Traitor Tracing Schemes for Protected Software Implementations

Transcription

1 Published in S. Katzenbeisser and A.-R. Sadeghi, Eds, 11th ACM Workshop on Digital Rights Management (ACM DRM 2011), pp , ACM Press, Traitor Traing Shemes for Proteted Software Implementations Mar Joye Tehniolor, Seurity & Content Protetion Labs Cesson-Sévigné, Frane Tanrède Lepoint Tehniolor, Seurity & Content Protetion Labs Cesson-Sévigné, Frane ABSTRACT This paper onsiders the problem of onverting an enryption sheme into a sheme in whih there is one enryption proess but several deryption proesses. Eah deryption proess is made available as a proteted software implementation (deoder). So, when some digital ontent is enrypted, a legitimate user an reover the ontent in lear using its own private software implementation. Moreover, it is possible to trae a deoder in a blak-box fashion in ase it is suspeted to be an illegal opy. Our onversions assume software tamper-resistane. Categories and Subjet Desriptors C.2.0 [Computer-Communiation Networks]: General Seurity and protetion; E.3 [Data]: Data Enryption Publi key ryptosystems General Terms Seurity, Design Keywords Content protetion, ontent distribution, traitor traing, software deoders, tamper resistane, obfusation. 1. INTRODUCTION Premium ontent is usually enrypted so as to ontrol its distribution. In ontent distribution systems, authorized users are given a hardware or software deoder ontaining a deryption key that allows them to get aess to the ontent in lear. But users may ollude and try to produe a pirate deoder; i.e., a non-registered deoder able to derypt. Traitor traing shemes [13, 14] enable an authority to reover the identity of at least one of the legitimate users who partiipated in the onstrution of a pirate deoder. Suh a user is alled a traitor. The aim of traitor traing shemes is to deter users from building pirate deoders. In the non-blak-box setting, traitor traing shemes assume that deoders are open and so that a legitimate user knows her deoder s private deryption key. Traitor traing shemes also assume that eah deoder has a different private key: a deryption key uniquely identifies a deoder (and thus a user). In order to redue the iphertext expansion, when a same ontent has to be sent to a (large) set of users, traitor traing shemes usually work in tandem with broadast enryption tehniques [21] (see also [4]). Ciphertext expansion is used as a metri to measure the quality of a traitor traing sheme. In that sense, an optimal traitor sheme ould be obtained under the assumption of tamper resistane [27]. If the data stored in the deoder (inluding the ryptographi keys) are proteted against unauthorized aess, there is no need to add traing apabilities. Tamper resistane rules out olluding attaks. So, further assuming that deoders annot be loned, the same deryption key ould be used in all deoders. The size of the iphertexts would therefore be onstant, regardless of the number of users in the system. A possible realization is to rely on smart ards: they are tamper-resistant and unlonable. We note however that suh a system also requires the deryption algorithm in the smart ard to be properly implemented [1]. In partiular, the implementation should not leak information about the deryption key. Examples of implementation attaks inlude side-hannel attaks [26] and fault attaks [7]. Software-based solutions offer a number of advantages. They are heaper and easier to distribute and to update (for example if a seurity flaw is identified). Software tamperresistane [2] an be ahieved through a ombination of obfusation tehniques [16] and of ryptographi hashing [11, 25, 12]. Cryptographi hashing heks the integrity as the program is running while obfusation makes it harder to realize intended hanges in funtionality (and in partiular to bypass the integrity heks). Unlonability is diffiult to ahieve without resorting to hardware. We do not solve this problem in this paper. Instead, we suggest a method deterring users from distributing opies of their [software] deoder. A possible approah is to embed opy-speifi watermarks in the ode [17]. This enables traking illegal opies. A onrete implementation whih niely ombines with integrity heking tehniques is presented in [25] (see also [24]). The approah we propose is different, omplementary. We require eah deoder to have a different private key while being ompatible with any enryption algorithm. Our idea is to add an extra, opy-speifi entry to the deryption algo-

2 rithm so that this extra entry together with the private key embedded in the software deoder enables to derypt iphertexts. In its most basi version, the deryption key (known to some authority) is split into two shares. Eah registered user reeives from the authority a first private share and a software deoder embedding the seond share. So upon reeiving a iphertext and a private share, the deoder first reovers the entire deryption key from the two shares (i.e., the input share and the embedded share) and next uses it to derypt the iphertext and obtain the ontent in lear. In more advaned versions, we will see that it is not neessary to expliitly reompute the deryption key. Advantageously, our approah allows for flexible traitor traing, in a blakbox fashion. Outline of the paper. The rest of this paper is organized as follows. In the next setion, we review several key splitting tehniques, with a speial fous on RSA. In Setion 3, we present several traitor traing shemes for software implementations of RSA-based ryptosystems. We also disuss the seurity of the shemes we so obtain. Setion 4 exemplifies the generality of our methodology. We present traitor traing shemes for software implementations of disrete-log based ryptosystems. Finally, we onlude in Setion SECRET SPLITTING Seret splitting or seret sharing [5, 31] is a ryptographi tehnique to split a seret key in (at least) two omponents. Learning one of the omponents does not reveal half of the seret; it atually reveals no information at all. A simple way to split a k-bit key K in two shares is to hoose uniformly at random K 1 {0, 1} k and to define K 2 = K K 1. It is easily verified that the knowledge of K 1 (or K 2) yields no information on K. The two shares are needed to the reassemble seret key K. For RSA [30], or more generally for most publi-key ryptosystems, the underlying algebrai struture an be exploited to derive further key splitting shemes with different properties. For onreteness, onsider an RSA modulus N = pq where p and q are two large balaned primes. The publi primitive onsists in raising some x Z N to the e- th power and the orresponding private primitive onsists in raising some y Z N to the d-th power. The publi exponent e is oprime to λ(n) and mathes the private exponent d through the relation ed 1 (mod λ(n)), where λ denotes Carmihael funtion. 1 By onstrution, if we let y = x e then x an be reovered as y d : y d (x e ) d x ed mod λ(n) x (). Multipliative splitting. The multipliative splitting breaks down the private exponent d into two omponents (d 1, d 2) where d 1 is a random element in Z λ(n) ; d 2 is omputed as d 2 = d/d 1 mod λ(n). 1 Carmihael funtion of N defines the exponent of the multipliative group Z N, that is, the smallest positive integer t suh that a t 1 () for every a Z N. For an RSAmodulus N = pq, λ(n) is given by lm(p 1, q 1). The private exponentiation, y d, an then be evaluated as (y d 1 ) d2. The multipliative splitting was introdued by Boyd in [10] (and analyzed in [23]) as a means to produe digital multisignatures. Eah party reeives a share d i (i {1, 2}), whih is then used to reate a joint signature. Additive splitting. The additive splitting, also used in [10] as an alternative to produe multisignatures, is a variant where the private exponent d is split additively into two shares (d 1, d 2) where d 1 is a random element in Z λ(n) \ {0}; d 2 is omputed as d 2 = d d 1 mod λ(n). The private exponentiation, y d, an now be arried out as y d1 y d 2. With the multipliative splitting, the two half exponentiations are performed in a serial way. In ontrast, the additive splitting presribes parallel operation. This was used to design a variant of RSA, known as mediated RSA (mrsa) [8], providing immediate revoation apabilities in a PKI. mrsa involves an on-line semi-trusted entity, alled SEM, that issues message-speifi tokens. The SEM is given the key share d 1 while the user reeives the seond share, d 2. If the user wants to sign or to derypt a message y, she must first obtain the token y d 1. To revoke the user s ability to sign or derypt messages, the SEM simply stops issuing tokens. A multipliative version of mrsa is presented in [22]. Further generalizations are desribed in [33, 19]. Eulidean splitting. Key splitting tehniques also find appliations in the development of ountermeasures against ertain implementation attaks. It an be seen as a ombination of the two previous tehniques (sequential and parallel splittings). The Eulidean splitting [15] splits the private exponent d into two omponents (d 1, d 2) where d 1 is a random element in {0, 1} κ, d 1 0, for some parameter κ; d 2 = d 2,h d 2,l is omputed as d 2,h = d/d 1 and d 2,l = d mod d 1. Remarking that d = d 1 d 2,h +d 2,l, the private exponentiation an be evaluated as (y d 1 ) d 2,h y d 2,l. The advantage of the Eulidean splitting is omputational. If parameter κ is set to d 2/2 N 2/2 (i.e., half the bitlength of N), then the entity holding d 2 has to perform a double exponentiation of the form z d 2,h y d 2,l () where the exponents d 2,h and d 2,l are half-sized. Sine the ost of a double exponentiation is only slightly more expensive than a single exponentiation using Straus method [32] (a.k.a. Shamir s trik; see [20]), the overall omputation is roughly twie faster. More generally, we notie that the Eulidean splitting an be applied diretly to d or to an equivalent representation thereof like d + kλ(n) for some integer k.

3 3. TRAITOR TRACING SCHEMES FOR RSA As mentioned in the introdution, our aim is to deter users from distributing the deryption software they reeive from ontent providers. To this end, eah user reeives a personalized deryption software ontaining a unique deryption key. Yet a same enrypted ontent an be derypted using any personalized deryption software. The key property of our shemes is that it is possible to identify a personalized deryption software. In other words, it is possible to trae a given implementation or a opy thereof. Properly implemented deryption algorithms make use of state-of-the-art obfusation and tamper-resistant tehniques. The shemes we present in this setion only rely on software and do not require seure hardware. 3.1 Basi Sheme Imagine that a same digital ontent has to be sent to a large number of subsribers. Contents are enrypted using RSA [30] with publi key (N, e) and private key d. Speifially, using the RSA ryptosystem, a binary string m is enrypted as = µ(m) e for some (probabilisti) padding funtion µ (e.g., OAEP [3]). Then, given iphertext, m is reovered from d using the private key d. A lassial solution is to provide eah legitimate user with a proteted software implementation of the deryption box. Moreover, to prevent illegal re-distribution, implementations are equipped with opy-speifi watermarks for traing purposes. d Figure 1: Classial sheme Our approah is omplementary. We propose to split the deryption key into two omponents. For eah user, the first omponent,, is derived from a unique identifier ID. The seond omponent, d ID, is defined so that the value of deryption key d an be reovered from the pair (, d ID ). We let R denote the ombining funtion that on input and d ID returns d. Component d ID is embedded in a proteted software implementation while omponent serves as an additional input to the deryption software. 1 d = R(, d ID ) 2 d Figure 2: Basi sheme In more detail, the sheme goes as follows. In the initialization phase, a ontent provider sets up an RSA modulus N and a pair of enryption/deryption keys (e, d). When a user wants to subsribe to the system, she has to produe a unique identifier ID (e.g., address, bank aount number, password,... ) for the system. The user then reeives her personal string together with a proteted software implementation (deoder) whih embeds the mathing seret value d ID. When a registered user wishes to get aess to an enrypted ontent, she enters her string in her deoder whih derypts in two steps as: evaluate d = R(, d ID ); ompute d ; the last operation reovers and returns the plain ontent m, or returns in ase the deryption failed. See Fig. 2. Seleting. Without loss of generality, we view the unique identifier ID of a user as a binary string. There are several possibilities to derive from ID. Writing = f(id), we require funtion f : {0, 1} {0, 1} l to be ollision-resistant. There are several possible hoies for funtion f: f an be the identity map; f an be a ryptographi hash funtion (e.g., SHA-1, SHA-2 family,... ); f an be a [deterministi] symmetri enryption funtion (e.g., AES, Serpent,... ); f an be a [deterministi] authentiation funtion (e.g., HMAC, RSA-FDH,... ); et. Defining d ID. The value of d ID is defined from the string and deryption key d. Again, there are plenty of hoies. For example, viewing d as a binary string, we an define d ID = d (and thus R(, d ID ) = d ID ). As will be shown in 3.2, the way d ID is onstruted may simplify the implementation. Traing traitors. Traing a traitor is pretty easy. Suppose that a legitimate user (orresponding to identifier ID) is allegedly suspeted to have made available illegal opies of her software deoder. When suh a opy is found, it an be tested whether it orresponds to ID as follows: obtain a valid iphertext ; ompute = f(id) (where ID is the identifier of the putative traitor) using derivation funtion f; input and to the pirated opy of the software deoder and hek whether derypts orretly or not. If so, the user with identifier ID is identified as the soure of leakage. Interestingly, the traing apability requires the knowledge of derivation funtion f. If the funtion f is publi, anyone an test if a given software deoder orresponds to some identifier ID. In ontrast, if the funtion f is private (for instane, if it is keyed), traitor traing is solely possible for authorized entities (namely, those knowing f). 3.2 Enhaned Shemes Although appliable to any ryptosystem, the basi sheme (Fig. 2) an be intriate to implement in a seure way. The proposed implementation is different from existing ones. Speifially, in addition to the usual deryption funtion

4 (i.e., d in the ase of RSA), our basi sheme first requires to reonstrut d from and d ID. A possible fix to mitigate the damages would be to make private the ombining funtion R. A better approah would be to design a software implementation that solely performs operations similar to the regular deryption funtion. This allows one to get a proteted implementation at minimum ost, augmented with our traing method. More importantly, this allows one to base the seurity on proven tehniques. While this may appear diffiult in the general ase, we will see that for RSA it is not. We an exploit the underlying algebrai struture. The regular deryption funtion for RSA is the modular exponentiation. The goal is, on input (, ), to evaluate d () using a routine that an seurely evaluate operations of the form x d ID for a fixed value d ID. This is where the key splitting tehniques introdued in Setion 2 ome into play. An appliation of the different splitting tehniques lead to the shemes depited in the next figure. Given identifier ID and orresponding identifying value, the value of d ID is respetively defined as: multipliative sheme: d ID d/ additive sheme: d ID d Eulidean sheme: d ID = (d (1) and d (2) ID = d mod. ID, d(2) ID 1 0 = 2 0 d ID (a) Multipliative variant 1 0 = 2 1 = d ID (b) Additive variant 1 0 = d 2 (1) 0 ID d(2) ID () Eulidean variant (mod λ(n)); (mod λ(n)); ) with d(1) ID = d Figure 3: Enhaned shemes for RSA deryption One may argue that the enhaned shemes involve modular exponentiations with an exponent other than d ID, namely for the omputation of 0. We note that is not a sensitive value. Therefore, the value of 0 (as well as its omputation) does not reveal any sensitive information. For the Eulidean variant, we suppose that the double exponentiation in Step 2 is evaluated as an atomi operation based on the Straus-Shamir tehnique (otherwise there is no use to onsider this variant). 3.3 Seurity Considerations The traitor traing shemes presented in this setion require state-of-the-art obfusation and tamper-resistant tehniques. In partiular, if the value of d ID is reovered then the knowledge of enables the reonstrution of the private deryption key d as R(, d ID ). As aforementioned, keying R in the basi sheme may help to mitigate the damages as the attaker should also reover the value of the key used by R. For the enhaned shemes, the situation is better. The implementation inherits the same seurity guarantees as the regular implementation (i.e., without our added traing apabilities). There is no seurity loss. In our RSA implementations (Fig. 3), the sensitive operation (Step 2) is a modular exponentiation with a private exponent, as is done in the regular implementation (the only differene is that d is replaed by d ID ). Step 1 leaks no sensitive information. An alternative to the multipliative variant as depited in Fig. 3(a) ould be to use 0 as an input (instead of ) in the regular implementation, tailored with exponent d ID ; ompare Fig. 1 and Fig. 3(a). For the additive variant (Fig. 3(b)), the multipliation in Step 3 should be implemented with are. The reovery of 1 may give more power to the attaker; the expeted seurity level is not neessarily preserved. For that reason, the multipliative variant should be preferred. We suppose that the attaker is a legitimate user. Her goal is to build an untraeable deoder, or at least a deoder that does not trae her identity Key reovery attaks A possible way to get an untraeable software deoder is to reover d ID, and then d from. Chosen-iphertext seurity. Sine the attaker possesses her own opy of the deryption software, she an use it to mount hosen-iphertext attaks. This means that the underlying ryptosystem must at least meet the notion of unbreakability under hoseniphertext attaks. This notion is implied by the lassial notion of indistinguishably under hosen-iphertext attaks (IND-CCA). Although we are not aware of (blak-box) key reovery attaks against plain RSA (a.k.a. textbook RSA or no-pad RSA) whih is obviously not hosen-iphertext seure, we do not reommend its use. We rather reommend the use of RSA-OAEP or any other IND-CCA RSA-based ryptosystem. Size of d ID. There is no size reommendations for ; the only requirement is that eah must be unique. Conerning d ID, Wiener s attak tells us the a private RSA key annot be hosen too small. A similar remark holds for d ID. In order to prevent Wiener s attak and more sophistiated LLL-based attaks, we reommend that d ID should be at least of the size of N 1/2 [9] Re-obfusation attaks Re-obfusation is another possible avenue for the attaker. The attaker might try to produe a program (from the software deoder she reeived) that does not take on input so that traing would not be possible. Worse, the attaker

5 ould even try to produe a program with a hosen to falsely ause the user with identifier ID (impersonation). This is depited in Fig. 4. Note that suh an attak only makes sense for open environments; it is readily ruled out in semi-open environments (i.e., exeuting only signed ode). tehniques of Setion 2 readily apply here as well. For example, defining d ID = d/ mod q, the multipliative splitting yields the following enhaned sheme = (u, v) 1 u 0 = u 2 v H(u 0 d ID ) Figure 4: Impersonation Of ourse the original deoder (i.e., the implementation the user reeived in light gray on the piture) is needed beause the value of d ID is unknown to the attaker. A pirate deoder may look like 1. all the original deoder with (, ) as inputs and obtain the result, say R (note that R = ); 2. hek whether the input orresponds to the user the pirate wants to impersonate; if so, return R, otherwise return. This will however not work if there is a global integrity hek of the original deoder. The software deoder will then detet that it is part of another program and take appropriate ations. This an be done through self-heking means, in a stati or dynami way Collusion attaks Collusion attaks are usually onsidered in the ontext of traitor traing. A oalition of users tries to generate a deoder not related to them. This does not apply here: the knowledge of several s does not provide useful information to any oalition of users sine is unrelated to private key d. 4. FURTHER SCHEMES Most publi-key ryptosystems are based on group theory. Provided the disrete logarithm problem is hard, ryptographi shemes an be devised. Examples inlude multipliative groups of finite fields or ellipti urves over finite fields. Consider a (multipliatively written) yli group G = g of order q, generated by an element g. ElGamal ryptosystem [20] an easily be extended to this generalized setting. Let H : G M be a ryptographi hash funtion that maps elements of G to elements of message spae M. The private key is a random element d Z q and the orresponding publi key is y = g d. A message m M is enrypted as = (g k, m H(y k )) where k is uniformly hosen at random in Z q. Given iphertext = (u, v), message m is reovered as v H(u d ). The orretness follows by observing that u d = (g k ) d = y k. Remarking that the main operation for the deryption proess is an exponentiation in G (i.e., u d ), the splitting Figure 5: Enhaned ElGamal deryption The onversion from u to u 0 is analogous to the proxy re-enryption tehnique used in [6] (see also [28]). Atually, our enhaned shemes an be seen as the re-enryption of a iphertext for the user holding the private key d ID, followed by the regular deryption with key d ID. ElGamal ryptosystem is semantially seure under the deision Diffie-Hellman assumption against hosen-plaintext attaks. We present below an implementation of a variant seure against hosen-iphertext attaks, namely the Cramer-Shoup ryptosystem [18]. As an illustration, we use the multipliative splitting. The Cramer-Shoup ryptosystem makes use of a universal one-way hash funtion H : {0, 1} Z q [29]. Let g and h be two random generators of G. The private key is {d, s 1, s 2, t 1, t 2} that are elements in Z q. The publi key is {y, y 1, y 2} where y = g d, y 1 = g s 1 h s 2, y 2 = g t 1 h t 2. The enryption of a message m M is given by the tuple = (u, u, v, w) with u = g k, u = h k, v = m H(y k ), α = H(u, u, v) and w = y k 1 y kα 2 where k is hosen uniformly at random in Z q. The deryption proess of = (u, u, v, w) first heks whether u s 1+t 1 α (u ) s 2+t 2 α = w with α = H(u, u, v) and, if so, returns m = v H(u d ). Again, letting d ID = d/ (mod q), we get the following enhaned sheme = (u, u, v, w) 1 α = H(u, u, v) u s 1+t 1 α (u ) s 2+t 2 α? = w 2 u 0 = u d 3 v H(u ID 0 ) Figure 6: Enhaned Cramer-Shoup deryption Further traitor traing shemes an be obtained similarly using other splitting tehniques or other ryptosystems. 5. CONCLUSION This paper studied the problem of seurely distributing ontent without resorting to seure hardware. We presented general traitor traing shemes whih niely omplement the state-of-the-art software implementations. Speifi appliations to RSA-based and disrete-log based ryptosystems were desribed. 6. REFERENCES [1] R. J. Anderson and M. G. Kuhn. Tamper resistane a autionary note. In Proeedings of the 2nd USENIX

6 Workshop on Eletroni Commere, pages USENIX Assoiation, [2] D. Ausmith. Tamper resistant software: An implementation. In R. J. Anderson, editor, Information Hiding, vol of Leture Notes in Computer Siene, pages Springer, [3] M. Bellare and P. Rogaway. Optimal asymmetri enryption. In A. De Santis, editor, Advanes in Cryptology EUROCRYPT 94, vol. 950 of Leture Notes in Computer Siene, pages Springer, [4] S. Berkovits. How to broadast a seret. In D. W. Davies, editor, Advanes in Cryptology EUROCRYPT 91, vol. 547 of Leture Notes in Computer Siene, pages Springer, [5] G. R. Blakley. Safeguarding ryptographi keys. In Proeedings of the National Computer Conferene, vol. 48 of AFIPS Conferene Proeedings, pages , [6] M. Blaze, G. Bleumer, and M. Strauss. Divertible protools and atomi proxy ryptography. In K. Nyberg, editor, Advanes in Cryptology EUROCRYPT 98, vol of Leture Notes in Computer Siene, pages Springer, [7] D. Boneh, R. A. DeMillo, and R. J. Lipton. On the importane of eliminating errors in ryptographi omputations. Journal of Cryptology, 14(2): , Earlier version published in EUROCRYPT 97. [8] D. Boneh, X. Ding, G. Tsudik, and C. M. Wong. A method for fast revoation of publi key ertifiates and seurity apabilities. In Proeedings of the 10th USENIX Seurity Symposium, pages USENIX Assoiation, [9] D. Boneh and G. Durfee. Cryptanalysis of rsa with private key d less than N IEEE Transations on Information Theory, 46(4): , [10] C. Boyd. Digital multisignatures. In H. J. Beker and F. C. Piper, editors, Cryptography and Coding, pages Oxford University Press, [11] H. Chang and M. J. Atallah. Proteting software ode by guards. In T. Sander, editor, Seurity and Privay in Digital Rights Management (ACM-DRM 2001), vol of Leture Notes in Computer Siene, pages Springer, [12] Y. Chen, R. Venkatesan, M. Cary, R. Pang, S. Sinha, and M. H. Jakubowski. Oblivious hashing: A stealthy software integrity verifiation primitive. In F. A. P. Petitolas, editor, Information Hiding (IH 2002), vol of Leture Notes in Computer Siene, pages Springer, [13] B. Chor, A. Fiat, and M. Naor. Traing traitors. In Y. Desmedt, editor, Advanes in Cryptology CRYPTO 94, vol. 839 of Leture Notes in Computer Siene, pages Springer, [14] B. Chor, A. Fiat, M. Naor, and B. Pinkas. Traing traitors. IEEE Transations on Information Theory, 46(3): , [15] M. Ciet and M. Joye. (Virtually) free randomization tehniques for ellipti urve ryptography. In S. Qing, D. Gollmann, and J. Zhou, editors, Information and Communiations Seurity (ICICS 2003), vol of Leture Notes in Computer Siene, pages Springer, [16] C. Collberg, C. Thomborson, and D. Low. A taxonomy of obfusating transformations. Tehnial Report 148, Department of Computer Siene, University of Aukland, [17] C. S. Collberg and C. Thomborson. Watermarking, tamper-proofing, and obfusation Tools for software protetion. IEEE Transations on Software Engineering, 28(8): , [18] R. Cramer and V. Shoup. A pratial publi key ryptosystem provably seure against adaptive hosen iphertext attak. In H. Krawzyk, editor, Advanes in Cryptology CRYPTO 98, vol of Leture Notes in Computer Siene, pages Springer, [19] X. Ding and G. Tsudik. Simple identity-based ryptography with mediated RSA. In M. Joye, editor, Topis in Cryptology CT-RSA 2003, vol of Leture Notes in Computer Siene, pages Springer, [20] T. ElGamal. A publi key ryptosystem and a signature sheme based on disrete logarithms. IEEE Transations on Information Theory, 31(4): , [21] A. Fiat and M. Naor. Broadast enryption. In D. R. Stinson, editor, Advanes in Cryptology CRYPTO 93, vol. 773 of Leture Notes in Computer Siene, pages Springer, [22] R. Ganesan. Yaksha: Augmenting Kerberos with publi-key ryptography. In Proeedings of the 1995 Symposium on Network and Distributed System Seurity, pages Internet Soiety, [23] R. Ganesan and Y. Yaobi. A seure joint signature and key exhange system. Tehnial Memorandum TM-24531, Bellore, Ot [24] J. T. Giffin, M. Christodoresu, and L. Kruger. Strengthening software self-heksumming via self-modifying ode. In Proeedings of the 21st Annual Computer Seurity Appliations Conferene (ACSAC 2005), pages IEEE Computer Soiety, [25] B. G. Horne, L. R. Matheson, C. Sheehan, and R. E. Tarjan. Dynami self-heking tehniques for improved tamper resistane. In T. Sander, editor, Seurity and Privay in Digital Rights Management (ACM-DRM 2001), vol of Leture Notes in Computer Siene, pages Springer, [26] P. C. Koher, J. Jaffe, and B. Jun. Differential power analysis. In M. J. Wiener, editor, Advanes in Cryptology CRYPTO 99, vol of Leture Notes in Computer Siene, pages Springer, [27] O. Kömmerling and M. G. Kuhn. Design priniples for tamper-resistant smartard proessors. In Proeedings of the USENIX Workshop on Smartard Tehnology (Smartard 99), pages USENIX Assoiation, [28] M. Mambo and E. Okamoto. Proxy ryptosystems: Delegation of the power to derypt iphertexts. IEICE Transations on Fundamentals of Eletronis, Communiations and Computer Sienes, E-80(1):54 63, [29] M. Naor and M. Yung. Universal one-way hash funtions and their ryptographi appliations. In

7 Proeedings of the Twenty-First Annual ACM Symposium on Theory of Computing (STOC 89), pages ACM Press, [30] R. L. Rivest, A. Shamir, and L. M. Adleman. A method for obtaining digital signatures and publi-key ryptosystems. Communiations of the ACM, 21(2): , [31] A. Shamir. How to share a seret. Communiations of the ACM, 22(11): , [32] E. G. Straus. Addition hains of vetors (problem 5125). The Amerian Mathematial Monthly, 71(7): , [33] G. Tsudik. Weak forward seurity in mediated RSA. In S. Cimato, C. Galdi, and G. Persiano, editors, Seurity in Communiation Networks (SCN 2002), vol of Leture Notes in Computer Siene, pages Springer, 2003.