One-Time Computable Self-Erasing Functions

This paper studies the design of cryptographic schemes that are secure even if implemented on untrusted Machines that fall under adversarial control. For example, this includes machines that are infected by a software virus.We introduce a new cryptographic notion that we call a one-time computable pseudorandom, function (PRP), which is a PRF F-K(.) that can be evaluated on at most one input, even by an adversary who controls the device storing the key K, as long as: (I) the adversary cannot "leak" the key K out of the device completely (this is similar to the assumptions made in the Bounded-Retrieval Model), and (2) the local read/write memory of the machine is restricted, and not too much larger than the size of K. In particular, the only way to evaluate F-K(x) on such device, is to overwrite part of the key K during the computation, thus preventing all future evaluations of F-K(.) at any other point x' not equal x. We show that this primitive can be used to construct schemes for password protected storage that are secure against dictionary attacks, even by a virus that infects the machine. Our constructions rely on the random-oracle model, and lower-bounds for graphs pebbling problems.We show that our techniques can also be used to construct another primitive, called uncomputable hash functions, which are hash functions that have a short description but require a large amount of space to compute on any input. We show that this tool can be used to improve the communication complexity of proofs-of-erasure schemes, introduced recently by Perito and Tsudik (ESORICS 2010).