TEE suspends all other operations on the processor and owns all resources before it exits

    Exclusive. Exemplified by Intel TXT, this type of TEE suspends all other operations on the processor and owns all resources before it exits. The ad- vantage is less attack vectors exposed

    work page

  74. [74]

    Represented by Intel SGX and ARM TrustZone, this type cre- ates secure enclaves or worlds that exist alongside other processes

    Concurrent. Represented by Intel SGX and ARM TrustZone, this type cre- ates secure enclaves or worlds that exist alongside other processes. There might be multiple instances at the same time. These are more suitable for application-level logic. We now present a few of the typical TEE options in the context of OTP, and discuss their suitability for matchin...

    work page

  75. [75]

    TXT has been time-tested and known flaws are al- ready stable public information (see Section 8)

    Fewer known flaws. TXT has been time-tested and known flaws are al- ready stable public information (see Section 8). For SGX, there have been multiple reports regarding various side-channel attacks mounted by mali- cious/compromised OS or even peer apps [70,51]. What is worse, Intel ad- mits it as a known flaw that will remain, leaving the closing of side-ch...

    work page

  76. [76]

    What make it worse is the Foreshadow attack specifically targeting One-Time Programs made Practical 27 SGX (L1 Terminal Fault)

    Meltdown [41]/Spectre [35]/Foreshadow [9].The lately identified flaws in modern processors make side-channel attacks potentially ubiquitous, due to the fact that out-of-order execution is a common feature of modern archi- tectures. What make it worse is the Foreshadow attack specifically targeting One-Time Programs made Practical 27 SGX (L1 Terminal Fault). ...

    work page

  77. [77]

    Dedicated environment. SGX is positioned differently than TXT and does not replace it, in the sense that the former allows multiple user-space instances for cloud applications, whose attestation requires contacting Intel’s IAS server each time. In contrast, TXT is a dedicated environment, with reduced attack vectors, that also allows local attestation. B A...

    work page

  78. [78]

    The bank supplies OTP boxes with set dollar values

    work page

  79. [79]

    • In TXT, the corresponding keys are selected

    To make a payment, the user provides to the OTP box the shop’s hash of a newly generated random number. • In TXT, the corresponding keys are selected. • After reboot, the selected keys are input into the garbled circuit pro- gram, which outputs a signature of the dollar-value concatenated with the shop’s hash value

    work page

  80. [80]

    The shop verifies the signature

    work page

Showing first 80 references.