Self-contained digital certification device

oCriptoPanquer

12/5/23, 2:12 PM

Does it work if we try to construct a device (e.g., for counting purpose in several remote branches of a company) using a self-containing digital signature key enclosed in a tamper-proof hardware to make sure that the operations transcript of that function could be verified? (the transmitted report/transcript of the counting will be signed by the internal tamper-proof hardware)

Is there any concern by giving the adversary (possibly, if s/he owns the device environment) the chance of using that 'engine' to sign, even if we consider that the inviolability of the tamper proof hardware is absolute? (the whole device is not inviolable)

1 + 2

poncho

12/6/23, 10:55 PM

Obvious question: how would the tamper-proof hardware validate that the transcript report it has been given is actually correct?

oCriptoPanquer

12/9/23, 8:40 PM

@poncho, we know that the usual place of a tamper-proof hardware is in the 'server side'/'administrators'/'owner' side (am I correct?). So, sure my application example is obvious, but my point is: we can't expect no security when we place digital certificate in the "client", even in a tamper-proof hw; right?

Score:1

Crypto

Crypto Learner

3/16/24, 1:20 PM

I believe that when you can hypothetically give the adversary a signature engine, even under the assumption that the engine is physically protected and the adversary could not access the internal keys (remember: side-channel attacks), you are giving him much power: the reference is the way we can prove the security of signature schemes - The Exact Security of Digital Signatures How to Sign with RSA and Rabin.

I would say that the general idea of that kind of proof is based on the message transcript view the adversary has. S/he tries to challenge the key owner by sending and receiving messages to be signed. If you place the adversary in a position where s/he can control the signature process, that doesn't make sense: s/he always can win the challenge; or, you're giving much more than a simple transcript view. Which contradicts the proof model described in the literature.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Self-contained digital certification device

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.