One-Time Programs Made Practical

  • Lianying ZhaoEmail author
  • Joseph I. Choi
  • Didem Demirag
  • Kevin R. B. Butler
  • Mohammad Mannan
  • Erman Ayday
  • Jeremy Clark
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11598)


A one-time program (OTP) works as follows: Alice provides Bob with the implementation of some function. Bob can have the function evaluated exclusively on a single input of his choosing. Once executed, the program will fail to evaluate on any other input. State-of-the-art one-time programs have remained theoretical, requiring custom hardware that is cost-ineffective/unavailable, or confined to ad-hoc/unrealistic assumptions. To bridge this gap, we explore how the Trusted Execution Environment (TEE) of modern CPUs can realize the OTP functionality. Specifically, we build two flavours of such a system: in the first, the TEE directly enforces the one-timeness of the program; in the second, the program is represented with a garbled circuit and the TEE ensures Bob’s input can only be wired into the circuit once, equivalent to a smaller cryptographic primitive called one-time memory. These have different performance profiles: the first is best when Alice’s input is small and Bob’s is large, and the second for the converse.


  1. 1.
    Ayday, E., Raisaro, J.L., Laren, M., Jack, P., Fellay, J., Hubaux, J.P.: Privacy-preserving computation of disease risk by using genomic, clinical, and environmental data. In: Proceedings of USENIX Security Workshop on Health Information Technologies (HealthTech 2013). No. EPFL-CONF-187118 (2013)Google Scholar
  2. 2.
    Baldi, P., Baronio, R., De Cristofaro, E., Gasti, P., Tsudik, G.: Countering gattaca: efficient and secure testing of fully-sequenced human genomes. In: Proceedings of the 18th ACM CCS 2011, pp. 691–702 (2011)Google Scholar
  3. 3.
    Bellare, M., Hoang, V.T., Rogaway, P.: Adaptively secure garbling with applications to one-time programs and secure outsourcing. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 134–153. Springer, Heidelberg (2012). Scholar
  4. 4.
    Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical. In: 11th USENIX Workshop on Offensive Technologies (WOOT 2017), Vancouver, BC (2017)Google Scholar
  5. 5.
    Broadbent, A., Gutoski, G., Stebila, D.: Quantum one-time programs. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 344–360. Springer, Heidelberg (2013). Scholar
  6. 6.
    Bulck, J.V., et al.: Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: USENIX Security Symposium, Baltimore, MD, USA, pp. 991–1008 (2018)Google Scholar
  7. 7.
    Canim, M., Kantarcioglu, M., Malin, B.: Secure management of biomedical data with cryptographic hardware. IEEE Trans. Inf Technol. Biomed. 16(1), 166–175 (2012)CrossRefGoogle Scholar
  8. 8.
    Cariaso, M., Lennon, G.: SNPedia: a wiki supporting personal genome annotation, interpretation and analysis (2010).
  9. 9.
    Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: Proceedings of the 36th Annual Symposium on Foundations of Computer Science, pp. 41–50. IEEE (1995)Google Scholar
  10. 10.
    Fisch, B.A., Vinayagamurthy, D., Boneh, D., Gorbunov, S.: Iron: functional encryption using Intel SGX. Technical report, IACR eprint (2016)Google Scholar
  11. 11. The multiboot specification (2009).
  12. 12.
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-time programs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 39–56. Springer, Heidelberg (2008). Scholar
  13. 13.
    Greene, J.: Intel® trusted execution technology. Technical report (2012)Google Scholar
  14. 14.
    Greshake, B., Bayer, P.E., Rausch, H., Reda, J.: Opensnp-a crowdsourced web resource for personal genomics. PLoS ONE 9(3), 1–9 (2014)CrossRefGoogle Scholar
  15. 15.
    Guan, L., Lin, J., Luo, B., Jing, J.: Copker: computing with private keys without RAM. In: NDSS, San Diego, CA, USA, February 2014Google Scholar
  16. 16.
    Gunupudi, V., Tate, S.R.: Generalized non-interactive oblivious transfer using count-limited objects with applications to secure mobile agents. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 98–112. Springer, Heidelberg (2008). Scholar
  17. 17.
    Halderman, J.A., et al.: Lest we remember: cold boot attacks on encryption keys. In: USENIX Sec 2008, San Jose, CA, USA (2008)Google Scholar
  18. 18.
    Han, S., Shin, W., Park, J.H., Kim, H.: A bad dream: subverting trusted platform module while you are sleeping. In: 27th USENIX Security Symposium (USENIX Security 2018), Baltimore, MD, USA, pp. 1229–1246 (2018)Google Scholar
  19. 19.
    Hazay, C., Lindell, Y.: Efficient Secure Two-Party Protocols. ISC. Springer, Heidelberg (2010). Scholar
  20. 20.
    Intel Corporation: Trusted boot (tboot), version: 1.8.0 (2017).
  21. 21.
    Järvinen, K., Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: Garbled circuits for leakage-resilience: hardware implementation and evaluation of one-time programs. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 383–397. Springer, Heidelberg (2010). Scholar
  22. 22.
    Jefferies, C.P.: How to identify user-upgradeable notebooks, June 2017.
  23. 23.
    Kantarcioglu, M., Jiang, W., Liu, Y., Malin, B.: A cryptographic approach to securely share and query genomic sequences. IEEE Trans. Inf Technol. Biomed. 12(5), 606–617 (2008)CrossRefGoogle Scholar
  24. 24.
    Kirkpatrick, M.S., Kerr, S., Bertino, E.: PUF ROKs: a hardware approach to read-once keys. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, AsiaCCS 2011, Hong Kong, China, pp. 155–164 (2011)Google Scholar
  25. 25.
    Kitamura, T., Shinagawa, K., Nishide, T., Okamoto, E.: One-time programs with cloud storage and its application to electronic money. In: APKC (2017)Google Scholar
  26. 26.
    Kocher, P., et al.: Spectre attacks: exploiting speculative execution. CoRR (2018)Google Scholar
  27. 27.
    Kollenda, B., Koppe, P., Fyrbiak, M., Kison, C., Paar, C., Holz, T.: An exploratory analysis of microcode as a building block for system defenses. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, 15–19 October 2018, pp. 1649–1666 (2018)Google Scholar
  28. 28.
    Koppe, P., et al.: Reverse engineering x86 processor microcode. In: 26th USENIX Security Symposium (USENIX Security 2017), Vancouver, BC, pp. 1163–1180 (2017)Google Scholar
  29. 29.
    Lee, S., Shih, M.W., Gera, P., Kim, T., Kim, H., Peinado, M.: Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In: 26th USENIX Security Symposium (USENIX Security 2017), Vancouver, BC, pp. 557–574 (2017)Google Scholar
  30. 30.
    Lipp, M., et al.: Meltdown. CoRR (2018)Google Scholar
  31. 31.
    McCune, J.M.: Reducing the trusted computing base for applications on commodity systems. Ph.D. thesis, Carnegie Mellon University (2009)Google Scholar
  32. 32.
    Mood, B., Gupta, D., Carter, H., Butler, K., Traynor, P.: Frigate: a validated, extensible, and efficient compiler and interpreter for secure computation. In: Euro-SP (2016)Google Scholar
  33. 33.
    Müller, T., Freiling, F.C., Dewald, A.: TRESOR runs encryption securely outside RAM. In: USENIX Security Symposium, San Francisco, CA, USA, August 2011Google Scholar
  34. 34.
    Naveed, M., et al.: Controlled functional encryption. In: CCS 2014, pp. 1280–1291. ACM (2014)Google Scholar
  35. 35.
    Naveed, M., et al.: Privacy and security in the genomic era. In: CCS 2014 (2014)Google Scholar
  36. 36.
    nccgroup: Cachegrab, December 2017.
  37. 37.
    Saint-Jean, F.: Java implementation of a single-database computationally symmetric private information retrieval (cSPIR) protocol. Technical report, Yale University Department of Computer Science (2005)Google Scholar
  38. 38.
    Sevinsky, R.: Funderbolt: Adventures in Thunderbolt DMA Attacks. Black Hat USA (2013)Google Scholar
  39. 39.
    Simmons, P.: Security through Amnesia: a software-based solution to the cold boot attack on disk encryption. In: ACSAC (2011)Google Scholar
  40. 40.
    Sottek, T.: NSA reportedly intercepting laptops purchased online to install spy malware, December 2013.
  41. 41.
    Strackx, R., Jacobs, B., Piessens, F.: ICE: a passive, high-speed, state-continuity scheme. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, Louisiana, USA, pp. 106–115 (2014)Google Scholar
  42. 42.
    Strackx, R., Piessens, F.: Ariadne: a minimal approach to state continuity. In: 25th USENIX Security Symposium (USENIX Sec 2016), Austin, TX, pp. 875–892 (2016)Google Scholar
  43. 43.
    Tarnovsky, C.: Attacking TPM part 2: a look at the ST19WP18 TPM device, July 2012. dEFCON presentation.
  44. 44.
    Trusted Computing Group: TCG Platform Reset Attack Mitigation Specification, May 2008Google Scholar
  45. 45.
    Trusted Computing Group: Trusted Platform Module Main Specification, version 1.2, revision 116 (2011).
  46. 46.
    Vasiliadis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: PixelVault: using GPUs for securing cryptographic operations. In: CCS 2014, Scottsdale, AZ, USA, November 2014Google Scholar
  47. 47.
    Vidas, T.: Volatile memory acquisition via warm boot memory survivability. In: 43rd Hawaii International Conference on System Sciences, pp. 1–6, January 2010Google Scholar
  48. 48.
    Walsh, T., et al.: Detection of inherited mutations for breast and ovarian cancer using genomic capture and massively parallel sequencing. Natl Acad. Sci. 107(28), 12629–12633 (2010)CrossRefGoogle Scholar
  49. 49.
    Wang, X.S., Huang, Y., Zhao, Y., Tang, H., Wang, X., Bu, D.: Efficient genome-wide, privacy-preserving similar patient query based on private edit distance. In: CCS, pp. 492–503. ACM (2015)Google Scholar
  50. 50.
    Yao, A.C.: Protocols for secure computations. In: FOCS (1982)Google Scholar
  51. 51.
    Zhang, N., Sun, K., Shands, D., Lou, W., Hou, Y.T.: Truspy: cache side-channel information leakage from the secure world on ARM devices. IACR Cryptology ePrint Archive 2016, 980 (2016)Google Scholar
  52. 52.
    Zhao, L., et al.: One-time programs made practical (2019).

Copyright information

© International Financial Cryptography Association 2019

Authors and Affiliations

  • Lianying Zhao
    • 1
    Email author
  • Joseph I. Choi
    • 2
  • Didem Demirag
    • 3
  • Kevin R. B. Butler
    • 2
  • Mohammad Mannan
    • 3
  • Erman Ayday
    • 4
  • Jeremy Clark
    • 3
  1. 1.University of TorontoTorontoCanada
  2. 2.University of FloridaGainesvilleUSA
  3. 3.Concordia UniversityMontrealCanada
  4. 4.Case Western Reserve UniversityClevelandUSA

Personalised recommendations