Recently, our customer, Rivetz, announced their Dual Roots of Trust solution to protect private keys in a mobile phone, even if one of the systems is compromised. The Rivetz software generates and distributes the private key between the two roots – the Trusted Execution Environment (TEE) running in ARM TrustZone and the SIM card. This means that both roots would have to be compromised in order to get the user’s private key. Since the TEE is controlled by the phone manufacturer and the SIM is controlled by the mobile carrier, the user’s data is also protected from insider attacks or a vendor security breach.However, the parties involved (SIM and TEE) are required to delete certain keys after a given operation. Thus, the next time they perform that operation, they are forced to carry out all the steps and not simply re-use data from last operation. The security of this solution boils down to each party trusting the other to delete the keys. The trust that the TEE and SIM have correctly carried out the procedure is pretty solid, but what if there is a way to implement that dual root of trust scheme without having to trust the other root at all?
Researchers at OnBoard Security have come up with a way to do just that with a cryptographic technique called Secure Multiparty Computation, which can be efficiently realized using Yao’s Garbled Circuits in the two-party case. Secure Computation-based patented solutions were originally developed by our team to improve privacy while reducing complexity of the Secure Credential Management System (SCMS) in Vehicle-to-Everything (V2X) communications. Through our security consulting work with Rivetz, it became clear that Secure Multiparty Computation could improve Rivetz’s innovative solution as well.
What is Secure Multiparty Computation and Yao’s Garbled Circuit?
Secure Multiparty Computation is a method for parties to jointly compute any arbitrary function over their private inputs while keeping them private, and without the involvement of a trusted third party. Andrew Chi-Chih Yao presented the first solution to this problem for the two-party case back in 1982, and the solution is popularly known as Yao’s Garbled Circuit protocol. Two-party computation is best illustrated by Yao’s Millionaires’ Problem. In that example, two millionaires want to discover who is richer without revealing their own worth to the other. The millionaires simply execute the Garbled Circuit protocol which reveals the answer but nothing else about the two parties’ wealth. This slide deck explains more about Garbled Circuits.
In the Rivetz application, the two parties are the TEE and the SIM and the function being computed would be the operations they want to perform, such as encryption and decryption. Neither party has to trust the other one and neither gets exposure to the inputs of the other party. This is an even more secure solution that ensures the private key is truly secure.
Secure multiparty computation is a growing field with applications in blockchain, secure supply chain management, academic research, transportation, financial and a host of other markets. OnBoard Security researchers have a wealth of knowledge about this cryptographic protocol along with some patented implementation techniques. To find out how Secure Multiparty Computation and Garbled Circuits could help you, contact firstname.lastname@example.org